Jump to content

Recommended Posts

Hi!

 

I have been helping a friend (a good friend's fiance) handle an "infestation".

 

Originally, New Year's Day, she saw dozens of identical Windows notification dialogs referencing "Powershell" errors, which is when I got called.

 

I am using Remote Utilities by Usoris Systems to access her PC and help. She lives about 10 minutes away, so I can go there if a Safe-Mode reboot is wanted, which I have on the schedule for tomorrow, Jan. 13 (reboot to Safe Mode w/networking, running RKill and running MBAM again in that environment).

 

I used MBAM and TDSSKiller originally.  I noticed that the Ask.com toolbar was referenced in a log. I manually stopped the service and three processes; the Powershell errors stopped. The "Powershell" dialogs stopped and haven't reoccurred since those earliest actions involving the Ask.com toolbar and its updater. 

 

After a reboot, the above condition was replaced with an error dialog: 

----

An error has occurred in the script on this page.

 

Line: 1

Char: 1

Error: Invalid root in registry key "HKCU\software\classes\clsid\{ab8902b4-09ca-4bb6-b78d-a8f59079a8d5}\localserver32\a".

Code: 0

URL:

----

 

I ran MBAM (the most recent log is attached), TDSSKiller, RogueKiller, herdProtect, Junkware Removal Tool, AdwCleaner, and ESET On-line Scanner; almost all of them found and cleaned something or reported a clean system (TDSSKiller came up clean). ESET caught and cleaned one item; it was the last scanner that I used. The system seemed to be running nicely: quick app loading, low CPU utiliztion and no error messages.

 

There are few things that lead me to think that I didn't get everything and these are all new, post-cleaning changes. A few hours after the last reboot: 1) there are several instances of a process named "efnrxmp.exe" running that claim Google Chrome as their relation (CPU utilization is continually running 25%-50%), 2) there are frequent desktop refreshes/flickers and 3) performance has dropped noticeably and gets worse intermittently.

 

Base on those odd activities, I decided to run MBAM again and it found 5 items (in the first 3 minutes). This was after a clean run only a couple of days ago. I included that log file just in case you might find it useful.

 

I attached the most recent logs from MBAM and FSRT. I also included the logs from the other scanners that I used.


The second post has the other logs. The two MBAM logs with the same date spanned midnight, so I'm guessing that's why they were created that way.

 


 

Additional note:

I did a little research about "multiple processes related to google chrome", found a forum entry at Norton.com and applied the "trick" that had been successfully used to get the process mentioned above to cease activity (rename it with a ".txt" extension, wait for all of the instances of it to disaapear in the Task Manager, edit the contents to a short text string and rename it with an ".exe" extention). A short-term remedy, of course. CPU utiliztion is now between 5% and 15%.

 

In locating the executable, I found not just one bogus, random-character directories in the ...\AppData\LocalLow location, but three: one located in the ...\Adobe directory and two more in the Microsoft and the Sun folder. The difference is that the latter two had clone directory structures of a C:\Users directory where all of them were empty except for ...\Local. It had additional directories starting with ...\Google and ending in a group of directories/files. The creation date/time for all of the Microsoft and Sun subdirectories were during the time of MBAM's last run at about the 5.5 hour point (it is at hour 6.5 as of this writing) and preceded my renaming the above process by about 20 minutes.

 

There are still 15+ instances of "svchost.exe" running. I was about to download and run "Process Explorer", but decided that it was simply the best time to ask for help.

 

 

I hope that I've provided enough data to be useful in where to start.

 

I await your instructions and assistance with fingers crossed!

 

 

My best,

Dave

Link to post
Share on other sites

Hello DECloyd, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • If you are unable to copy/paste your logs directly into your post, please attach the file. 
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================

 

Thank you for your detailed description. Please copy the contents of FRST.txt & Addition.txt, and paste in your next reply. If you receive an error stating your post is too long, please use multiple posts. 

Link to post
Share on other sites

Hi, Adam!

 

Dave is good for me!

 

As far as I have found, the friend's computer is free of file-sharing/piracy/illegal stuff; she's not the type. :)

 

 

FRST.txt

----

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015

Ran by Owner (administrator) on OWNER-PC on 13-01-2015 13:24:04

Running from C:\Users\Owner\Downloads\Anti-Malware\Farbar Recovery Scan Tool

Loaded Profile: Owner (Available profiles: Owner)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Two Pilots) C:\Windows\VPDAgent_x64.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe

(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Usoris Systems LLC) C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe

(Usoris Systems LLC) C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe

(Usoris Systems LLC) C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe

(Maxtor Corporation) C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe

(Sage Software, Inc.) C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

(Google) C:\Users\Owner\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

 

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [mxomssmenu] => C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe [169312 2008-07-21] (Maxtor Corporation)

HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [28672 2009-08-24] (Sage Software, Inc.)

HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe [331776 2009-08-24] (Sage Software, Inc.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2641272 2012-08-18] (Intuit Inc. All rights reserved.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)

HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [Google Update] => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-24] (Google Inc.)

HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-04] (Acresso Corporation)

HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)

HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)

HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)

HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)

HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)

HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)

Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-558719375-1066587731-3160552415-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl

HKU\S-1-5-21-558719375-1066587731-3160552415-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-558719375-1066587731-3160552415-1000 -> DefaultScope {972632BC-3BB4-4081-958E-EE6BB9BD6F04} URL = http://www.google.com/search?q={searchTerms}

SearchScopes: HKU\S-1-5-21-558719375-1066587731-3160552415-1000 -> {972632BC-3BB4-4081-958E-EE6BB9BD6F04} URL = http://www.google.com/search?q={searchTerms}

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-558719375-1066587731-3160552415-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-558719375-1066587731-3160552415-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-558719375-1066587731-3160552415-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-558719375-1066587731-3160552415-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-558719375-1066587731-3160552415-1000: www.bridgepub.com/m8detector -> C:\Program Files (x86)\Mark Ultra VIII E-Meter Updater\plugin\npm8detector.dll (Bridge Publications, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]

FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

 

Chrome:

=======

CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP

CHR StartupUrls: Default -> "https://mail.google.com/mail/?tab=wm#inbox"

CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-20]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13]

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]

CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]

CHR Extension: (Rapportive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2012-02-06]

CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-13]

CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]

CHR Extension: (MapsGalaxy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojglhaoipjjogobkielpbhabbblonoaa [2014-09-11]

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]

CHR HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 ACT! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [81920 2009-08-24] (Sage Software, Inc.) [File not signed]

R2 Agent; C:\Windows\VPDAgent_x64.exe [162048 2013-05-18] (Two Pilots)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]

R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2014-12-13] (Kaspersky Lab ZAO)

R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [193888 2008-07-21] (Seagate Technology LLC)

R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-08-18] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]

R2 RManService; C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe [6361344 2014-12-18] (Usoris Systems LLC)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 LMIRfsClientNP; No ImagePath

S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]

S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)

R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)

S3 SNXPCAMD; C:\Windows\System32\DRIVERS\snxpcamd.sys [50552 2010-01-14] (SUNIX Co., Ltd.)

S3 SNXPPAMD; C:\Windows\System32\DRIVERS\snxppamd.sys [97792 2005-02-15] () [File not signed]

S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-12 18:49 - 2015-01-12 21:09 - 00001403 _____ () C:\Users\Owner\Documents\Update - 2015 01 12 - evening (malware).txt

2015-01-12 01:16 - 2015-01-12 01:16 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk

2015-01-12 01:16 - 2015-01-12 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2015-01-12 01:16 - 2015-01-12 01:16 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2015-01-12 01:13 - 2015-01-12 01:14 - 00000000 ____D () C:\Users\Owner\Downloads\Apple

2015-01-11 11:51 - 2015-01-11 11:51 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-558719375-1066587731-3160552415-1000

2015-01-11 11:51 - 2015-01-11 11:51 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-558719375-1066587731-3160552415-1000

2015-01-11 11:34 - 2015-01-12 12:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps

2015-01-11 02:06 - 2015-01-11 02:06 - 00000000 ____D () C:\Windows\ERUNT

2015-01-11 01:44 - 2015-01-11 01:44 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2015-01-11 01:43 - 2015-01-11 01:44 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-11 01:34 - 2015-01-11 01:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2015-01-11 01:34 - 2015-01-11 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2015-01-11 01:14 - 2013-05-18 20:50 - 00162048 _____ (Two Pilots) C:\Windows\VPDAgent_x64.exe

2015-01-11 01:14 - 2013-05-18 20:50 - 00061184 _____ () C:\Windows\system32\ruppm.dll

2015-01-11 01:13 - 2015-01-11 01:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Utilities - Host

2015-01-09 22:22 - 2015-01-11 02:14 - 00000000 ____D () C:\AdwCleaner

2015-01-09 14:11 - 2015-01-13 13:24 - 00000000 ____D () C:\FRST

2015-01-09 01:09 - 2015-01-09 01:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2015-01-09 01:09 - 2015-01-09 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-01-09 01:09 - 2015-01-09 01:09 - 00000000 ____D () C:\Program Files (x86)\Java

2015-01-09 00:54 - 2015-01-09 00:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle

2015-01-04 02:01 - 2015-01-04 02:01 - 00000000 ____D () C:\Program Files\Reason

2015-01-01 22:53 - 2015-01-08 22:52 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-558719375-1066587731-3160552415-1000

2015-01-01 22:52 - 2015-01-08 22:52 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-558719375-1066587731-3160552415-1000

2015-01-01 18:30 - 2015-01-01 18:30 - 00000000 ____D () C:\Program Files (x86)\ESET

2015-01-01 18:28 - 2015-01-01 18:30 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe

2015-01-01 17:32 - 2015-01-01 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security

2015-01-01 17:32 - 2015-01-01 17:32 - 00000000 ____D () C:\Program Files (x86)\Panda Security

2015-01-01 17:32 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys

2015-01-01 13:19 - 2015-01-01 14:30 - 00000000 ____D () C:\ProgramData\HitmanPro

2015-01-01 13:18 - 2015-01-01 13:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files

2015-01-01 13:05 - 2015-01-01 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan

2015-01-01 13:05 - 2015-01-01 13:05 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab

2014-12-31 17:56 - 2015-01-01 13:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-12-31 15:11 - 2015-01-12 17:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-12-31 15:10 - 2014-12-31 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-12-31 15:10 - 2014-12-31 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-12-31 15:10 - 2014-12-31 15:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-12-31 15:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-12-31 15:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-12-31 15:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-12-31 15:05 - 2015-01-13 00:38 - 00000000 ____D () C:\Users\Owner\Downloads\Anti-Malware

2014-12-27 10:26 - 2014-12-27 10:26 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task

2014-12-22 10:55 - 2014-12-22 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-12-17 16:34 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-12-17 16:34 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-12-15 20:35 - 2014-12-15 20:35 - 00000000 _____ () C:\cookies.sqlite

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 13:21 - 2011-06-26 11:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000UA.job

2015-01-13 13:03 - 2012-11-10 15:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-13 13:00 - 2013-03-01 13:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-01-13 08:17 - 2011-06-19 06:39 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A7290B64-9D0A-4B9D-B073-2795C0CA5F0F}

2015-01-13 07:00 - 2013-12-24 09:59 - 00000000 ___RD () C:\Users\Owner\Dropbox

2015-01-13 07:00 - 2013-12-24 09:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox

2015-01-13 04:37 - 2011-06-19 05:36 - 01264656 _____ () C:\Windows\WindowsUpdate.log

2015-01-13 03:21 - 2011-06-26 11:06 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000Core.job

2015-01-13 03:00 - 2011-12-25 16:43 - 00000000 ____D () C:\ProgramData\TEMP

2015-01-13 00:28 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-01-13 00:28 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-01-13 00:22 - 2012-11-10 15:45 - 00000000 ___RD () C:\Users\Owner\Google Drive

2015-01-13 00:22 - 2011-06-22 08:05 - 00000848 ___SH () C:\ProgramData\KGyGaAvL.sys

2015-01-13 00:20 - 2014-10-01 16:13 - 00000000 ___RD () C:\Users\Owner\iCloudDrive

2015-01-13 00:19 - 2012-11-10 15:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-13 00:19 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-01-13 00:19 - 2009-07-13 23:51 - 00146707 _____ () C:\Windows\setupact.log

2015-01-13 00:18 - 2014-12-07 09:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\iMobie_Inc

2015-01-13 00:18 - 2011-06-19 08:30 - 00250140 _____ () C:\Windows\PFRO.log

2015-01-13 00:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help

2015-01-12 16:06 - 2012-11-10 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2015-01-12 13:52 - 2012-04-16 09:34 - 00000000 ____D () C:\ProgramData\Real

2015-01-12 13:52 - 2012-04-16 09:34 - 00000000 ____D () C:\Program Files (x86)\Real

2015-01-12 13:50 - 2012-04-16 09:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Real

2015-01-12 13:46 - 2011-06-19 07:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple Computer

2015-01-11 01:13 - 2014-12-10 11:57 - 00000000 ____D () C:\Program Files (x86)\Remote Utilities - Host

2015-01-10 18:22 - 2011-06-19 05:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore

2015-01-10 15:31 - 2009-07-14 00:13 - 00852098 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-09 01:10 - 2014-12-10 12:10 - 00000000 ____D () C:\ProgramData\Oracle

2015-01-06 04:36 - 2011-06-19 05:51 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2015-01-01 20:22 - 2011-06-19 23:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype

2015-01-01 13:12 - 2014-12-10 11:55 - 00000000 ____D () C:\Users\Owner\Downloads\Remote Utilities (used by Dave Cloyd)

2014-12-31 17:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas

2014-12-29 20:58 - 2011-07-23 22:08 - 00870400 ___SH () C:\Users\Owner\Documents\Thumbs.db

2014-12-24 11:37 - 2011-09-12 21:54 - 00000000 ____D () C:\Users\Owner\Documents\Invoices

2014-12-22 11:36 - 2013-03-14 08:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-12-22 11:36 - 2013-03-14 08:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-12-20 22:02 - 2013-12-24 09:59 - 00001017 _____ () C:\Users\Owner\Desktop\Dropbox.lnk

2014-12-20 22:02 - 2013-12-24 09:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-12-15 20:34 - 2011-08-29 17:17 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-12-15 20:34 - 2011-06-19 07:20 - 00000000 ____D () C:\ProgramData\Skype

2014-12-14 03:02 - 2013-03-14 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

 

Files to move or delete:

====================

C:\Users\Owner\gotomypc_438.exe

 

Some content of TEMP:

====================

C:\Users\Owner\AppData\Local\Temp\Abspdf.exe

C:\Users\Owner\AppData\Local\Temp\acfpdfu.dll

C:\Users\Owner\AppData\Local\Temp\acfpdfuamd64.dll

C:\Users\Owner\AppData\Local\Temp\acfpdfui.dll

C:\Users\Owner\AppData\Local\Temp\acfpdfuia64.dll

C:\Users\Owner\AppData\Local\Temp\acfpdfuiamd64.dll

C:\Users\Owner\AppData\Local\Temp\acfpdfuiia64.dll

C:\Users\Owner\AppData\Local\Temp\cdintf.dll

C:\Users\Owner\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps_3bdw.dll

C:\Users\Owner\AppData\Local\Temp\G2MInstallerExtractor.exe

C:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe

C:\Users\Owner\AppData\Local\Temp\Lifecam3.0.204.0.exe

C:\Users\Owner\AppData\Local\Temp\lowproc.exe

C:\Users\Owner\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe

C:\Users\Owner\AppData\Local\Temp\ose00000.exe

C:\Users\Owner\AppData\Local\Temp\PDFPRT400.exe

C:\Users\Owner\AppData\Local\Temp\rnsetup0.exe

C:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\Owner\AppData\Local\Temp\setupOT4_GM7.exe

C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Owner\AppData\Local\Temp\stubhelper.dll

C:\Users\Owner\AppData\Local\Temp\SymInstallStub.exe

C:\Users\Owner\AppData\Local\Temp\xmllite.dll

 

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2015-01-04 00:40

==================== End Of Log ============================

 

Additions.txt

----

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Owner at 2015-01-13 13:24:46

Running from C:\Users\Owner\Downloads\Anti-Malware\Farbar Recovery Scan Tool

Boot Mode: Normal

==========================================================

 

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden

8500A909_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

8500A909_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

ACT! by Sage 2010 (HKLM-x32\...\InstallShield_{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}) (Version: 12.0.0.0 - Sage Software, Inc.)

ACT! by Sage 2010 (x32 Version: 12.0.0.0 - Sage Software, Inc.) Hidden

Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version:  - )

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)

Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)

Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)

Amazon MP3 Uploader (HKLM-x32\...\com.amazon.music.uploader) (Version: 1.0.6 - Amazon Services LLC)

Amazon MP3 Uploader (x32 Version: 1.0.6 - Amazon Services LLC) Hidden

AnyTrans 4.2.3 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.2.3 - iMobie Inc.)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden

BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden

BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden

BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden

Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)

Dropbox (HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Express Dictate (HKLM-x32\...\Express) (Version:  - NCH Software)

FileZilla Client 3.5.1 (HKLM-x32\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)

Google Chrome (HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)

Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

GoToMeeting 5.1.0.880 (HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)

HP Officejet Pro 8500 A909 Series (HKLM\...\{B1054C0C-0C16-41E1-8A9D-35F065793E92}) (Version: 14.0 - HP)

iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)

JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)

Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.380 - Kaspersky Lab)

Kaspersky Security Scan (x32 Version: 15.0.0.380 - Kaspersky Lab) Hidden

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Mark Ultra VIII E-Meter Updater (HKLM-x32\...\Mark Ultra VIII E-Meter Updater 1.0.0) (Version: 1.0.0 - Bridge Publications, Inc.)

Mark Ultra VIII E-Meter Updater (Version: 1.0.0 - Bridge Publications, Inc.) Hidden

Maxtor Manager (HKLM-x32\...\InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}) (Version: 4.01.0303 - Seagate Technology)

Maxtor Manager (HKLM-x32\...\InstallShield_{B8281D46-D846-4BB9-BC84-F1115A7BF820}) (Version: 4.01.0227 - Seagate Technology)

Maxtor Manager (x32 Version: 4.01.0303 - Seagate Technology) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)

Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden

NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)

OCA Computer System (HKLM-x32\...\ST6UNST #1) (Version:  - )

OCA Computer System version 1.1.0 (HKLM-x32\...\OCA Computer System 1.1.0_is1) (Version: 1.1.0 - INCOMM)

Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)

PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden

QuickBooks (x32 Version: 23.0.4001.2305 - Intuit Inc.) Hidden

QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Inc.)

Quicken 2007 (HKLM-x32\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.1.27 - Intuit)

QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)

Remote Utilities - Host (HKLM-x32\...\{052DF202-F103-46C9-824D-28F4BB04DAB3}) (Version: 6.004.0000 - Usoris Systems LLC)

Rosetta Stone Homeschool (HKLM-x32\...\{331F15D5-490D-4280-BDE6-5C0F295D8EE1}) (Version: 3.4.5 - Rosetta Stone Ltd.)

Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden

Scan to PDF (HKLM-x32\...\Scan to PDF) (Version: 2.40 - Softi Software)

Search App by Ask (HKLM-x32\...\{5245414C-312D-5350-00A7-A758B70C1500}) (Version: 12.21.0.116 - APN, LLC) <==== ATTENTION

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)

Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden

ubCore64 (HKLM-x32\...\InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}) (Version:  - )

ubCore64 (Version: 4.0 - Unibrain) Hidden

Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)

Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden

Windows Driver Package - Bridge Publications, Inc. (usbser) Ports  (03/11/2010 5.1.2600.2) (HKLM\...\A7D2C0E4567A8E580ACBE73B7695E9E869A93C4C) (Version: 03/11/2010 5.1.2600.2 - Bridge Publications, Inc.)

Windows Driver Package - Sunix Co., Ltd. Golden Adapter Driver (12/20/2007 6.4.2.1) (HKLM\...\56670B2304F98DF2063A6302559689E51FFC72CC) (Version: 12/20/2007 6.4.2.1 - Sunix Co., Ltd.)

Windows Driver Package - Sunix Co., Ltd. Golden Port Driver (12/20/2007 6.4.2.1) (HKLM\...\43E2417C005C000BF53E2513948E0D82C766FD14) (Version: 12/20/2007 6.4.2.1 - Sunix Co., Ltd.)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

01-01-2015 14:23:04 Checkpoint by HitmanPro

01-01-2015 14:29:20 Checkpoint by HitmanPro

01-01-2015 17:07:09 Checkpoint by HitmanPro

04-01-2015 19:41:07 herdProtect before 4 removals

08-01-2015 20:30:53 Windows Update

09-01-2015 00:58:00 Removed Java 7 Update 71

12-01-2015 01:09:03 Removed QuickTime 7

12-01-2015 01:15:38 Installed QuickTime 7

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0011604C-806D-41E9-A825-36AD0BD85D81} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)

Task: {04210723-5FA5-4F59-B5CC-DFEAE8305B48} - System32\Tasks\{0FD23742-9BFA-414D-A6DA-B31273251B0B} => A:\SETUP.EXE

Task: {16BC9DE1-8E81-4649-AD71-60694CC194AF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {1EAB01B9-A719-4CA8-9939-2C01BD6AAB5D} - System32\Tasks\{4CB976EF-570F-4306-88FF-C98117C6FB91} => C:\Program Files (x86)\OCA\WOCA.exe [2002-01-22] (INCOMM)

Task: {2644949E-E91B-4F65-AEA2-BED655233C8D} - System32\Tasks\{477D151E-EEA4-4DD2-9146-37D820EB073A} => A:\SETUP.EXE

Task: {2FDF6D0B-4FF8-483C-91E2-E5F98BB0B0D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

Task: {39E8AB98-480A-4BB4-A5A1-8D87DF789A60} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-558719375-1066587731-3160552415-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {4F407C67-4F54-4E86-BB74-ED8D5BBAB545} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {55879618-2617-40A6-A573-998E31DF9BAB} - System32\Tasks\{DD5A2D8B-4BBA-4B2F-9BBE-BADC07758A6C} => pcalua.exe -a D:\Acrobat\AR40ENG.EXE -d D:\Acrobat

Task: {61619F5E-A47D-4005-899D-C7BEEE76131A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)

Task: {6C9EE73B-87E5-4411-BC71-60EF15870B0A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-558719375-1066587731-3160552415-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {722241CE-3837-4D05-B33A-7EBECFAAAFFB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)

Task: {8A6DFCF7-B4D8-45EB-8504-19187C52E17A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-558719375-1066587731-3160552415-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

Task: {B0745052-41A4-453E-B2CC-8B88BDDC3728} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

Task: {B694E718-9E43-4ED3-BCF4-79E888F800FD} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-558719375-1066587731-3160552415-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {BB2F7E1D-69BE-4F12-9A8C-8E8D1B90E761} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-558719375-1066587731-3160552415-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {C402E183-07AD-4D21-A45D-0F4676142A8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)

Task: {D6FBFDBE-0771-4A24-A0E8-FFB28FC648A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)

Task: {ECF30FAD-3587-4050-B9CA-8A9B9D7794A6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EDD65C3D-CD79-4FA5-BF5C-D7F313B4A7D7} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-558719375-1066587731-3160552415-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe

Task: {EF5BBB51-0C5A-4D04-9179-E165B3B43D54} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {F5F3AB2F-2EA1-4861-8152-7F8CD219E95B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {FA65917E-06BE-4759-8E61-A9290B7139D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2015-01-11 01:14 - 2013-05-18 20:50 - 00061184 _____ () C:\Windows\System32\ruppm.dll

2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-12-13 16:49 - 2014-12-13 16:49 - 00320792 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll

2012-08-18 20:57 - 2012-08-18 20:57 - 00268688 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll

2012-08-18 20:57 - 2012-08-18 20:57 - 00021392 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll

2012-08-18 17:54 - 2012-08-18 17:54 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll

2012-08-18 20:57 - 2012-08-18 20:57 - 00140176 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll

2012-08-18 20:57 - 2012-08-18 20:57 - 00176528 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll

2012-08-18 20:57 - 2012-08-18 20:57 - 00388496 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll

2012-08-18 20:57 - 2012-08-18 20:57 - 00391056 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll

2012-08-18 20:57 - 2012-08-18 20:57 - 00505232 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll

2012-08-18 20:57 - 2012-08-18 20:57 - 00042384 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll

2015-01-13 00:20 - 2015-01-13 00:20 - 00098816 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32api.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00110080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\pywintypes27.dll

2015-01-13 00:20 - 2015-01-13 00:20 - 00364544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\pythoncom27.dll

2015-01-13 00:20 - 2015-01-13 00:20 - 00045568 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\_socket.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 01160704 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\_ssl.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00320512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32com.shell.shell.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00713216 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\_hashlib.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 01175040 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\wx._core_.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00805888 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\wx._gdi_.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00811008 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\wx._windows_.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 01062400 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\wx._controls_.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00735232 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\wx._misc_.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00557056 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\pysqlite2._sqlite.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00128512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\_elementtree.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00127488 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\pyexpat.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00087552 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\_ctypes.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00119808 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32file.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00108544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32security.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00007168 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\hashobjs_ext.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00167936 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32gui.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00018432 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32event.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00038912 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32inet.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00011264 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32crypt.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00070656 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\wx._html2.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00027136 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\_multiprocessing.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00035840 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32process.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00686080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\unicodedata.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00122368 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\wx._wizard.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00024064 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32pipe.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00025600 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32pdh.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00525640 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\windows._lib_cacheinvalidation.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00010240 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\select.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00017408 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32profile.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00022528 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\win32ts.pyd

2015-01-13 00:20 - 2015-01-13 00:20 - 00078336 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI37682\wx._animate.pyd

2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2015-01-13 07:00 - 2015-01-13 07:00 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmps_3bdw.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libEGL.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll

2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll

2011-08-28 16:19 - 2011-08-28 16:19 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll

2014-12-11 16:22 - 2014-12-05 20:50 - 01077064 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2014-12-11 16:22 - 2014-12-05 20:50 - 00211272 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\39.0.2171.95\libegl.dll

2014-12-11 16:22 - 2014-12-05 20:50 - 09009480 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\39.0.2171.95\pdf.dll

2014-12-11 16:22 - 2014-12-05 20:50 - 01677128 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"

MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun

MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-558719375-1066587731-3160552415-500 - Administrator - Disabled)

Guest (S-1-5-21-558719375-1066587731-3160552415-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-558719375-1066587731-3160552415-1005 - Limited - Enabled)

Owner (S-1-5-21-558719375-1066587731-3160552415-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider

Description: LogMeIn Kernel Information Provider

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: LMIInfo

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/13/2015 01:42:53 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/13/2015 00:40:33 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program Skype.exe version 6.22.0.107 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: eb4

 

Start Time: 01d02ef0a1d76120

 

Termination Time: 10

 

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

 

Report Id:

 

Error: (01/13/2015 00:22:55 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Unable to find the section for this mentu item!!!

 

Error: (01/13/2015 00:22:43 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (01/13/2015 00:22:43 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (01/13/2015 00:22:43 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

Error: (01/13/2015 00:19:39 AM) (Source: ACT! Scheduler) (EventID: 0) (User: )

Description: Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information.

   at Act.Scheduler.SchedulerService.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/12/2015 04:00:17 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Unable to find the section for this mentu item!!!

Error: (01/12/2015 03:59:08 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

Error: (01/12/2015 03:59:08 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: An unexpected error has occured in "QuickBooks":

Returning NULL QBWinInstance Handle

 

System errors:

=============

Error: (01/13/2015 00:22:35 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {005A3A96-BAC4-4B0A-94EA-C0CE100EA736}

Error: (01/13/2015 00:19:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:

%%3

Error: (01/13/2015 00:16:31 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Error: (01/12/2015 04:01:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The HP Network Devices Support service hung on starting.

Error: (01/12/2015 03:55:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:

%%3

Error: (01/12/2015 01:55:58 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Error: (01/12/2015 01:50:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The RealPlayer Cloud Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/11/2015 11:54:24 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: The HP Network Devices Support service hung on starting.

 

Error: (01/11/2015 11:49:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:

%%3

 

Error: (01/11/2015 11:46:48 AM) (Source: DCOM) (EventID: 10010) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

Microsoft Office Sessions:

=========================

Error: (01/13/2015 01:42:53 AM) (Source: SideBySide) (EventID: 80) (User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (01/13/2015 00:40:33 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Skype.exe6.22.0.107eb401d02ef0a1d7612010C:\Program Files (x86)\Skype\Phone\Skype.exe

 

Error: (01/13/2015 00:22:55 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: QuickBooksUnable to find the section for this mentu item!!!

Error: (01/13/2015 00:22:43 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: QuickBooksReturning NULL QBWinInstance Handle

 

Error: (01/13/2015 00:22:43 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (01/13/2015 00:22:43 AM) (Source: QuickBooks) (EventID: 4) (User: )

Description: QuickBooksReturning NULL QBWinInstance Handle

 

Error: (01/13/2015 00:19:39 AM) (Source: ACT! Scheduler) (EventID: 0) (User: )

Description: Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information.

   at Act.Scheduler.SchedulerService.OnStart(String[] args)

   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (01/12/2015 04:00:17 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: QuickBooksUnable to find the section for this mentu item!!!

 

Error: (01/12/2015 03:59:08 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (01/12/2015 03:59:08 PM) (Source: QuickBooks) (EventID: 4) (User: )

Description: QuickBooksReturning NULL QBWinInstance Handle

 

CodeIntegrity Errors:

===================================

  Date: 2011-06-25 21:13:29.808

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2011-06-25 21:13:29.793

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-25 21:07:11.802

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2011-06-25 21:07:11.787

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-25 21:00:25.669

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2011-06-25 21:00:25.654

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-06-25 20:54:36.418

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2011-06-25 20:54:36.402

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

==================== Memory info ===========================

 

Processor: AMD Phenom II X3 705e Processor

Percentage of memory in use: 46%

Total physical RAM: 4094.46 MB

Available physical RAM: 2202.94 MB

Total Pagefile: 8187.11 MB

Available Pagefile: 5874.12 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:774.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E490FDED)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Hi Dave, 
 
I'm sorry for the delay. 
 

BTW, was any of the original data useful or would a simple "Hello!" followed by log files have been better?

Yes, the information is very useful. Having insight into what was done prior to requesting help here is important. 
 
I can see the machine does not currently have an Anti-Virus installed. We will need to install one shortly. 
For now, please do the following. 
 
STEP 1
EtQetiM.png Uninstall Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
  • Note: Ensure you decline offers of additional software if applicable.
    • Search App by Ask 
  • Follow the prompts.
  • Reboot if necessary.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startCreateRestorePoint:HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONCHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}CHR Extension: (MapsGalaxy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojglhaoipjjogobkielpbhabbblonoaa [2014-09-11]CHR HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No PathS4 LMIRfsClientNP; No ImagePathS2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]C:\Users\Owner\AppData\Local\Temp\Abspdf.exeC:\Users\Owner\AppData\Local\Temp\acfpdfu.dllC:\Users\Owner\AppData\Local\Temp\acfpdfuamd64.dllC:\Users\Owner\AppData\Local\Temp\acfpdfui.dllC:\Users\Owner\AppData\Local\Temp\acfpdfuia64.dllC:\Users\Owner\AppData\Local\Temp\acfpdfuiamd64.dllC:\Users\Owner\AppData\Local\Temp\acfpdfuiia64.dllC:\Users\Owner\AppData\Local\Temp\cdintf.dllC:\Users\Owner\AppData\Local\Temp\G2MInstallerExtractor.exeC:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exeC:\Users\Owner\AppData\Local\Temp\Lifecam3.0.204.0.exeC:\Users\Owner\AppData\Local\Temp\lowproc.exeC:\Users\Owner\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exeC:\Users\Owner\AppData\Local\Temp\ose00000.exeC:\Users\Owner\AppData\Local\Temp\PDFPRT400.exeC:\Users\Owner\AppData\Local\Temp\rnsetup0.exeC:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exeC:\Users\Owner\AppData\Local\Temp\setupOT4_GM7.exeC:\Users\Owner\AppData\Local\Temp\SkypeSetup.exeC:\Users\Owner\AppData\Local\Temp\stubhelper.dllC:\Users\Owner\AppData\Local\Temp\SymInstallStub.exeC:\Users\Owner\AppData\Local\Temp\xmllite.dllCustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No FileAlternateDataStreams: C:\ProgramData\TEMP:0FF263E8C:\Program Files (x86)\AskPartnerNetworkreg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /fCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 5
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programme uninstall OK?
  • Fixlog.txt
  • ComboFix.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Hi, Adam!

 

Delay: Not a problem!

 

Question: I'm in the middle of the first step (FRST Fix). Before I begin ComboFix: 1) do you have an estimate about how long that will take (I might need to time it to happen tonight if it will take a while) and 2) do you know the odds that Internet access won't restore and require a reboot? Since I'm doing this remotely, I'll also use that answer to judge when I run it. :)

 

BTW, FRST has been running the fix for about 30 minutes, so far. Is that typical?

Link to post
Share on other sites

Done! Thanks for the 5-minute data!

Here they are, in two posts:

 

----

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-01-2015 01
Ran by Owner at 2015-01-14 14:53:34 Run:1
Running from C:\Users\Owner\Downloads\Anti-Malware\Farbar Recovery Scan Tool
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
CreateRestorePoint:
HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
CHR Extension: (MapsGalaxy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojglhaoipjjogobkielpbhabbblonoaa [2014-09-11]
CHR HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
S4 LMIRfsClientNP; No ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
C:\Users\Owner\AppData\Local\Temp\Abspdf.exe
C:\Users\Owner\AppData\Local\Temp\acfpdfu.dll
C:\Users\Owner\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Owner\AppData\Local\Temp\acfpdfui.dll
C:\Users\Owner\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Owner\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Owner\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Owner\AppData\Local\Temp\cdintf.dll
C:\Users\Owner\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\Lifecam3.0.204.0.exe
C:\Users\Owner\AppData\Local\Temp\lowproc.exe
C:\Users\Owner\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Owner\AppData\Local\Temp\rnsetup0.exe
C:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Owner\AppData\Local\Temp\setupOT4_GM7.exe
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\stubhelper.dll
C:\Users\Owner\AppData\Local\Temp\SymInstallStub.exe
C:\Users\Owner\AppData\Local\Temp\xmllite.dll
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
C:\Program Files (x86)\AskPartnerNetwork
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************
 
Restore point was successfully created.
HKU\S-1-5-21-558719375-1066587731-3160552415-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => Key not found. 
"HKU\S-1-5-21-558719375-1066587731-3160552415-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
Chrome DefaultSuggestURL not detected.
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojglhaoipjjogobkielpbhabbblonoaa => Moved successfully.
"HKU\S-1-5-21-558719375-1066587731-3160552415-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
LMIRfsClientNP => Service deleted successfully.
LMIInfo => Service deleted successfully.
C:\Users\Owner\AppData\Local\Temp\Abspdf.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\acfpdfu.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\acfpdfuamd64.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\acfpdfui.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\acfpdfuia64.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\acfpdfuiamd64.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\acfpdfuiia64.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\cdintf.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\G2MInstallerExtractor.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\Lifecam3.0.204.0.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\PDFPRT400.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\rnsetup0.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\setupOT4_GM7.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\SymInstallStub.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\xmllite.dll => Moved successfully.
"HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => Key deleted successfully.
"HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
"C:\Program Files (x86)\AskPartnerNetwork" => File/Directory not found.
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 31.4 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 16:24:31 ====
 
 
 
----
ComboFix.log
 
ComboFix 15-01-08.01 - Owner 01/14/2015  16:50:36.1.3 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4094.1847 [GMT -5:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\4627558FB6.sys
c:\users\Owner\AppData\Local\Temp\_MEI16682\_ctypes.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\_elementtree.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\_hashlib.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\_multiprocessing.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\_socket.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\_ssl.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\hashobjs_ext.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\pyexpat.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\pysqlite2._sqlite.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\python27.dll
c:\users\Owner\AppData\Local\Temp\_MEI16682\pythoncom27.dll
c:\users\Owner\AppData\Local\Temp\_MEI16682\PyWinTypes27.dll
c:\users\Owner\AppData\Local\Temp\_MEI16682\select.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\unicodedata.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32api.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32com.shell.shell.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32crypt.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32event.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32file.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32gui.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32inet.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32pdh.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32pipe.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32process.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32profile.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32security.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\win32ts.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\windows._lib_cacheinvalidation.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\wx._animate.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\wx._controls_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\wx._core_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\wx._gdi_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\wx._html2.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\wx._misc_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\wx._windows_.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\wx._wizard.pyd
c:\users\Owner\AppData\Local\Temp\_MEI16682\wxbase294u_net_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI16682\wxbase294u_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI16682\wxmsw294u_adv_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI16682\wxmsw294u_core_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI16682\wxmsw294u_html_vc90.dll
c:\users\Owner\AppData\Local\Temp\_MEI16682\wxmsw294u_webview_vc90.dll
c:\users\Owner\Documents\~WRL0001.tmp
c:\users\Owner\Documents\~WRL0002.tmp
c:\users\Owner\Documents\~WRL0003.tmp
c:\users\Owner\Documents\~WRL0004.tmp
c:\users\Owner\Documents\~WRL0005.tmp
c:\users\Owner\Documents\~WRL0006.tmp
c:\users\Owner\Documents\~WRL0007.tmp
c:\users\Owner\Documents\~WRL0008.tmp
c:\users\Owner\Documents\~WRL0009.tmp
c:\users\Owner\Documents\~WRL0095.tmp
c:\users\Owner\Documents\~WRL0944.tmp
c:\users\Owner\Documents\~WRL1633.tmp
c:\users\Owner\Documents\~WRL1635.tmp
c:\users\Owner\Documents\~WRL1775.tmp
c:\users\Owner\Documents\~WRL1887.tmp
c:\users\Owner\Documents\~WRL2619.tmp
c:\users\Owner\Documents\~WRL2666.tmp
c:\users\Owner\Documents\~WRL3453.tmp
c:\users\Owner\g2mdlhlpx.exe
c:\users\Owner\GoToAssistDownloadHelper.exe
c:\windows\ST6UNST.000
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RManService
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-14 to 2015-01-14  )))))))))))))))))))))))))))))))
.
.
2015-01-14 00:39 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-14 00:39 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-14 00:38 . 2014-12-11 17:47 52736 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-14 00:38 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-14 00:38 . 2014-12-12 05:35 5553592 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-14 00:38 . 2014-12-12 05:31 503808 ----a-w- c:\windows\system32\srcore.dll
2015-01-14 00:38 . 2014-12-12 05:31 50176 ----a-w- c:\windows\system32\srclient.dll
2015-01-14 00:38 . 2014-12-12 05:31 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-01-12 06:16 . 2015-01-12 06:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-01-12 06:16 . 2015-01-12 06:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-01-12 06:16 . 2015-01-12 06:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-01-12 06:16 . 2015-01-12 06:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-01-12 06:16 . 2015-01-12 06:16 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-01-12 06:16 . 2015-01-12 06:16 -------- d-----w- c:\program files (x86)\QuickTime
2015-01-11 16:34 . 2015-01-12 17:21 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps
2015-01-11 07:06 . 2015-01-11 07:06 -------- d-----w- c:\windows\ERUNT
2015-01-11 06:44 . 2015-01-11 06:44 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-01-11 06:43 . 2015-01-11 06:44 -------- d-----w- c:\programdata\RogueKiller
2015-01-11 06:34 . 2015-01-11 06:35 -------- d-----w- c:\program files (x86)\ERUNT
2015-01-11 06:14 . 2013-05-19 01:50 162048 ----a-w- c:\windows\VPDAgent_x64.exe
2015-01-11 06:14 . 2013-05-19 01:50 61184 ----a-w- c:\windows\system32\ruppm.dll
2015-01-10 03:22 . 2015-01-11 07:14 -------- d-----w- C:\AdwCleaner
2015-01-09 19:11 . 2015-01-14 21:24 -------- d-----w- C:\FRST
2015-01-09 06:09 . 2015-01-09 06:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-01-09 06:09 . 2015-01-09 06:09 -------- d-----w- c:\program files (x86)\Java
2015-01-09 05:54 . 2015-01-09 05:54 -------- d-----w- c:\users\Owner\AppData\Roaming\Oracle
2015-01-04 07:01 . 2015-01-04 07:01 -------- d-----w- c:\program files\Reason
2015-01-01 23:30 . 2015-01-01 23:30 -------- d-----w- c:\program files (x86)\ESET
2015-01-01 22:32 . 2013-04-29 14:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2015-01-01 22:32 . 2015-01-01 22:32 -------- d-----w- c:\windows\SysWow64\DASBOOT
2015-01-01 22:32 . 2015-01-01 22:32 -------- d-----w- c:\program files (x86)\Panda Security
2015-01-01 18:19 . 2015-01-01 19:30 -------- d-----w- c:\programdata\HitmanPro
2015-01-01 18:18 . 2015-01-01 18:18 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-01-01 18:05 . 2015-01-01 18:05 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2014-12-31 22:56 . 2015-01-01 18:05 -------- d-----w- c:\programdata\Kaspersky Lab
2014-12-31 20:11 . 2015-01-12 22:10 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-31 20:10 . 2014-11-21 11:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-31 20:10 . 2014-11-21 11:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-31 20:10 . 2014-11-21 11:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-31 20:10 . 2014-12-31 20:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-12-31 20:10 . 2014-12-31 20:10 -------- d-----w- c:\programdata\Malwarebytes
2014-12-17 21:34 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-17 21:34 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-14 22:05 . 2011-06-22 13:05 848 --sha-w- c:\programdata\KGyGaAvL.sys
2015-01-14 22:05 . 2015-01-14 22:05 8 --sh--r- c:\programdata\4627558FB6.sys
2015-01-14 08:00 . 2011-06-23 06:38 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-14 06:00 . 2013-03-01 18:13 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 06:00 . 2011-06-19 12:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-09 06:09 . 2015-01-09 06:09 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-01-06 09:36 . 2011-06-19 10:51 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-12 05:11 . 2015-01-14 00:38 3971512 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2014-12-12 05:11 . 2015-01-14 00:38 3916728 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2014-12-12 05:07 . 2015-01-14 00:38 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2014-12-06 03:50 . 2015-01-14 00:39 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 00:39 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2014-12-04 02:50 . 2014-12-09 20:25 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-09 20:25 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-09 20:25 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-09 20:25 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-09 20:25 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:50 . 2014-12-09 20:25 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:44 . 2014-12-09 20:25 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-02 10:26 . 2015-01-14 21:02 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7D2402E-DFE5-4435-A834-26B2281E89FF}\mpengine.dll
2014-12-01 23:28 . 2014-12-09 20:25 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-09 20:24 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-09 20:24 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-09 20:24 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-09 20:24 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-09 20:24 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-09 20:24 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-09 20:24 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-09 20:24 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-09 20:24 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-09 20:24 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-09 20:24 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-09 20:24 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-09 20:25 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-09 20:24 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-09 20:24 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-09 20:24 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-09 20:24 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-09 20:24 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-09 20:24 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-09 20:24 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-09 20:24 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-09 20:24 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-09 20:24 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-09 20:25 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-09 20:24 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-09 20:24 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-09 20:24 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-09 20:24 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-09 20:24 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-09 20:24 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-09 20:24 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-09 20:24 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-09 20:24 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-09 20:24 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-09 20:24 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-09 20:24 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-09 20:24 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-09 20:24 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-09 20:24 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-09 20:24 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-19 09:31 . 2014-11-19 09:31 1217192 ----a-w- c:\windows\SysWow64\FM20.DLL
2014-11-11 03:09 . 2014-12-09 20:25 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-19 06:54 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-19 06:54 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-09 20:25 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 06:54 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-19 06:54 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-09 20:25 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-09 20:24 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-09 20:24 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-11-04 02:21 . 2013-06-09 13:16 35688 ----a-w- c:\windows\system32\LMIport.dll
2014-11-04 02:21 . 2013-06-09 13:16 107392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2014-11-04 02:21 . 2013-06-09 13:16 92520 ----a-w- c:\windows\system32\LMIinit.dll
2014-10-30 02:03 . 2014-12-09 20:24 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-09 20:24 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 14:52 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 14:52 67584 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-24 11:12 . 2013-06-09 13:16 107392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2014-10-18 02:05 . 2014-11-12 14:52 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 02:05 . 2014-12-10 08:04 4121600 ----a-w- c:\windows\system32\mf.dll
2014-10-18 01:33 . 2014-11-12 14:52 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-10-18 01:33 . 2014-12-10 08:04 3209728 ----a-w- c:\windows\SysWow64\mf.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-04 222496]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-12-22 23308616]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-10-17 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"iCloudDrive"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe" [2014-10-20 43816]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-11-27 30524520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mxomssmenu"="c:\program files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2009-08-24 28672]
"Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2009-08-24 331776]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-08-18 2641272]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-12-8 39207112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-8-18 6038904]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-8-18 1180560]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2013\QBW32.EXE -silent [2012-8-18 1184656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
R3 SNXPCAMD;SUNIX Multi-I/O Card Driver;c:\windows\system32\DRIVERS\snxpcamd.sys;c:\windows\SYSNATIVE\DRIVERS\snxpcamd.sys [x]
R3 SNXPPAMD;Golden Parallel Port Driver;c:\windows\system32\DRIVERS\snxppamd.sys;c:\windows\SYSNATIVE\DRIVERS\snxppamd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\DRIVERS\TsUsbGD.sys;c:\windows\SYSNATIVE\DRIVERS\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe;c:\windows\VPDAgent_x64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [x]
S2 kss;Kaspersky Security Scan Service;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe  -r;c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe  -r [x]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 06:00]
.
2015-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10 09:57]
.
2015-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-10 09:57]
.
2015-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-26 07:10]
.
2015-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-26 07:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-12-22 21:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-12-22 21:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-12-22 21:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-12-22 21:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-12-22 21:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-12-22 21:28 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Express - c:\program files (x86)\NCH Software\Express\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
c:\program files (x86)\Maxtor\Sync\SyncServices.exe
c:\program files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
c:\users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
.
**************************************************************************
.
Completion time: 2015-01-14  17:10:12 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-14 22:10
.
Pre-Run: 864,001,126,400 bytes free
Post-Run: 862,860,488,704 bytes free
.
- - End Of File - - 73C26A3B7A250CE97309FD01F7D89F0E
A36C5E4F47E84449FF07ED3517B43A31
 
 
 
Link to post
Share on other sites

Part 2

 

----

FSRT.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Owner (administrator) on OWNER-PC on 16-01-2015 00:27:34
Running from C:\Users\Owner\Downloads\Anti-Malware\Farbar Recovery Scan Tool
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Seagate Technology LLC) C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Usoris Systems LLC) C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Maxtor Corporation) C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
(Sage Software, Inc.) C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(Dropbox, Inc.) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Usoris Systems LLC) C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
(Usoris Systems LLC) C:\Program Files (x86)\Remote Utilities - Host\rfusclient.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\agent.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [mxomssmenu] => C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe [169312 2008-07-21] (Maxtor Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [Act.Outlook.Service] => C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe [28672 2009-08-24] (Sage Software, Inc.)
HKLM-x32\...\Run: [Act! Preloader] => C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe [331776 2009-08-24] (Sage Software, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2641272 2012-08-18] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-04] (Acresso Corporation)
HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-10-20] (Apple Inc.)
HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30524520 2014-11-27] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-558719375-1066587731-3160552415-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-558719375-1066587731-3160552415-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-558719375-1066587731-3160552415-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-558719375-1066587731-3160552415-1000 -> DefaultScope {972632BC-3BB4-4081-958E-EE6BB9BD6F04} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-558719375-1066587731-3160552415-1000 -> {972632BC-3BB4-4081-958E-EE6BB9BD6F04} URL = http://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -> {D5233FCD-D258-4903-89B8-FB1568E7413D} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-558719375-1066587731-3160552415-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-558719375-1066587731-3160552415-1000: @talk.google.com/O1DPlugin -> C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-558719375-1066587731-3160552415-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-558719375-1066587731-3160552415-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-558719375-1066587731-3160552415-1000: www.bridgepub.com/m8detector -> C:\Program Files (x86)\Mark Ultra VIII E-Meter Updater\plugin\npm8detector.dll (Bridge Publications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "https://mail.google.com/mail/?tab=wm#inbox"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-13]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-15]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-15]
CHR Extension: (Rapportive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2012-02-06]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-20]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-15]
CHR HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR StartMenuInternet: Google Chrome - C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ACT! Scheduler; C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe [81920 2009-08-24] (Sage Software, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [675096 2014-12-13] (Kaspersky Lab ZAO)
R2 Maxtor Sync Service; C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe [193888 2008-07-21] (Seagate Technology LLC)
R2 MSSQL$ACT7; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2012-08-18] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-08-18] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-08-18] (Intuit Inc.) [File not signed]
R2 RManService; C:\Program Files (x86)\Remote Utilities - Host\rutserv.exe [6361344 2014-12-18] (Usoris Systems LLC)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [55384 2011-04-29] (Sunbelt Software)
S3 SNXPCAMD; C:\Windows\System32\DRIVERS\snxpcamd.sys [50552 2010-01-14] (SUNIX Co., Ltd.)
S3 SNXPPAMD; C:\Windows\System32\DRIVERS\snxppamd.sys [97792 2005-02-15] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 14:56 - 2015-01-15 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Utilities - Host
2015-01-14 17:10 - 2015-01-14 17:10 - 00037710 _____ () C:\ComboFix.txt
2015-01-14 17:05 - 2015-01-14 17:05 - 00000008 __RSH () C:\ProgramData\4627558FB6.sys
2015-01-14 16:48 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-14 16:48 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-14 16:48 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-14 16:48 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-14 16:48 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-14 16:48 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-14 16:48 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-14 16:48 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-14 16:47 - 2015-01-14 17:10 - 00000000 ____D () C:\Qoobox
2015-01-14 16:47 - 2015-01-14 17:08 - 00000000 ____D () C:\Windows\erdnt
2015-01-13 19:39 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 19:39 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 19:39 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 19:39 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 19:38 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 19:38 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 19:38 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 19:38 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 19:38 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 19:38 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 19:38 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 19:38 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 19:38 - 2014-12-11 12:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-12 18:49 - 2015-01-12 21:09 - 00001403 _____ () C:\Users\Owner\Documents\Update - 2015 01 12 - evening (malware).txt
2015-01-12 01:16 - 2015-01-12 01:16 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-01-12 01:16 - 2015-01-12 01:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-01-12 01:16 - 2015-01-12 01:16 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-01-12 01:13 - 2015-01-12 01:14 - 00000000 ____D () C:\Users\Owner\Downloads\Apple
2015-01-11 11:51 - 2015-01-11 11:51 - 00003362 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-558719375-1066587731-3160552415-1000
2015-01-11 11:51 - 2015-01-11 11:51 - 00003228 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-558719375-1066587731-3160552415-1000
2015-01-11 11:34 - 2015-01-12 12:21 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
2015-01-11 02:06 - 2015-01-11 02:06 - 00000000 ____D () C:\Windows\ERUNT
2015-01-11 01:44 - 2015-01-11 01:44 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-11 01:43 - 2015-01-11 01:44 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-11 01:34 - 2015-01-11 01:35 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2015-01-11 01:34 - 2015-01-11 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-09 22:22 - 2015-01-11 02:14 - 00000000 ____D () C:\AdwCleaner
2015-01-09 14:11 - 2015-01-16 00:27 - 00000000 ____D () C:\FRST
2015-01-09 01:09 - 2015-01-09 01:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-09 01:09 - 2015-01-09 01:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-09 01:09 - 2015-01-09 01:09 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-09 00:54 - 2015-01-09 00:54 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Oracle
2015-01-04 02:01 - 2015-01-04 02:01 - 00000000 ____D () C:\Program Files\Reason
2015-01-01 22:53 - 2015-01-08 22:52 - 00003206 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-558719375-1066587731-3160552415-1000
2015-01-01 22:52 - 2015-01-08 22:52 - 00003340 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-558719375-1066587731-3160552415-1000
2015-01-01 18:30 - 2015-01-01 18:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-01 18:28 - 2015-01-01 18:30 - 02347384 _____ (ESET) C:\Users\Owner\Downloads\esetsmartinstaller_enu.exe
2015-01-01 17:32 - 2015-01-01 17:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-01-01 17:32 - 2015-01-01 17:32 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-01 17:32 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-01 13:19 - 2015-01-01 14:30 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-01 13:18 - 2015-01-01 13:18 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-01-01 13:05 - 2015-01-01 13:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2015-01-01 13:05 - 2015-01-01 13:05 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-31 17:56 - 2015-01-01 13:05 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-31 15:11 - 2015-01-12 17:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-31 15:10 - 2014-12-31 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-31 15:10 - 2014-12-31 15:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-31 15:10 - 2014-12-31 15:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-31 15:10 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-31 15:10 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-31 15:10 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-31 15:05 - 2015-01-14 16:46 - 00000000 ____D () C:\Users\Owner\Downloads\Anti-Malware
2014-12-27 10:26 - 2014-12-27 10:26 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-22 10:55 - 2014-12-22 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-12-17 16:34 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 16:34 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-16 00:21 - 2011-06-26 11:06 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000UA.job
2015-01-16 00:03 - 2012-11-10 15:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 00:00 - 2013-03-01 13:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 23:51 - 2011-06-19 05:36 - 01603663 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 23:24 - 2011-06-19 06:39 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A7290B64-9D0A-4B9D-B073-2795C0CA5F0F}
2015-01-15 18:03 - 2012-11-10 15:41 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 15:10 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 15:10 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 15:04 - 2013-12-24 09:59 - 00000000 ___RD () C:\Users\Owner\Dropbox
2015-01-15 15:04 - 2013-12-24 09:44 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Dropbox
2015-01-15 15:04 - 2011-06-22 08:05 - 00000848 ___SH () C:\ProgramData\KGyGaAvL.sys
2015-01-15 15:03 - 2012-11-10 15:45 - 00000000 ___RD () C:\Users\Owner\Google Drive
2015-01-15 15:01 - 2014-10-01 16:13 - 00000000 ___RD () C:\Users\Owner\iCloudDrive
2015-01-15 15:01 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 15:01 - 2009-07-13 23:51 - 00146987 _____ () C:\Windows\setupact.log
2015-01-15 15:00 - 2011-06-19 08:30 - 00263550 _____ () C:\Windows\PFRO.log
2015-01-15 14:56 - 2014-12-10 11:57 - 00000000 ____D () C:\Program Files (x86)\Remote Utilities - Host
2015-01-15 07:12 - 2013-10-24 16:10 - 00000000 ____D () C:\Users\Owner\Desktop\Van Epps
2015-01-15 03:21 - 2011-06-26 11:06 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000Core.job
2015-01-15 03:00 - 2011-12-25 16:43 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-14 17:10 - 2011-07-13 12:16 - 00000000 ____D () C:\Users\Abby
2015-01-14 17:10 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2015-01-14 17:02 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-14 17:01 - 2009-07-13 21:34 - 93323264 _____ () C:\Windows\system32\config\software.bak
2015-01-14 17:01 - 2009-07-13 21:34 - 20185088 _____ () C:\Windows\system32\config\system.bak
2015-01-14 17:01 - 2009-07-13 21:34 - 01048576 _____ () C:\Windows\system32\config\default.bak
2015-01-14 17:01 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-01-14 17:01 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-01-14 16:59 - 2011-06-19 05:36 - 00000000 ____D () C:\Users\Owner
2015-01-14 13:22 - 2013-06-04 08:12 - 00002364 _____ () C:\Users\Owner\Desktop\Google Chrome.lnk
2015-01-14 03:08 - 2013-08-15 02:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2011-06-23 01:38 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 01:00 - 2013-03-01 13:13 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 01:00 - 2013-03-01 13:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 01:00 - 2011-06-19 07:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 00:18 - 2014-12-07 09:18 - 00000000 ____D () C:\Users\Owner\AppData\Local\iMobie_Inc
2015-01-13 00:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2015-01-12 16:06 - 2012-11-10 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-12 13:52 - 2012-04-16 09:34 - 00000000 ____D () C:\ProgramData\Real
2015-01-12 13:52 - 2012-04-16 09:34 - 00000000 ____D () C:\Program Files (x86)\Real
2015-01-12 13:50 - 2012-04-16 09:34 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Real
2015-01-12 13:46 - 2011-06-19 07:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\Apple Computer
2015-01-10 18:22 - 2011-06-19 05:36 - 00000000 ____D () C:\Users\Owner\AppData\Local\VirtualStore
2015-01-10 15:31 - 2009-07-14 00:13 - 00852098 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 01:10 - 2014-12-10 12:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-06 04:36 - 2011-06-19 05:51 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-01 20:22 - 2011-06-19 23:16 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
2015-01-01 13:12 - 2014-12-10 11:55 - 00000000 ____D () C:\Users\Owner\Downloads\Remote Utilities (used by Dave Cloyd)
2014-12-31 17:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-12-29 20:58 - 2011-07-23 22:08 - 00870400 ___SH () C:\Users\Owner\Documents\Thumbs.db
2014-12-24 11:37 - 2011-09-12 21:54 - 00000000 ____D () C:\Users\Owner\Documents\Invoices
2014-12-22 11:36 - 2013-03-14 08:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-22 11:36 - 2013-03-14 08:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-20 22:02 - 2013-12-24 09:59 - 00001017 _____ () C:\Users\Owner\Desktop\Dropbox.lnk
2014-12-20 22:02 - 2013-12-24 09:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
 
Files to move or delete:
====================
C:\Users\Owner\gotomypc_438.exe
 
 
Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo4zmfo.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 00:39
 
==================== End Of Log ============================
 
 
----
Additions.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Owner at 2015-01-16 00:28:07
Running from C:\Users\Owner\Downloads\Anti-Malware\Farbar Recovery Scan Tool
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 8.2.1 - Hewlett-Packard) Hidden
8500A909_BasicWeb (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8500A909_Help_BasicWeb (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
ACT! by Sage 2010 (HKLM-x32\...\InstallShield_{58795EE4-FCF7-43A4-A5F6-269E69D0CD0B}) (Version: 12.0.0.0 - Sage Software, Inc.)
ACT! by Sage 2010 (x32 Version: 12.0.0.0 - Sage Software, Inc.) Hidden
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version:  - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.0.626 - Adobe Systems, Inc.)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
Amazon MP3 Uploader (HKLM-x32\...\com.amazon.music.uploader) (Version: 1.0.6 - Amazon Services LLC)
Amazon MP3 Uploader (x32 Version: 1.0.6 - Amazon Services LLC) Hidden
AnyTrans 4.2.3 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.2.3 - iMobie Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Express Dictate (HKLM-x32\...\Express) (Version:  - NCH Software)
FileZilla Client 3.5.1 (HKLM-x32\...\FileZilla Client) (Version: 3.5.1 - FileZilla Project)
Google Chrome (HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-558719375-1066587731-3160552415-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
HP Officejet Pro 8500 A909 Series (HKLM\...\{B1054C0C-0C16-41E1-8A9D-35F065793E92}) (Version: 14.0 - HP)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 15.0.0.380 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 15.0.0.380 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mark Ultra VIII E-Meter Updater (HKLM-x32\...\Mark Ultra VIII E-Meter Updater 1.0.0) (Version: 1.0.0 - Bridge Publications, Inc.)
Mark Ultra VIII E-Meter Updater (Version: 1.0.0 - Bridge Publications, Inc.) Hidden
Maxtor Manager (HKLM-x32\...\InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}) (Version: 4.01.0303 - Seagate Technology)
Maxtor Manager (HKLM-x32\...\InstallShield_{B8281D46-D846-4BB9-BC84-F1115A7BF820}) (Version: 4.01.0227 - Seagate Technology)
Maxtor Manager (x32 Version: 4.01.0303 - Seagate Technology) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard Edition 2003 (HKLM-x32\...\{91120409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.12.5896 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
OCA Computer System (HKLM-x32\...\ST6UNST #1) (Version:  - )
OCA Computer System version 1.1.0 (HKLM-x32\...\OCA Computer System 1.1.0_is1) (Version: 1.1.0 - INCOMM)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickBooks (x32 Version: 23.0.4001.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4001.2305 - Intuit Inc.)
Quicken 2007 (HKLM-x32\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.1.27 - Intuit)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Remote Utilities - Host (HKLM-x32\...\{052DF202-F103-46C9-824D-28F4BB04DAB3}) (Version: 6.004.0000 - Usoris Systems LLC)
Rosetta Stone Homeschool (HKLM-x32\...\{331F15D5-490D-4280-BDE6-5C0F295D8EE1}) (Version: 3.4.5 - Rosetta Stone Ltd.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Scan to PDF (HKLM-x32\...\Scan to PDF) (Version: 2.40 - Softi Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.22 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
ubCore64 (HKLM-x32\...\InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}) (Version:  - )
ubCore64 (Version: 4.0 - Unibrain) Hidden
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Driver Package - Bridge Publications, Inc. (usbser) Ports  (03/11/2010 5.1.2600.2) (HKLM\...\A7D2C0E4567A8E580ACBE73B7695E9E869A93C4C) (Version: 03/11/2010 5.1.2600.2 - Bridge Publications, Inc.)
Windows Driver Package - Sunix Co., Ltd. Golden Adapter Driver (12/20/2007 6.4.2.1) (HKLM\...\56670B2304F98DF2063A6302559689E51FFC72CC) (Version: 12/20/2007 6.4.2.1 - Sunix Co., Ltd.)
Windows Driver Package - Sunix Co., Ltd. Golden Port Driver (12/20/2007 6.4.2.1) (HKLM\...\43E2417C005C000BF53E2513948E0D82C766FD14) (Version: 12/20/2007 6.4.2.1 - Sunix Co., Ltd.)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Owner\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-558719375-1066587731-3160552415-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
12-01-2015 01:09:03 Removed QuickTime 7
12-01-2015 01:15:38 Installed QuickTime 7
13-01-2015 19:37:30 Windows Update
14-01-2015 03:00:12 Windows Update
14-01-2015 14:53:37 Restore Point Created by FRST
15-01-2015 14:56:14 Installed Remote Utilities - Host.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-01-14 17:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0011604C-806D-41E9-A825-36AD0BD85D81} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {04210723-5FA5-4F59-B5CC-DFEAE8305B48} - System32\Tasks\{0FD23742-9BFA-414D-A6DA-B31273251B0B} => A:\SETUP.EXE
Task: {16BC9DE1-8E81-4649-AD71-60694CC194AF} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {1EAB01B9-A719-4CA8-9939-2C01BD6AAB5D} - System32\Tasks\{4CB976EF-570F-4306-88FF-C98117C6FB91} => C:\Program Files (x86)\OCA\WOCA.exe [2002-01-22] (INCOMM)
Task: {2644949E-E91B-4F65-AEA2-BED655233C8D} - System32\Tasks\{477D151E-EEA4-4DD2-9146-37D820EB073A} => A:\SETUP.EXE
Task: {2FDF6D0B-4FF8-483C-91E2-E5F98BB0B0D4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000UA => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {39E8AB98-480A-4BB4-A5A1-8D87DF789A60} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-558719375-1066587731-3160552415-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {4F407C67-4F54-4E86-BB74-ED8D5BBAB545} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {55879618-2617-40A6-A573-998E31DF9BAB} - System32\Tasks\{DD5A2D8B-4BBA-4B2F-9BBE-BADC07758A6C} => pcalua.exe -a D:\Acrobat\AR40ENG.EXE -d D:\Acrobat
Task: {61619F5E-A47D-4005-899D-C7BEEE76131A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {6C9EE73B-87E5-4411-BC71-60EF15870B0A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-558719375-1066587731-3160552415-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {722241CE-3837-4D05-B33A-7EBECFAAAFFB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8A6DFCF7-B4D8-45EB-8504-19187C52E17A} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-558719375-1066587731-3160552415-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {B0745052-41A4-453E-B2CC-8B88BDDC3728} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000Core => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {B694E718-9E43-4ED3-BCF4-79E888F800FD} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-558719375-1066587731-3160552415-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {BB2F7E1D-69BE-4F12-9A8C-8E8D1B90E761} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-558719375-1066587731-3160552415-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C402E183-07AD-4D21-A45D-0F4676142A8C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {D6FBFDBE-0771-4A24-A0E8-FFB28FC648A2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-17] (Google Inc.)
Task: {ECF30FAD-3587-4050-B9CA-8A9B9D7794A6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EDD65C3D-CD79-4FA5-BF5C-D7F313B4A7D7} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-558719375-1066587731-3160552415-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EF5BBB51-0C5A-4D04-9179-E165B3B43D54} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F5F3AB2F-2EA1-4861-8152-7F8CD219E95B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {FA65917E-06BE-4759-8E61-A9290B7139D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000Core.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-558719375-1066587731-3160552415-1000UA.job => C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-13 16:49 - 2014-12-13 16:49 - 00320792 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2012-08-18 20:57 - 2012-08-18 20:57 - 00268688 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2012-08-18 20:57 - 2012-08-18 20:57 - 00021392 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2012-08-18 17:54 - 2012-08-18 17:54 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2012-08-18 20:57 - 2012-08-18 20:57 - 00140176 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2012-08-18 20:57 - 2012-08-18 20:57 - 00176528 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2012-08-18 20:57 - 2012-08-18 20:57 - 00388496 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2012-08-18 20:57 - 2012-08-18 20:57 - 00391056 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2012-08-18 20:57 - 2012-08-18 20:57 - 00505232 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2012-08-18 20:57 - 2012-08-18 20:57 - 00042384 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-15 15:02 - 2015-01-15 15:02 - 00043008 _____ () c:\users\owner\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo4zmfo.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Owner\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-15 15:02 - 2015-01-15 15:02 - 00098816 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32api.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00110080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\pywintypes27.dll
2015-01-15 15:01 - 2015-01-15 15:01 - 00364544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\pythoncom27.dll
2015-01-15 15:02 - 2015-01-15 15:02 - 00045568 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\_socket.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 01160704 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\_ssl.pyd
2015-01-15 15:01 - 2015-01-15 15:01 - 00320512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32com.shell.shell.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00713216 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\_hashlib.pyd
2015-01-15 15:01 - 2015-01-15 15:01 - 01175040 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\wx._core_.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00805888 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\wx._gdi_.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00811008 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\wx._windows_.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 01062400 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\wx._controls_.pyd
2015-01-15 15:01 - 2015-01-15 15:01 - 00735232 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\wx._misc_.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00557056 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\pysqlite2._sqlite.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00128512 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\_elementtree.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00127488 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\pyexpat.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00087552 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\_ctypes.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00119808 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32file.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00108544 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32security.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00007168 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\hashobjs_ext.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00167936 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32gui.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00018432 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32event.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00038912 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32inet.pyd
2015-01-15 15:01 - 2015-01-15 15:01 - 00011264 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32crypt.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00070656 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\wx._html2.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00027136 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\_multiprocessing.pyd
2015-01-15 15:01 - 2015-01-15 15:01 - 00035840 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32process.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00686080 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\unicodedata.pyd
2015-01-15 15:01 - 2015-01-15 15:01 - 00122368 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\wx._wizard.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00024064 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32pipe.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00025600 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32pdh.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00525640 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\windows._lib_cacheinvalidation.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00010240 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\select.pyd
2015-01-15 15:02 - 2015-01-15 15:02 - 00017408 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32profile.pyd
2015-01-15 15:01 - 2015-01-15 15:01 - 00022528 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\win32ts.pyd
2015-01-15 15:01 - 2015-01-15 15:01 - 00078336 _____ () C:\Users\Owner\AppData\Local\Temp\_MEI21242\wx._animate.pyd
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: KSS => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-558719375-1066587731-3160552415-500 - Administrator - Disabled)
Guest (S-1-5-21-558719375-1066587731-3160552415-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-558719375-1066587731-3160552415-1005 - Limited - Enabled)
Owner (S-1-5-21-558719375-1066587731-3160552415-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Faulty Device Manager Devices =============
 
Name: CDC Serial
Description: CDC Serial
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: SAMSUNG_Android
Description: SAMSUNG_Android
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/16/2015 00:23:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 14.1.2015.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1734
 
Start Time: 01d03104fcb9e5c0
 
Termination Time: 16
 
Application Path: C:\Users\Owner\Downloads\Anti-Malware\Farbar Recovery Scan Tool\FRST64.exe
 
Report Id:
 
Error: (01/15/2015 03:07:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 6.22.0.107 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 89c
 
Start Time: 01d030fe08d2fd80
 
Termination Time: 4
 
Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Report Id:
 
Error: (01/15/2015 03:05:07 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Unable to find the section for this mentu item!!!
 
Error: (01/15/2015 03:04:43 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (01/15/2015 03:04:43 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (01/15/2015 03:04:43 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
Error: (01/15/2015 03:01:06 PM) (Source: ACT! Scheduler) (EventID: 0) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information.
   at Act.Scheduler.SchedulerService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/15/2015 00:56:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (01/14/2015 10:51:24 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Unable to find the section for this mentu item!!!
 
Error: (01/14/2015 10:51:00 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle
 
 
System errors:
=============
Error: (01/15/2015 02:59:54 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (01/15/2015 02:54:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VPDAgent service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/14/2015 05:01:06 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (01/14/2015 05:00:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/14/2015 05:00:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/14/2015 04:59:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (01/14/2015 04:55:39 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/14/2015 04:40:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (01/14/2015 03:30:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Network Devices Support service hung on starting.
 
Error: (01/14/2015 03:26:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%3
 
 
Microsoft Office Sessions:
=========================
Error: (01/16/2015 00:23:42 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe14.1.2015.1173401d03104fcb9e5c016C:\Users\Owner\Downloads\Anti-Malware\Farbar Recovery Scan Tool\FRST64.exe
 
Error: (01/15/2015 03:07:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.22.0.10789c01d030fe08d2fd804C:\Program Files (x86)\Skype\Phone\Skype.exe
 
Error: (01/15/2015 03:05:07 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksUnable to find the section for this mentu item!!!
 
Error: (01/15/2015 03:04:43 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (01/15/2015 03:04:43 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (01/15/2015 03:04:43 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
Error: (01/15/2015 03:01:06 PM) (Source: ACT! Scheduler) (EventID: 0) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information.
   at Act.Scheduler.SchedulerService.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (01/15/2015 00:56:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (01/14/2015 10:51:24 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksUnable to find the section for this mentu item!!!
 
Error: (01/14/2015 10:51:00 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-14 16:59:42.935
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-14 16:59:42.555
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-06-25 21:13:29.808
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-06-25 21:13:29.793
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-06-25 21:07:11.802
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-06-25 21:07:11.787
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-06-25 21:00:25.669
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-06-25 21:00:25.654
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-06-25 20:54:36.418
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2011-06-25 20:54:36.402
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\snxppamd.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom II X3 705e Processor
Percentage of memory in use: 37%
Total physical RAM: 4094.46 MB
Available physical RAM: 2562.06 MB
Total Pagefile: 8187.11 MB
Available Pagefile: 6378.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:803.9 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E490FDED)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
----
 
 
There ya go!
 
I'm going to be away most of this weekend. I'll check in at night, but the connection might not be good enough to do anything useful. I'll check tomorrow night (Fri.) and let you know.
 
Meanwhile, I'll look for your post.
 
 
My best,
Dave
 
p.s. "LiquidTension" - nice!
Link to post
Share on other sites

Hi Dave, 
 

I'm going to be away most of this weekend. I'll check in at night, but the connection might not be good enough to do anything useful. I'll check tomorrow night (Fri.) and let you know.

OK, no problem. 
 
You'll notice you have an extra ~32GB of hard drive space. 

EmptyTemp: => Removed 31.4 GB temporary data.

This is the most I've ever seen. I can provide instructions on how to run a useful temp file cleaner to avoid this happening again.
We will at some point need to install an Anti-Virus as well. 

 

------------
 
Please provide an update on your computer after completing the steps below. Are there any outstanding issues?

 
STEP 1
b8zkrsY.png Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-558719375-1066587731-3160552415-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONCHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 3
nSymGHK.png Folder Options 

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Remove the checkmark next to Hide protected operating system Files (Recommended).
  • Click Apply followed by OK.
     

STEP 4
nWhGEI3.png VirusTotal Upload

  • Please go to VirusTotal.com.
  • Click Choose File and locate the following file:
    • C:\ProgramData\4627558FB6.sys
  • Click Scan it!.
  • If you receive the following notification: File already analysed click Reanalyse.
  • Once the file has been analyzed, copy the page URL at the top of the window and paste in your next reply. 
     

STEP 5
7D2ig3K.png Emsisoft Emergency Kit (Portable)

  • Please download Emsisoft Emergency Kit and save the file to a your Desktop.
  • Double-click EmsisoftEmergencyKit.exe.
  • Click Extract.
  • Upon completion, double-click the Emsisoft Emergency Kit shortcut on your Desktop to start the programme.
  • Click Yes to update the programme definitions.
  • Click Yes to detect Potentially Unwanted Programs (PUP's).
  • Click Scan now.
  • Select Full Scan and click Scan.
  • Close any High Risk notification screen that may appear.
  • When the scan is finished click Quarantine selected objects if malicious objects were found.
  • Click View Report, and open the most recent log. 
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 6
xpfNZP4A.png.pagespeed.ic.bp5cRl1pJg.jpg Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did your browsers reset OK?
  • Fixlog.txt 
  • VirusTotal results
  • Emsisoft logs
Link to post
Share on other sites

Hi, Adam!

 

I'm back and going again.

 

Here are the logs/link:

 

----

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 03
Ran by Owner at 2015-01-18 23:48:32 Run:2
Running from C:\Users\Owner\Downloads\Anti-Malware\Farbar Recovery Scan Tool
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-558719375-1066587731-3160552415-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com...q={searchTerms}
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
end
*****************
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-558719375-1066587731-3160552415-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Chrome DefaultSuggestURL not detected.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
 
==== End of Fixlog 23:48:32 ====
 

----

 

 

VirusTotal.com page URL:

 
 
----
Emsisoft log:
 
Emsisoft Emergency Kit - Version 9.0
Last update: 1/19/2015 1:57:40 AM
User account: Owner-PC\Owner
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 1/19/2015 1:58:45 AM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
C:\ProgramData\Rosetta Stone\Content\data\c4\2\c42ddaa4048f1df316406d352f8802dab652b5f2 detected: Exploit.CVE-2007-0071.Gen (B)
C:\Users\Owner\AppData\Local\VirtualStore\Kwfmnwaqmzxf.dll detected: Trojan.Generic.12517942 (B)
 
Scanned 392494
Found 3
 
Scan end: 1/19/2015 3:31:20 AM
Scan time: 1:32:35
 
C:\Users\Owner\AppData\Local\VirtualStore\Kwfmnwaqmzxf.dll Quarantined Trojan.Generic.12517942 (B)
C:\ProgramData\Rosetta Stone\Content\data\c4\2\c42ddaa4048f1df316406d352f8802dab652b5f2 Quarantined Exploit.CVE-2007-0071.Gen (B)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
 
Quarantined 3
 
-----
 
 
There ya go!
 
Dave
Link to post
Share on other sites

Hi Dave, 
 
Please let me know how your computer is performing after installing an Anti-Virus. 
Are there any outstanding issues?
 

goGMWSt.gifNo Anti-Virus Installed
 
------------------------------
 
Connecting to the Internet without an Anti-Virus is a risk to you, and to everyone as well. Your computer is susceptible to malware infections involving Botnets and Zombie Computers . Using Anti-Virus software will help minimize the risk and help prevent your computer from being used to pass on infections to other machines. When infected and compromised, malware spreads faster and more extensively, distributed denial-of-service (DDoS) attacks are easier to launch, spammers have more platforms from which to send E-mails and more zombies are created to perpetuate the cycle.
 
Nowadays, a multi-layed approach to security that incorporates Anti-Virus software is required to protect your computer from the latest threats. Many of attackers today employ advanced techniques which involve sophisticated Backdoor Trojans and Rootkits to hide their presence on a computer. Without an Anti-Virus, your computer is not only more susceptible to infection, but also means you are less likely to realise your computer is infected - sometimes the only symptom is an alert from your Anti-Virus. Please refer to the following articles for more information.

Please download and install ONE of the Anti-Virus' listed below.For a paid solution, my choice of Anti-Virus is ESET NOD32, and for a free solution, my choice of Anti-Virus is avast!. Please be aware that there is no universal "one size fits all" solution that works for everyone and there is no single best anti-virus. What works for one person may not work for another.
Link to post
Share on other sites

Hi, Adam!

 

So, it sounds like we're done. Is that true?

 

I noticed that the directories where I discovered the rogue program are still in place. Is that likely the result of the fact that I changed the content of the executable and, as a result, nothing related to it is seen as "bad"?

 

I played with her system for a little while - remotely - and it seems OK regarding speed. That was pre-AV. Post-AV s/w, I noticed lags, specifically when opening Chrome and MS Office s/w. I rebooted and the performance was so poor that I - well, I considered uninstalling it. I rebooted and, although the lags are still there, the huge performance drop was gone and the lags weren't as noticeable as before, to me. I'll have her pay a little extra attention to everything for the next couple of days. I'll let you know on Weds./Thurs. what she says.

 

I installed Avast to start and will probably recommend ESET to her, I understand that NOD32 seems to affect performance only lightly and the on-line scanner keeps getting used often in the forums. I noticed that it seems to detect things that others miss a bit more often than the other way around. Do you think that NOD32 will cause less lag than Avast?

 

Another topic: AV s/w by itself doesn't do the job anymore. Do you suggest a protocol for her to follow, such as a weekly scan with "this" and "that", plus do "this" monthly and install "this" in addition to the AV s/w.

 

Also, I read a blog post by a security guy who recommends "AppGuard" by Blue Ridge Networks, but that kind of program, to me, would only work if you installed it on a 100% clean system, such as the day you unpackaged your new computer. The concept seems excellent, but I haven't talked with anyone who has worked with that category of s/w. I installed one such program 3-4 years ago in order to give it a trial run, but the performance hit was huge, so, as you can imagine, it was gone within a couple of days (the vendor suggested uninstalling/reinstalling, but there was no change). That said, do you have a viewpoint about that program or others like it? If so, would you share it with me?

Link to post
Share on other sites

Hi Dave, 
 

So, it sounds like we're done. Is that true?

Nearly. We need to update your vulnerable software to reduce the risk of reinfection, and remove the tools we've used afterwards. 
 

I noticed that the directories where I discovered the rogue program are still in place.

Are you referring to the folders in bold below? These are legitimate folders.
 
"In locating the executable, I found not just one bogus, random-character directories in the ...\AppData\LocalLow location, but three: one located in the ...\Adobe directory and two more in the Microsoft and the Sun folder. The difference is that the latter two had clone directory structures of a C:\Users directory where all of them were empty except for ...\Local. It had additional directories starting with ...\Google and ending in a group of directories/files. The creation date/time for all of the Microsoft and Sun subdirectories were during the time of MBAM's last run at about the 5.5 hour point (it is at hour 6.5 as of this writing) and preceded my renaming the above process by about 20 minutes."
 
We can double-check nothing else is hiding in your AppData folder. ESET/MBAM/Emsisoft should have flagged if anything was. 
The log produced will be very large, so ensure you attach (not copy/paste) the file in your next post.
 
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startFolder: C:\Users\Owner\AppDataend
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Attach the file in your next post.
     

Do you think that NOD32 will cause less lag than Avast?

Yes. ESET is renowned for consuming a small amount of system resources. As is Microsoft Security Essentials (MSE), which is free. 
ESET NOD32 comes with a trial version, which I recommend you install and try out prior to purchasing the full software. 
 

Another topic: AV s/w by itself doesn't do the job anymore. Do you suggest a protocol for her to follow, such as a weekly scan with "this" and "that", plus do "this" monthly and install "this" in addition to the AV s/w.

Generally speaking, running an AV scan coupled with an MBAM Threat Scan once a week should be enough. 
As part of this process, I provide a list of recommended reading material and security programmes that will help reduce the risk of reinfection. We can discuss this question further when I provide these lists at the end.
 

Also, I read a blog post by a security guy who recommends "AppGuard" by Blue Ridge Networks

I have no experience with this software. You're better off reading public discussions involving those that have used the software: 
http://www.wilderssecurity.com/threads/appguard-4-x-32-64-bit.355206/
 

That said, do you have a viewpoint about that program or others like it? If so, would you share it with me?

In all honesty, I think you're better off looking into the creation of system images. Have you come across Acronis True Image?
The concept is relatively straight forward. You take a complete copy of your system and save it to a storage device. If the machine becomes infected, you simply load the copy saved earlier. This guarantees any malware you picked up after saving the copy will no longer be on your computer. 
 
Implementing an effective backup strategy is the best way to secure your computer.
 
I would also consider uninstalling Java unless you absolutely need the programme installed. 
Using zANS9oB.png Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications [...] According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.

If you choose to keep Java installed, it is paramount you keep the software updated with the latest version.
You can verify/test your Java software installation & version here.
 
------------
 
STEP 1
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Adobe Acrobat 4.0 
    • Adobe Shockwave Player 11.6 
    • JavaFX 2.1.1
  • Follow the prompts, and reboot if necessary.
     

STEP 3
zANS9oB.png Disable Java in Your Browser (if installed)
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt (attached!)
  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?
Link to post
Share on other sites

Cool! This has been fun, but it's good that it's almost done, too.

 

Caveat: I wrote almost everything that you'll read and, then, added a note. It is the last thing before the logs.

 

The specific path that I am most concerned about is:

C:\Users\Owner\AppData\LocalLow\Adobe\Hlhyhfj\Egahpjogrokt

The file in that directory is: Efnrxmp.exe

 

The ...\Adobe directory is where I located the random-character directory and the random-character process that was spawning 12-18 process copies of itself and driving CPU usage high. I doubt that it will show up on any scan because of 1) the random-character nature of the name and 2) I deleted the code in the file and replaced it with a simple, meaningless character string.

 

 

Thanks for the data about NOD32 and MSE. I'm going to start her on MSE, but she is not opposed in any way to paying for NOD32, especially if it is the best tool for the job (she specifically mentioned simply getting the best tool).

 

Also, your general protocol was nice to hear. It's what I do personally, but people who spend a lot of time in this area - like you - are the ones who are highly likely to have the better ideas about the current scene. I will set her up with a schedule.

 

I'll follow-up public discussions about "AppGuard" et al, but I agree with you about imaging.

 

While I was looking into the current version of Acronis TI, I was comparing it to a product that I have used on a couple of computers and I'm mentioning it because it is a more-than-excellent product and it might be something that you'd find interesting: TeraByte Unlimited's "Image for Windows (IfW)". I have been using its cousin "BootIt NG (New Generation)", which is a partition/boot manager with an imaging component that is made by the same company ("BootIt Bare Metal" is the current name of the product). "BootIt NG" has been a fabulous tool; its image creation/restoration has been flawless and fast. By the way, I just read the IfW specs and a couple of other pages at their site and that's the product that I'm going to suggest to her. Heck, I'm getting it for me, too. :)

 

Thanks fot the details about Java. I have heard a few times about it not being the best thing to have installed, but your statistics and additional data were what I found valuable. Thank you! I'll look at a couple of the non-conventional apps that she is using and see if they are Java-based. If not, off comes Java!

 

Note:

This occurred after I wrote the above, so this is a post-note.

She texted me this afternoon saying that she thought that the virus was back: "It had totally frozen with a million tabs open."

I haven't spoken with her, so I don't have any details.

I accessed her system and didn't see anything like what she describes, but I did find it overly slow to respond. I uninstalled Avast, rebooted and that seemed to help get the response to commands near normal. I installed MSE for the time being; I'm guessing that NOD32 will be what she wants. MSE seems to produce some lag, but less than Avast.

 

 

 

Here we go with the logs:

 

My guess is that you were joking about the Fixlog.txt file. FRST ran for about 15 minutes. The massive log is below:

 

-----

fixlog.txt

 

 

==== End of Fixlog 00:00:46 ====

 

----

 

Step 2

Remove Outdated Software:

Adobe Shockwave Player 11.6 wasn't on the list. My guess is that it was removed/replaced when the update to 12.1 was made in Step 1.

 

-----

 

Step 3

The UAC dialog never appeared, but the Java Control Panel reported that it successfully disabled Java in the browser.

 

 

----

checkup.txt

 

 Results of screen317's Security Check version 0.99.94  

 Windows 7 Service Pack 1 x64 (UAC is disabled!)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Panda Cloud Cleaner   

 Java 8 Update 25  

 Java version 32-bit out of Date! 

 Adobe Flash Player 16.0.0.257  

 Adobe Reader XI  

 Google Chrome (39.0.2171.95) 

 Google Chrome (39.0.2171.99) 

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Owner Downloads Anti-Malware SecurityCheck\SecurityCheck.exe 

 Kaspersky Lab Kaspersky Security Scan kss.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

BTW, I saw that Java is out of date. I started to install the newest version and noticed that Ask.com was "offered". I unselected both options, but noticed that the text said that "by selecting "Next", you are agreeing...". The only other option was "Cancel", which I did; that aborted the update.

Link to post
Share on other sites

Hello Dave, 
 

I'm going to start her on MSE, but she is not opposed in any way to paying for NOD32, especially if it is the best tool for the job (she specifically mentioned simply getting the best tool).

Whilst it's largely down to personal preference and the needs of the end user, ESET and Kaspersky are generally considered as high-end products amongst those in the security community. 
 
You may wish to consider uninstalling Kaspersky Security Scan. This programme runs in the background, consuming system resources. 
 

I'm mentioning it because it is a more-than-excellent product and it might be something that you'd find interesting

I haven't come across the software, but will look into it. Thank you!
 

She texted me this afternoon saying that she thought that the virus was back: "It had totally frozen with a million tabs open."

If this is an isolated incident, I don't think any further action is required. 
It of course also depends on what was running at the time. A lock up with many programmes and browser windows/tabs open is not uncommon. 
 

The UAC dialog never appeared

UAC is disabled. We will need to enable this shortly. 
 

BTW, I saw that Java is out of date.

Don't worry, you have the latest version. 
 

My guess is that you were joking about the Fixlog.txt file. FRST ran for about 15 minutes. The massive log is below:

The programme didn't run correctly. We'll do this a different way.

  • Click the Windows Start Button. Type CMD in the search bar and click CMD
  • Copy dir C:\Users\Owner\AppData /s >"%userprofile%\desktop\dir.txt"
  • Right-Click the CMD window and click Paste.
  • Press Enter.
  • A file (dir.txt) will be created on your Desktop. Ensure "Total Files Listed:" is at the bottom. 
  • Attach dir.txt in your next reply.
Link to post
Share on other sites

Cool to all!

 

I'm going to let her run MSE for a week and, then, switch her to a trial of NOD32. If there is a noticeable performance difference and she finds it worth it,... The main thing is to let her experience both and make her own decision based on that.

 

Also, I've noticed a half-dozen instances of "Windows is running slow" notifications. Is that something that you have heard happens with MSE? I ask because it started after MSE was installed; it seems that the notification comes from MSE, as well. By the way, the uncertainty there is because the notification disappears before I can examine it. Darn!

 

Oh, I uninstalled the Kaspersky Scanner.

 

Also, by "high-end", do you mean "more expensive"? I know that you said that you recommend NOD32, which, to me, would imply that if it is "more expensive", that it is worth it (performs well and with a small footprint). Is that the case?

dir.txt

Link to post
Share on other sites

Hi Dave, 
 
Delete these folders: 
C:\Users\Owner\AppData\LocalLow\Adobe\Hlhyhfj
C:\Users\Owner\AppData\LocalLow\Microsoft\Uvvtqedte
C:\Users\Owner\AppData\LocalLow\Sun\Otysacpcat
 
Right-Click your Recycle Bin and click Empty afterwards. 
 

Also, I've noticed a half-dozen instances of "Windows is running slow" notifications. Is that something that you have heard happens with MSE? I ask because it started after MSE was installed; it seems that the notification comes from MSE, as well. By the way, the uncertainty there is because the notification disappears before I can examine it. Darn!

Have a read of the following, and see if this applies: 
http://windows.microsoft.com/en-gb/windows/my-pc-runs-slowly-after-installing-microsoft-security-essentials
 
It's quite possible that MSE is simply unsuited for the computer. 
 

Also, by "high-end", do you mean "more expensive"?

No. You will find most paid-for AVs all share a similar price. 
ESET or Kaspersky are quite often the choice of AV amongst those that frequent the security community. As such, and from personal experience, I would place these products at the top. 
 
As I said though - it largely comes down to personal preference. There is no universal or "best" AV, but those are the products I would consider trying first.
 
----------------------
 
Before we remove the tools used and finish up, is there anything else I can help with?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.