Jump to content

Very persistent reveton remnants


R_W

Recommended Posts

Hello and thanks in advance. As the title states I am fairly certain I have some remnants from a ransomware virus I removed a few days ago. Upon startup and as soon as my desktop loads, I receive the following error window:

 

There was a problem starting C:\ PROGRA~3\10C40A953.cpp the specified module could not be found.

 

I am running Windows 7 Home Premium 64 bit

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Thank you, Kevin. Below are the resulting logs of the scan.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Bob (administrator) on DESK-HOME on 05-02-2015 08:40:57
Running from C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOWI7FAD
Loaded Profiles: Bob & Amanda & Guest (Available profiles: Bob & Amanda & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\jmesoft\Service.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_296_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-03-21] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1492407307-451252259-150901861-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.)
HKU\S-1-5-21-1492407307-451252259-150901861-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-1492407307-451252259-150901861-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-1492407307-451252259-150901861-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\S-1-5-21-1492407307-451252259-150901861-1002\...\Run: [skyDrive] => C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-12-12] (Microsoft Corporation)
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\359A04C01.lnk
ShortcutTarget: 359A04C01.lnk -> C:\PROGRA~3\10C40A953.cpp (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\359A04C01.lnk
ShortcutTarget: 359A04C01.lnk -> c:\progra~3\10c40a953.cpp (No File)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1492407307-451252259-150901861-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1492407307-451252259-150901861-1002.bak\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKU\S-1-5-21-1492407307-451252259-150901861-1002.bak\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKU\S-1-5-21-1492407307-451252259-150901861-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1492407307-451252259-150901861-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://lenovo.msn.com
http://www.lenovo.com/
HKU\S-1-5-21-1492407307-451252259-150901861-501\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1492407307-451252259-150901861-501\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://lenovo.msn.com
http://www.lenovo.com/
URLSearchHook: HKU\S-1-5-21-1492407307-451252259-150901861-1004 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
URLSearchHook: HKU\S-1-5-21-1492407307-451252259-150901861-501 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1492407307-451252259-150901861-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1492407307-451252259-150901861-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1492407307-451252259-150901861-1002.bak -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1492407307-451252259-150901861-1002.bak -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1492407307-451252259-150901861-1004 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={94F3936E-71C2-4D90-AD44-1EF6B19B1629}&mid=c95edd0c46c947d3bf08c13194187d98-e008a0b80cf259f9d0cd23fb84c5cc27cb2b781c〈=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-02-05 20:21:52&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1492407307-451252259-150901861-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1492407307-451252259-150901861-1004 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={94F3936E-71C2-4D90-AD44-1EF6B19B1629}&mid=c95edd0c46c947d3bf08c13194187d98-e008a0b80cf259f9d0cd23fb84c5cc27cb2b781c〈=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-02-05 20:21:52&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1492407307-451252259-150901861-501 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1492407307-451252259-150901861-501 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1492407307-451252259-150901861-501 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={94F3936E-71C2-4D90-AD44-1EF6B19B1629}&mid=c95edd0c46c947d3bf08c13194187d98-e008a0b80cf259f9d0cd23fb84c5cc27cb2b781c〈=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2014-02-05 20:21:52&v=17.3.1.204&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HitmanPro37CrusaderBoot; "E:\HitmanPro_x64.exe" /crusader:boot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-02-04] ()
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-10-13] (CACE Technologies, Inc.)
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 08:40 - 2015-02-05 08:40 - 00000000 ____D () C:\FRST
2015-02-04 17:51 - 2015-02-04 17:51 - 00097909 _____ () C:\ProgramData\1423090116.bdinstall.bin
2015-02-04 17:48 - 2015-02-04 17:48 - 00037822 _____ () C:\ProgramData\1423090115.bdinstall.bin
2015-02-04 16:51 - 2015-02-04 16:51 - 00043664 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2015-02-04 11:31 - 2015-02-04 11:31 - 00000000 ____D () C:\Users\Bob\AppData\Local\Microsoft_Corporation
2015-02-04 11:26 - 2015-02-04 11:26 - 00000000 ____D () C:\Users\Bob\AppData\Local\{D1C5532C-081D-4B11-9B7F-EEA75EAE4741}
2015-02-04 10:27 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2015-02-04 10:27 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-04 10:27 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-04 10:27 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2015-02-04 10:27 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2015-02-04 10:27 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-02-04 10:27 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2015-02-04 10:27 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-02-04 10:27 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2015-02-04 10:27 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2015-02-04 10:27 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-04 10:27 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-02-04 10:27 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-02-04 10:27 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-02-04 10:27 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-02-04 10:27 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-02-04 10:27 - 2013-10-01 15:57 - 06578176 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-04 10:27 - 2013-10-01 15:55 - 05698048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-04 10:26 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-02-04 10:26 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2015-02-04 10:26 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2015-02-04 10:26 - 2012-08-23 08:24 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-02-04 10:26 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2015-02-04 10:26 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2015-02-04 10:26 - 2012-08-23 04:51 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-01-29 18:52 - 2015-01-29 18:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 16:31 - 2015-01-29 16:31 - 00000000 ___RD () C:\Users\Bob\Documents\Notes
2015-01-29 15:37 - 2015-01-29 15:37 - 277436202 _____ () C:\Users\Bob\Desktop\regbackup.reg
2015-01-29 13:18 - 2015-01-29 15:10 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2015-01-29 13:18 - 2015-01-29 15:10 - 00000346 _____ () C:\windows\system32\.crusader
2015-01-29 13:03 - 2015-01-29 13:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-26 18:20 - 2015-01-26 18:20 - 00000000 ____D () C:\MyRegBack
2015-01-25 17:43 - 2015-01-25 17:43 - 00000000 ___RD () C:\WindowsImageBackup
2015-01-22 11:07 - 2015-01-22 11:07 - 00005688 _____ () C:\Users\Amanda\Desktop\hhsapplication3.txt
2015-01-22 10:56 - 2015-01-22 10:56 - 00005688 _____ () C:\Users\Amanda\Documents\hhsapplication2.txt
2015-01-14 12:22 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 12:22 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 12:22 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 12:22 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 12:22 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 12:22 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 12:22 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:22 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:22 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 12:22 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 12:22 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 12:22 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-11 19:20 - 2015-01-22 11:59 - 00004982 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Desk-Home-Amanda Desk-Home
2015-01-11 19:20 - 2015-01-11 19:20 - 00000000 __SHD () C:\Users\Amanda\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-05 08:40 - 2011-06-10 17:26 - 01782407 _____ () C:\windows\WindowsUpdate.log
2015-02-05 08:39 - 2011-12-12 20:44 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{AB888F0B-734D-4B6F-A1A3-B40210CF9FFA}
2015-02-05 08:36 - 2013-11-27 18:13 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 18:58 - 2014-12-11 08:08 - 00004968 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Desk-Home-Bob Desk-Home
2015-02-04 18:03 - 2009-07-13 23:45 - 00028336 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 18:03 - 2009-07-13 23:45 - 00028336 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 18:00 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-04 17:57 - 2014-10-22 08:27 - 00000000 ___RD () C:\Users\Bob\iCloudDrive
2015-02-04 17:57 - 2014-05-11 13:38 - 00000000 ___RD () C:\Users\Bob\OneDrive
2015-02-04 17:57 - 2011-12-13 17:15 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 17:56 - 2010-11-20 22:47 - 17245030 _____ () C:\windows\PFRO.log
2015-02-04 17:56 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-04 17:56 - 2009-07-13 23:51 - 00110231 _____ () C:\windows\setupact.log
2015-02-04 11:25 - 2014-04-08 15:59 - 00000000 ____D () C:\Users\Bob\AppData\Local\Windows Live
2015-02-04 11:20 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-02-04 10:30 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-04 10:29 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-04 10:28 - 2011-06-10 17:26 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-04 10:26 - 2013-08-15 14:25 - 00000000 ____D () C:\windows\system32\MRT
2015-02-03 17:00 - 2012-10-21 10:13 - 00774632 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-02-03 07:50 - 2014-10-21 18:20 - 00000000 ____D () C:\Users\Bob\Documents\Home
2015-01-29 19:19 - 2011-12-15 06:41 - 00000000 ____D () C:\windows\Minidump
2015-01-29 13:51 - 2009-07-14 00:08 - 00032618 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-26 15:58 - 2013-11-27 18:13 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 15:58 - 2013-11-27 18:13 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-26 15:58 - 2011-12-12 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 13:53 - 2012-06-05 19:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\Deployment

==================== Files in the root of some directories =======

2014-11-01 14:48 - 2014-11-05 11:05 - 0007609 _____ () C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
2014-11-17 16:29 - 2014-11-17 16:38 - 0050363 _____ () C:\ProgramData\1416259742.10652.bin
2014-11-17 16:29 - 2014-11-17 16:38 - 0009910 _____ () C:\ProgramData\1416259742.11024.bin
2014-11-17 16:29 - 2014-11-17 16:38 - 0009485 _____ () C:\ProgramData\1416259742.11272.bin
2014-11-17 16:29 - 2014-11-17 16:38 - 0002326 _____ () C:\ProgramData\1416259742.11792.bin
2014-11-17 16:29 - 2014-11-17 16:38 - 0013695 _____ () C:\ProgramData\1416259742.13244.bin
2014-11-17 16:29 - 2014-11-17 16:29 - 0003277 _____ () C:\ProgramData\1416259742.13276.bin
2014-11-17 16:29 - 2014-11-17 16:29 - 0000508 _____ () C:\ProgramData\1416259742.13512.bin
2014-11-17 16:38 - 2014-11-17 16:38 - 0029581 _____ () C:\ProgramData\1416259742.14188.bin
2014-11-17 16:38 - 2014-11-17 16:38 - 0034561 _____ () C:\ProgramData\1416260318.bdinstall.bin
2014-11-17 16:39 - 2014-11-17 16:39 - 0034561 _____ () C:\ProgramData\1416260341.bdinstall.bin
2014-11-17 16:39 - 2014-11-17 16:39 - 0034573 _____ () C:\ProgramData\1416260370.bdinstall.bin
2014-11-17 16:43 - 2014-11-17 16:43 - 0034574 _____ () C:\ProgramData\1416260590.bdinstall.bin
2014-11-17 16:45 - 2014-11-17 16:45 - 0034561 _____ () C:\ProgramData\1416260693.bdinstall.bin
2014-11-17 16:49 - 2014-11-17 16:49 - 0034574 _____ () C:\ProgramData\1416260974.bdinstall.bin
2014-11-17 17:03 - 2014-11-17 17:03 - 0198588 _____ () C:\ProgramData\1416261732.bdinstall.bin
2015-02-04 17:48 - 2015-02-04 17:48 - 0037822 _____ () C:\ProgramData\1423090115.bdinstall.bin
2015-02-04 17:51 - 2015-02-04 17:51 - 0097909 _____ () C:\ProgramData\1423090116.bdinstall.bin
2014-03-06 17:27 - 2014-03-06 17:45 - 0001259 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Bob\AppData\Local\Temp\HitmanPro.exe
C:\Users\Bob\AppData\Local\Temp\Runner2.exe
C:\Users\Bob\AppData\Local\Temp\Runner4.exe
C:\Users\Bob\AppData\Local\Temp\smarter.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-04 11:13

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Bob at 2015-02-05 08:41:39
Running from C:\Users\Bob\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XOWI7FAD
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader 9.5.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Best Buy pc app (HKU\S-1-5-21-1492407307-451252259-150901861-1004\...\48e4cff94f039634) (Version: 3.2.420.5 - Best Buy)
Best Buy pc app (HKU\S-1-5-21-1492407307-451252259-150901861-501\...\48e4cff94f039634) (Version: 3.2.420.5 - Best Buy)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo Tinian Fn PS/2 Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.0.11.0321 - Lenovo)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1492407307-451252259-150901861-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
VitalSource Bookshelf (HKLM-x32\...\{5d66b7b8-b2f4-460f-9691-4273618e33e1}) (Version: 6.05.0020 - Ingram Content Group)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1492407307-451252259-150901861-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1492407307-451252259-150901861-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1492407307-451252259-150901861-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1492407307-451252259-150901861-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1492407307-451252259-150901861-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09AD85C5-67A4-4F5C-B41F-1D500F092AC4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0D48A7D2-5589-41E2-8C91-B2102248E600} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {1566C923-770B-4717-8188-D44031010159} - \f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-1 No Task File <==== ATTENTION
Task: {1F88C3A2-5D6C-497B-A883-5EE616C06446} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {301C8297-2B96-4D93-888B-1DAF2F5DFB2E} - \f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-5_user No Task File <==== ATTENTION
Task: {35C3A08F-F21C-4C84-8D07-92E4615F4419} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {4419F64B-28E6-43FC-89AA-5471334588F5} - \f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-5 No Task File <==== ATTENTION
Task: {57C58F2C-E2C6-4340-9CA4-FCE8EEBF07E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {5C47ED55-FB65-4537-B9A6-C58F5B365205} - \f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-10_user No Task File <==== ATTENTION
Task: {6D399B81-D4FE-4813-8F3D-E82D2B63CE55} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {74848224-F0BE-4705-B413-E1674287D99E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Desk-Home-Amanda Desk-Home => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {C30F8719-0F30-4D7E-A04D-537B5A8E9887} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Desk-Home-Bob Desk-Home => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {DE846675-E6D4-40AF-859E-C9698B6CFBCA} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{6046115B-CA5C-46EF-8934-24BADC441B75}.exe
Task: C:\windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{6046115B-CA5C-46EF-8934-24BADC441B75}.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-05-10 11:55 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-06-10 17:29 - 2011-03-15 22:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-11-17 18:13 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-11-19 05:22 - 2010-11-11 23:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-10 17:29 - 2011-03-21 16:12 - 00020480 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-06-11 02:40 - 2014-06-11 02:40 - 00098816 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2014-06-11 02:40 - 2014-06-11 02:40 - 00523776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2014-06-11 02:09 - 2014-06-11 02:09 - 01554944 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-06-11 02:10 - 2014-06-11 02:10 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-06-11 02:11 - 2014-06-11 02:11 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-06-11 02:59 - 2014-06-11 02:59 - 05992960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-03-23 22:33 - 2014-03-23 22:33 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-11 02:30 - 2014-06-11 02:30 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-03-23 22:33 - 2014-03-23 22:33 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2014-06-11 02:29 - 2014-06-11 02:29 - 01175552 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-06-11 02:31 - 2014-06-11 02:31 - 10063872 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-06-13 02:39 - 2014-06-13 02:39 - 01361920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-06-11 02:35 - 2014-06-11 02:35 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-06-11 02:36 - 2014-06-11 02:36 - 00885248 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-06-11 02:38 - 2014-06-11 02:38 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-04-08 03:07 - 2014-04-08 03:07 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-04-08 03:06 - 2014-04-08 03:06 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 04:56 - 2012-11-29 04:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-03-23 22:31 - 2014-03-23 22:31 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-03-23 22:31 - 2014-03-23 22:31 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-03-23 22:31 - 2014-03-23 22:31 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2014-06-11 02:36 - 2014-06-11 02:36 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-06-11 02:38 - 2014-06-11 02:38 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-03-23 23:08 - 2014-03-23 23:08 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-03-23 22:31 - 2014-03-23 22:31 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-12-12 11:31 - 2014-12-12 11:31 - 00081056 _____ () C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2011-06-10 17:29 - 2007-12-31 12:27 - 00007168 _____ () C:\Windows\jmesoft\VistaVolume.dll
2011-06-10 17:29 - 2009-07-16 11:20 - 00032768 _____ () C:\Windows\jmesoft\Keyhook.dll
2014-11-17 18:13 - 2014-11-17 18:13 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1492407307-451252259-150901861-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
ATTENTION: Missing Desktop Wallpaper Registry entry.
HKU\S-1-5-21-1492407307-451252259-150901861-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Amanda\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1492407307-451252259-150901861-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-1492407307-451252259-150901861-500 - Administrator - Disabled)
Amanda (S-1-5-21-1492407307-451252259-150901861-1004 - Limited - Enabled) => C:\Users\Amanda
Bob (S-1-5-21-1492407307-451252259-150901861-1002 - Administrator - Enabled) => C:\Users\Bob
Guest (S-1-5-21-1492407307-451252259-150901861-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1492407307-451252259-150901861-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/05/2015 08:36:28 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (02/05/2015 08:36:07 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (02/04/2015 06:58:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (02/04/2015 05:58:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2015 05:57:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 2.0.0.10.in-addr.arpa. PTR Desk-Home.local.

Error: (02/04/2015 05:57:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.2:5353   19 2.0.0.10.in-addr.arpa. PTR Desk-Home-2.local.

Error: (02/04/2015 04:58:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2015 04:55:33 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (2612) WebCacheLocal: Error -1032 occurred while opening logfile C:\Users\Bob\AppData\Local\Microsoft\Windows\WebCache\V0101715.log.

Error: (02/04/2015 04:55:33 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost (2612) WebCacheLocal: An attempt to open the file "C:\Users\Bob\AppData\Local\Microsoft\Windows\WebCache\V0101715.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (02/04/2015 04:55:23 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost (2612) WebCacheLocal: Error -1032 occurred while opening logfile C:\Users\Bob\AppData\Local\Microsoft\Windows\WebCache\V0101715.log.

System errors:
=============
Error: (02/04/2015 05:57:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/04/2015 05:56:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:
%%2

Error: (02/04/2015 05:48:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/04/2015 05:48:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/04/2015 05:48:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/04/2015 05:48:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/04/2015 05:48:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/04/2015 05:48:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (02/04/2015 04:58:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (02/04/2015 04:57:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (02/05/2015 08:36:28 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (02/05/2015 08:36:07 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (02/04/2015 06:58:43 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (02/04/2015 05:58:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2015 05:57:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 2.0.0.10.in-addr.arpa. PTR Desk-Home.local.

Error: (02/04/2015 05:57:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.2:5353   19 2.0.0.10.in-addr.arpa. PTR Desk-Home-2.local.

Error: (02/04/2015 04:58:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/04/2015 04:55:33 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost2612WebCacheLocal: C:\Users\Bob\AppData\Local\Microsoft\Windows\WebCache\V0101715.log-1032

Error: (02/04/2015 04:55:33 PM) (Source: ESENT) (EventID: 489) (User: )
Description: taskhost2612WebCacheLocal: C:\Users\Bob\AppData\Local\Microsoft\Windows\WebCache\V0101715.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (02/04/2015 04:55:23 PM) (Source: ESENT) (EventID: 455) (User: )
Description: taskhost2612WebCacheLocal: C:\Users\Bob\AppData\Local\Microsoft\Windows\WebCache\V0101715.log-1032

==================== Memory info ===========================

Processor: Intel® Core i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 30%
Total physical RAM: 8040.43 MB
Available physical RAM: 5574.58 MB
Total Pagefile: 16079.04 MB
Available Pagefile: 13290.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:643.39 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:298.01 GB) (Free:185.43 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F0472ABF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 41FFC810)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download Malwarebytes Anti-Malware to your desktop.


Double-click mbam-setup and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes Select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Now select > Scan > Threat scan > Scan now
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Kevin...

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Malwarebytes scan log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/6/2015
Scan Time: 11:30:06 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.06.06
Rootkit Database: v2015.02.03.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Bob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 465972
Time Elapsed: 11 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

AdwCleaner scan log:

 

# AdwCleaner v4.110 - Logfile created 06/02/2015 at 11:47:57
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Bob - DESK-HOME
# Running from : C:\Users\Bob\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Amanda\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Guest\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332217}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622332217}
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

*************************

AdwCleaner[R0].txt - [2112 bytes] - [06/02/2015 11:45:43]
AdwCleaner[s0].txt - [2005 bytes] - [06/02/2015 11:47:57]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2064  bytes] ##########

 

Junkware Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Bob on Fri 02/06/2015 at 11:55:12.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Bob\appdata\local\best buy pc app"
Successfully deleted: [Empty Folder] C:\Users\Bob\appdata\local\{64CF4793-4E1E-4DC4-8BD3-1B90204078D9}
Successfully deleted: [Empty Folder] C:\Users\Bob\appdata\local\{80119179-2D2A-4D7D-A97A-509212A43BA4}
Successfully deleted: [Empty Folder] C:\Users\Bob\appdata\local\{AD11E3DA-63AF-4887-B604-B6C63E51584A}
Successfully deleted: [Empty Folder] C:\Users\Bob\appdata\local\{D1C5532C-081D-4B11-9B7F-EEA75EAE4741}
Successfully deleted: [Empty Folder] C:\Users\Bob\appdata\local\{DC00CA48-0811-4966-A7BA-57B67C7D40A4}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/06/2015 at 11:56:59.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

MSRT Log:

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.3, December 2011
Started On Sun Dec 18 11:10:06 2011
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:3776 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:4732 (code 0x0000012B (299))
->Scan ERROR: resource process://pid:3080 (code 0x00000490 (1168))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 18 11:10:48 2011

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.4, January 2012
Started On Thu Jan 12 03:01:57 2012
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:8688 (code 0x00000005 (5))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 12 03:02:40 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.5, February 2012
Started On Wed Feb 15 03:00:58 2012
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:2148 (code 0x00000005 (5))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 15 03:01:40 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.6, March 2012
Started On Tue Mar 13 19:25:35 2012
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:3668 (code 0x00000005 (5))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Mar 13 19:26:14 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.7, April 2012
Started On Thu Apr 12 03:00:37 2012
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 12 03:01:14 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.8, May 2012
Started On Fri May 11 03:04:53 2012
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 11 03:05:27 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.9, June 2012
Started On Wed Jun 13 12:15:43 2012
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:4324 (code 0x00000005 (5))
->Scan ERROR: resource process://pid:3796 (code 0x0000012B (299))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13 12:16:23 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.10, July 2012
Started On Fri Jul 13 03:01:06 2012
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 13 03:01:38 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.11, August 2012
Started On Tue Aug 14 14:07:55 2012
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:520 (code 0x00000005 (5))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 14 14:08:31 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.12, September 2012
Started On Thu Sep 13 22:25:29 2012
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:5588 (code 0x00000005 (5))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 13 22:25:59 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.13, October 2012
Started On Wed Oct 10 12:39:46 2012
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:6688 (code 0x00000005 (5))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Oct 10 12:40:20 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.14, November 2012
Started On Thu Nov 15 19:54:23 2012
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:2552 (code 0x00000005 (5))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 15 19:54:58 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.15, December 2012
Started On Fri Dec 14 18:44:30 2012
->Scan ERROR: resource process://pid:4676 (code 0x00000005 (5))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 14 18:45:03 2012

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.16, January 2013
Started On Thu Jan 10 03:01:16 2013
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 10 03:01:52 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.17, February 2013
Started On Thu Feb 14 18:45:56 2013
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:492 (code 0x00000005 (5))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 14 18:46:37 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.18, March 2013
Started On Thu Mar 14 03:01:59 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 14 03:02:40 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.19, April 2013
Started On Wed Apr 10 22:01:08 2013
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:4480 (code 0x00000005 (5))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 10 22:01:49 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.20, May 2013
Started On Fri May 17 06:33:36 2013
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:6692 (code 0x00000005 (5))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri May 17 06:34:18 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.21, June 2013
Started On Thu Jun 13 23:14:50 2013
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:1868 (code 0x00000005 (5))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 13 23:15:30 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v4.22, July 2013
Started On Mon Jul 15 03:05:38 2013
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource process://pid:5568 (code 0x00000490 (1168))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))
->Scan ERROR: resource file://E:\autorun.inf (code 0x00000021 (33))
->Scan ERROR: resource file://E:\autorun.inf (code 0x0000054F (1359))

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jul 15 03:06:34 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)
Started On Thu Aug 15 15:25:02 2013

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 15 15:25:51 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)
Started On Wed Sep 11 19:04:51 2013

Engine: 1.1.9800.0
Signatures: 1.157.932.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 11 19:05:34 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)
Started On Thu Oct 10 20:03:41 2013

Engine: 1.1.9901.0
Signatures: 1.159.530.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 10 20:04:22 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)
Started On Thu Nov 14 03:00:23 2013

Engine: 1.1.10003.0
Signatures: 1.161.1618.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 14 03:00:50 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)
Started On Tue Dec 17 03:00:32 2013

Engine: 1.1.10100.0
Signatures: 1.163.1013.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 17 03:01:09 2013

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)
Started On Wed Jan 15 19:10:32 2014

Engine: 1.1.10201.0
Signatures: 1.165.1273.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jan 15 19:11:06 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)
Started On Sat Feb 15 23:11:37 2014

Engine: 1.1.10201.0
Signatures: 1.165.3163.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Sat Feb 15 23:12:19 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)
Started On Mon Mar 17 21:38:29 2014

Engine: 1.1.10302.0
Signatures: 1.167.1001.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Mar 17 21:39:13 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)
Started On Wed Apr 09 16:46:16 2014

Engine: 1.1.10401.0
Signatures: 1.169.1258.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Apr 09 16:47:01 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)
Started On Wed May 14 20:22:21 2014

Engine: 1.1.10502.0
Signatures: 1.173.1305.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed May 14 20:22:57 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)
Started On Wed Jun 11 19:48:30 2014

Engine: 1.1.10600.0
Signatures: 1.175.1113.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 11 19:49:12 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)
Started On Fri Jul 11 03:01:25 2014

Engine: 1.1.10701.0
Signatures: 1.177.949.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jul 11 03:02:03 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)
Started On Tue Aug 19 22:42:29 2014

Engine: 1.1.10802.0
Signatures: 1.179.1796.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Tue Aug 19 22:43:28 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)
Started On Fri Sep 12 03:00:57 2014

Engine: 1.1.10904.0
Signatures: 1.183.882.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Sep 12 03:02:32 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)
Started On Thu Oct 16 03:00:39 2014

Engine: 1.1.11005.0
Signatures: 1.185.2035.0

Results Summary:
----------------
No infection found.
Failed to submit clean hearbeat MAPS report: 0x80004005
Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 16 03:03:00 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Wed Feb 04 10:24:09 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Wed Feb 04 10:26:45 2015

Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.20, January 2015 (build 5.20.11000.0)
Started On Fri Feb 06 12:00:51 2015

Engine: 1.1.11302.0
Signatures: 1.191.1276.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Feb 06 12:07:18 2015

Return code: 0 (0x0)

Link to post
Share on other sites

Ok, Additional.txt was not checked. Here are the 2 new logs.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015
Ran by Bob (administrator) on DESK-HOME on 06-02-2015 15:23:17
Running from C:\Users\Bob\Desktop
Loaded Profiles: Bob (Available profiles: Bob & Amanda & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\jmesoft\Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Microsoft Corporation) C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\jmesoft\JME_LOAD.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11543656 2010-10-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-03-21] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-03-15] ()
HKLM-x32\...\Run: [updatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1492407307-451252259-150901861-1002\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [596480 2014-06-11] (NETGEAR Inc.)
HKU\S-1-5-21-1492407307-451252259-150901861-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-1492407307-451252259-150901861-1002\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-1492407307-451252259-150901861-1002\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-08-15] (Apple Inc.)
HKU\S-1-5-21-1492407307-451252259-150901861-1002\...\Run: [skyDrive] => C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-12-12] (Microsoft Corporation)
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\359A04C01.lnk
ShortcutTarget: 359A04C01.lnk -> C:\PROGRA~3\10C40A953.cpp (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\359A04C01.lnk
ShortcutTarget: 359A04C01.lnk -> c:\progra~3\10c40a953.cpp (No File)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1492407307-451252259-150901861-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HitmanPro37CrusaderBoot; "E:\HitmanPro_x64.exe" /crusader:boot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [43664 2015-02-04] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\windows\system32\drivers\npf.sys [35344 2014-10-13] (CACE Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 15:21 - 2015-02-06 15:21 - 02131968 _____ (Farbar) C:\Users\Bob\Desktop\FRST64.exe
2015-02-06 12:00 - 2015-02-06 12:00 - 37987520 _____ (Microsoft Corporation) C:\Users\Bob\Desktop\Windows-KB890830-x64-V5.20.exe
2015-02-06 11:56 - 2015-02-06 11:56 - 00001364 _____ () C:\Users\Bob\Desktop\JRT.txt
2015-02-06 11:54 - 2015-02-06 11:54 - 01388274 _____ (Thisisu) C:\Users\Bob\Desktop\JRT.exe
2015-02-06 11:45 - 2015-02-06 11:47 - 00000000 ____D () C:\AdwCleaner
2015-02-06 11:45 - 2015-02-06 11:45 - 02112512 _____ () C:\Users\Bob\Desktop\AdwCleaner.exe
2015-02-06 11:15 - 2015-02-06 15:16 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 11:15 - 2015-02-06 11:15 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-06 11:15 - 2015-02-06 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-06 11:15 - 2015-02-06 11:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-06 11:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-06 11:15 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-06 11:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-02-06 11:13 - 2015-02-06 11:13 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Bob\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-06 11:12 - 2015-02-06 11:12 - 00001934 _____ () C:\Users\Bob\Desktop\Fixlist.txt
2015-02-06 11:11 - 2015-02-06 11:11 - 00027133 _____ () C:\Users\Bob\Desktop\Addition.txt
2015-02-06 11:10 - 2015-02-06 15:23 - 00014256 _____ () C:\Users\Bob\Desktop\FRST.txt
2015-02-05 08:40 - 2015-02-06 15:23 - 00000000 ____D () C:\FRST
2015-02-05 08:40 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-05 08:40 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-05 08:40 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-02-05 08:40 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-02-04 17:51 - 2015-02-04 17:51 - 00097909 _____ () C:\ProgramData\1423090116.bdinstall.bin
2015-02-04 17:48 - 2015-02-04 17:48 - 00037822 _____ () C:\ProgramData\1423090115.bdinstall.bin
2015-02-04 16:51 - 2015-02-04 16:51 - 00043664 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2015-02-04 11:31 - 2015-02-04 11:31 - 00000000 ____D () C:\Users\Bob\AppData\Local\Microsoft_Corporation
2015-02-04 10:27 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2015-02-04 10:27 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-02-04 10:27 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-02-04 10:27 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2015-02-04 10:27 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2015-02-04 10:27 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-02-04 10:27 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2015-02-04 10:27 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-02-04 10:27 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2015-02-04 10:27 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2015-02-04 10:27 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-02-04 10:27 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-02-04 10:27 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-02-04 10:27 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-02-04 10:27 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-02-04 10:27 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-02-04 10:26 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-02-04 10:26 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2015-02-04 10:26 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2015-02-04 10:26 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2015-02-04 10:26 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2015-01-29 18:52 - 2015-01-29 18:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 16:31 - 2015-01-29 16:31 - 00000000 ___RD () C:\Users\Bob\Documents\Notes
2015-01-29 15:37 - 2015-01-29 15:37 - 277436202 _____ () C:\Users\Bob\Desktop\regbackup.reg
2015-01-29 13:18 - 2015-01-29 15:10 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe
2015-01-29 13:18 - 2015-01-29 15:10 - 00000346 _____ () C:\windows\system32\.crusader
2015-01-29 13:03 - 2015-01-29 13:19 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-26 18:20 - 2015-01-26 18:20 - 00000000 ____D () C:\MyRegBack
2015-01-25 17:43 - 2015-01-25 17:43 - 00000000 ___RD () C:\WindowsImageBackup
2015-01-22 11:07 - 2015-01-22 11:07 - 00005688 _____ () C:\Users\Amanda\Desktop\hhsapplication3.txt
2015-01-22 10:56 - 2015-01-22 10:56 - 00005688 _____ () C:\Users\Amanda\Documents\hhsapplication2.txt
2015-01-14 12:22 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 12:22 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 12:22 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 12:22 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 12:22 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 12:22 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 12:22 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 12:22 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 12:22 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 12:22 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 12:22 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 12:22 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-11 19:20 - 2015-01-22 11:59 - 00004982 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Desk-Home-Amanda Desk-Home
2015-01-11 19:20 - 2015-01-11 19:20 - 00000000 __SHD () C:\Users\Amanda\AppData\Local\EmieBrowserModeList

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-06 15:22 - 2009-07-13 23:45 - 00028336 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 15:22 - 2009-07-13 23:45 - 00028336 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 15:20 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-06 15:18 - 2011-06-10 17:26 - 01849452 _____ () C:\windows\WindowsUpdate.log
2015-02-06 15:16 - 2014-12-11 08:08 - 00004970 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Desk-Home-Bob Desk-Home
2015-02-06 15:16 - 2014-10-22 08:27 - 00000000 ___RD () C:\Users\Bob\iCloudDrive
2015-02-06 15:16 - 2014-05-11 13:38 - 00000000 ___RD () C:\Users\Bob\OneDrive
2015-02-06 15:16 - 2011-12-13 17:15 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 15:15 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-06 15:15 - 2009-07-13 23:51 - 00110511 _____ () C:\windows\setupact.log
2015-02-06 14:58 - 2013-11-27 18:13 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-06 14:57 - 2014-10-21 18:20 - 00000000 ____D () C:\Users\Bob\Documents\Home
2015-02-06 14:24 - 2011-12-13 17:15 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 11:49 - 2010-11-20 22:47 - 17245402 _____ () C:\windows\PFRO.log
2015-02-06 10:22 - 2011-12-12 20:44 - 00003922 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{AB888F0B-734D-4B6F-A1A3-B40210CF9FFA}
2015-02-06 10:19 - 2011-12-13 17:15 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-06 10:19 - 2011-12-13 17:15 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-05 13:58 - 2013-11-27 18:13 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 13:58 - 2013-11-27 18:13 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 13:58 - 2011-12-12 22:29 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-04 11:25 - 2014-04-08 15:59 - 00000000 ____D () C:\Users\Bob\AppData\Local\Windows Live
2015-02-04 11:20 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2015-02-04 10:30 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-04 10:29 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2015-02-04 10:28 - 2011-06-10 17:26 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-04 10:26 - 2013-08-15 14:25 - 00000000 ____D () C:\windows\system32\MRT
2015-02-03 17:00 - 2012-10-21 10:13 - 00774632 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-01-29 19:19 - 2011-12-15 06:41 - 00000000 ____D () C:\windows\Minidump
2015-01-29 13:51 - 2009-07-14 00:08 - 00032618 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-24 13:53 - 2012-06-05 19:26 - 00000000 ____D () C:\Users\Guest\AppData\Local\Deployment

==================== Files in the root of some directories =======

2014-11-01 14:48 - 2014-11-05 11:05 - 0007609 _____ () C:\Users\Bob\AppData\Local\Resmon.ResmonCfg
2014-11-17 16:29 - 2014-11-17 16:38 - 0050363 _____ () C:\ProgramData\1416259742.10652.bin
2014-11-17 16:29 - 2014-11-17 16:38 - 0009910 _____ () C:\ProgramData\1416259742.11024.bin
2014-11-17 16:29 - 2014-11-17 16:38 - 0009485 _____ () C:\ProgramData\1416259742.11272.bin
2014-11-17 16:29 - 2014-11-17 16:38 - 0002326 _____ () C:\ProgramData\1416259742.11792.bin
2014-11-17 16:29 - 2014-11-17 16:38 - 0013695 _____ () C:\ProgramData\1416259742.13244.bin
2014-11-17 16:29 - 2014-11-17 16:29 - 0003277 _____ () C:\ProgramData\1416259742.13276.bin
2014-11-17 16:29 - 2014-11-17 16:29 - 0000508 _____ () C:\ProgramData\1416259742.13512.bin
2014-11-17 16:38 - 2014-11-17 16:38 - 0029581 _____ () C:\ProgramData\1416259742.14188.bin
2014-11-17 16:38 - 2014-11-17 16:38 - 0034561 _____ () C:\ProgramData\1416260318.bdinstall.bin
2014-11-17 16:39 - 2014-11-17 16:39 - 0034561 _____ () C:\ProgramData\1416260341.bdinstall.bin
2014-11-17 16:39 - 2014-11-17 16:39 - 0034573 _____ () C:\ProgramData\1416260370.bdinstall.bin
2014-11-17 16:43 - 2014-11-17 16:43 - 0034574 _____ () C:\ProgramData\1416260590.bdinstall.bin
2014-11-17 16:45 - 2014-11-17 16:45 - 0034561 _____ () C:\ProgramData\1416260693.bdinstall.bin
2014-11-17 16:49 - 2014-11-17 16:49 - 0034574 _____ () C:\ProgramData\1416260974.bdinstall.bin
2014-11-17 17:03 - 2014-11-17 17:03 - 0198588 _____ () C:\ProgramData\1416261732.bdinstall.bin
2015-02-04 17:48 - 2015-02-04 17:48 - 0037822 _____ () C:\ProgramData\1423090115.bdinstall.bin
2015-02-04 17:51 - 2015-02-04 17:51 - 0097909 _____ () C:\ProgramData\1423090116.bdinstall.bin
2014-03-06 17:27 - 2014-03-06 17:45 - 0001259 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Bob\AppData\Local\Temp\HitmanPro.exe
C:\Users\Bob\AppData\Local\Temp\Runner2.exe
C:\Users\Bob\AppData\Local\Temp\Runner4.exe
C:\Users\Bob\AppData\Local\Temp\smarter.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-04 11:13

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015
Ran by Bob at 2015-02-06 15:23:46
Running from C:\Users\Bob\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9.5.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.3 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo Tinian Fn PS/2 Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.0.11.0321 - Lenovo)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1492407307-451252259-150901861-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.25 - NETGEAR Inc.)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6230 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30123 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
VitalSource Bookshelf (HKLM-x32\...\{5d66b7b8-b2f4-460f-9691-4273618e33e1}) (Version: 6.05.0020 - Ingram Content Group)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1492407307-451252259-150901861-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1492407307-451252259-150901861-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1492407307-451252259-150901861-1002_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1492407307-451252259-150901861-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1492407307-451252259-150901861-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {09AD85C5-67A4-4F5C-B41F-1D500F092AC4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {0D48A7D2-5589-41E2-8C91-B2102248E600} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-11-11] (Microsoft Corporation)
Task: {1566C923-770B-4717-8188-D44031010159} - \f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-1 No Task File <==== ATTENTION
Task: {1F88C3A2-5D6C-497B-A883-5EE616C06446} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {301C8297-2B96-4D93-888B-1DAF2F5DFB2E} - \f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-5_user No Task File <==== ATTENTION
Task: {35C3A08F-F21C-4C84-8D07-92E4615F4419} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {4419F64B-28E6-43FC-89AA-5471334588F5} - \f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-5 No Task File <==== ATTENTION
Task: {57C58F2C-E2C6-4340-9CA4-FCE8EEBF07E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18] (Google Inc.)
Task: {5C47ED55-FB65-4537-B9A6-C58F5B365205} - \f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-10_user No Task File <==== ATTENTION
Task: {6D399B81-D4FE-4813-8F3D-E82D2B63CE55} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {74848224-F0BE-4705-B413-E1674287D99E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Desk-Home-Amanda Desk-Home => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {C30F8719-0F30-4D7E-A04D-537B5A8E9887} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Desk-Home-Bob Desk-Home => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
Task: {DE846675-E6D4-40AF-859E-C9698B6CFBCA} - System32\Tasks\0814tbUpdateInfo => C:\ProgramData\Avg_Update_0814tb\0814tb_{6046115B-CA5C-46EF-8934-24BADC441B75}.exe
Task: C:\windows\Tasks\0814tbUpdateInfo.job => C:\ProgramData\Avg_Update_0814tb\0814tb_{6046115B-CA5C-46EF-8934-24BADC441B75}.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-05-10 11:55 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-06-10 17:29 - 2011-03-15 22:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-11-17 18:13 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-11-19 05:22 - 2010-11-11 23:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-06-10 17:29 - 2011-03-21 16:12 - 00020480 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2014-06-11 02:40 - 2014-06-11 02:40 - 00098816 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2014-10-11 12:06 - 2014-10-11 12:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2014-06-11 02:40 - 2014-06-11 02:40 - 00523776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2014-06-11 02:09 - 2014-06-11 02:09 - 01554944 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-06-11 02:10 - 2014-06-11 02:10 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-06-11 02:11 - 2014-06-11 02:11 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-06-11 02:59 - 2014-06-11 02:59 - 05992960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-03-23 22:33 - 2014-03-23 22:33 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-11 02:30 - 2014-06-11 02:30 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-03-23 22:33 - 2014-03-23 22:33 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2014-06-11 02:29 - 2014-06-11 02:29 - 01175552 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-06-11 02:31 - 2014-06-11 02:31 - 10063872 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-06-13 02:39 - 2014-06-13 02:39 - 01361920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-06-11 02:35 - 2014-06-11 02:35 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-06-11 02:36 - 2014-06-11 02:36 - 00885248 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-06-11 02:38 - 2014-06-11 02:38 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-04-08 03:07 - 2014-04-08 03:07 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-04-08 03:06 - 2014-04-08 03:06 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2012-11-29 04:56 - 2012-11-29 04:56 - 03332720 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-03-23 22:31 - 2014-03-23 22:31 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-03-23 22:31 - 2014-03-23 22:31 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-03-23 22:31 - 2014-03-23 22:31 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2014-06-11 02:36 - 2014-06-11 02:36 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-06-11 02:38 - 2014-06-11 02:38 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-03-23 23:08 - 2014-03-23 23:08 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-03-23 22:31 - 2014-03-23 22:31 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-12-12 11:31 - 2014-12-12 11:31 - 00081056 _____ () C:\Users\Bob\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.dll
2011-06-10 17:29 - 2007-12-31 12:27 - 00007168 _____ () C:\Windows\jmesoft\VistaVolume.dll
2011-06-10 17:29 - 2009-07-16 11:20 - 00032768 _____ () C:\Windows\jmesoft\Keyhook.dll
2014-11-17 18:13 - 2014-11-17 18:13 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-17 18:12 - 2014-11-17 18:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1492407307-451252259-150901861-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Bob\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-1492407307-451252259-150901861-500 - Administrator - Disabled)
Amanda (S-1-5-21-1492407307-451252259-150901861-1004 - Limited - Enabled) => C:\Users\Amanda
Bob (S-1-5-21-1492407307-451252259-150901861-1002 - Administrator - Enabled) => C:\Users\Bob
Guest (S-1-5-21-1492407307-451252259-150901861-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1492407307-451252259-150901861-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2015 03:17:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 03:16:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 2.0.0.10.in-addr.arpa. PTR Desk-Home.local.

Error: (02/06/2015 03:16:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.2:5353   19 2.0.0.10.in-addr.arpa. PTR Desk-Home-2.local.

Error: (02/06/2015 02:42:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 02:40:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 2.0.0.10.in-addr.arpa. PTR Desk-Home.local.

Error: (02/06/2015 02:40:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.2:5353   19 2.0.0.10.in-addr.arpa. PTR Desk-Home-2.local.

Error: (02/06/2015 02:20:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).

Error: (02/06/2015 00:53:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iTunes.exe, version: 12.0.1.26, time stamp: 0x543e558b
Faulting module name: iTunes.dll, version: 12.0.1.26, time stamp: 0x543e5578
Exception code: 0xc0000005
Fault offset: 0x005f9fe2
Faulting process id: 0x210
Faulting application start time: 0xiTunes.exe0
Faulting application path: iTunes.exe1
Faulting module path: iTunes.exe2
Report Id: iTunes.exe3

System errors:
=============
Error: (02/06/2015 03:16:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/06/2015 03:15:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:
%%2

Error: (02/06/2015 02:41:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/06/2015 02:40:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service failed to start due to the following error:
%%2

Error: (02/06/2015 02:06:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================
Error: (02/06/2015 03:17:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 03:16:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 2.0.0.10.in-addr.arpa. PTR Desk-Home.local.

Error: (02/06/2015 03:16:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.2:5353   19 2.0.0.10.in-addr.arpa. PTR Desk-Home-2.local.

Error: (02/06/2015 02:42:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/06/2015 02:40:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   17 2.0.0.10.in-addr.arpa. PTR Desk-Home.local.

Error: (02/06/2015 02:40:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.2:5353   19 2.0.0.10.in-addr.arpa. PTR Desk-Home-2.local.

Error: (02/06/2015 02:20:27 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

Error: (02/06/2015 00:53:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iTunes.exe12.0.1.26543e558biTunes.dll12.0.1.26543e5578c0000005005f9fe221001d042322bc96c92C:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\iTunes\iTunes.dll0072abea-ae29-11e4-b398-1078d2fc946b

==================== Memory info ===========================

Processor: Intel® Core i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 25%
Total physical RAM: 8040.43 MB
Available physical RAM: 6027.2 MB
Total Pagefile: 16079.04 MB
Available Pagefile: 13933.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:906.34 GB) (Free:624.38 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:298.01 GB) (Free:185.43 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: F0472ABF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=906.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 298.1 GB) (Disk ID: 41FFC810)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)
Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Post those logs, also give an update on any remaining issues or concerns...

 

Thank you,

 

Kevin...
 

Fixlist.txt

Link to post
Share on other sites

Okay, no run dll message on startup. Seems to have forgotten all my passwords but small price to pay I guess. Please advise as to cause. Once again, thank you. You are quite masterful in your are of expertise.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-02-2015
Ran by Bob at 2015-02-06 17:00:48 Run:1
Running from C:\Users\Bob\Desktop
Loaded Profiles: Bob (Available profiles: Bob & Amanda & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
Startup: C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\359A04C01.lnk
ShortcutTarget: 359A04C01.lnk -> C:\PROGRA~3\10C40A953.cpp (No File)
C:\PROGRA~3\10C40A953.cpp
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
C:\ProgramData\Best Buy pc app
C:\Program Files\Best Buy pc app
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\359A04C01.lnk
ShortcutTarget: 359A04C01.lnk -> c:\progra~3\10c40a953.cpp (No File)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll No File
S2 HitmanPro37CrusaderBoot; "E:\HitmanPro_x64.exe" /crusader:boot [X]
C:\Users\Bob\AppData\Local\Temp\HitmanPro.exe
C:\Users\Bob\AppData\Local\Temp\Runner2.exe
C:\Users\Bob\AppData\Local\Temp\Runner4.exe
C:\Users\Bob\AppData\Local\Temp\smarter.exe
Task: {1566C923-770B-4717-8188-D44031010159} - \f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-1 No Task File <==== ATTENTION
Task: {301C8297-2B96-4D93-888B-1DAF2F5DFB2E} - \f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-5_user No Task File <==== ATTENTION
Task: {4419F64B-28E6-43FC-89AA-5471334588F5} - \f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-5 No Task File <==== ATTENTION
Task: {5C47ED55-FB65-4537-B9A6-C58F5B365205} - \f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-10_user No Task File <==== ATTENTION
Emptytemp:
end

 

*****************

C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\359A04C01.lnk => Moved successfully.
C:\PROGRA~3\10C40A953.cpp not found.
"C:\PROGRA~3\10C40A953.cpp" => File/Directory not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
"C:\ProgramData\Best Buy pc app" => File/Directory not found.
"C:\Program Files\Best Buy pc app" => File/Directory not found.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\359A04C01.lnk => Moved successfully.
c:\progra~3\10c40a953.cpp not found.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => Moved successfully.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe not found.
"HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0" => Key deleted successfully.
HitmanPro37CrusaderBoot => Service deleted successfully.
C:\Users\Bob\AppData\Local\Temp\HitmanPro.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\Runner2.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\Runner4.exe => Moved successfully.
C:\Users\Bob\AppData\Local\Temp\smarter.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1566C923-770B-4717-8188-D44031010159}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1566C923-770B-4717-8188-D44031010159}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{301C8297-2B96-4D93-888B-1DAF2F5DFB2E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{301C8297-2B96-4D93-888B-1DAF2F5DFB2E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4419F64B-28E6-43FC-89AA-5471334588F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4419F64B-28E6-43FC-89AA-5471334588F5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C47ED55-FB65-4537-B9A6-C58F5B365205}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C47ED55-FB65-4537-B9A6-C58F5B365205}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\f7f722b0-cfe5-4e17-8ca9-832e444d4e6b-10_user" => Key deleted successfully.
EmptyTemp: => Removed 5.3 GB temporary data.

The system needed a reboot.

==== End of Fixlog 17:03:20 ====

 

 Results of screen317's Security Check version 0.99.96 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Looks like you were hit with a potential browser hijacker or trojan, possibly came in bundled with software you may have installed, or maybe email scam. Obviously this hijacker had been caught and a remnant link shortcut cause problems trying to load the malicious file that had be removed earlier. Probably caught by your security?

 

Security Checks is flagging java and adobe reader as outdated, lets check those first...

 

Adobe Reader is outdated...

Visit http://get.adobe.com/uk/reader/otherversions/ and download the latest version of Acrobat Reader

 

Step 1 - Select your Operating System.

Step 2 - Select your Langauge.

Step 3 - Select latest version.

 

Untick the option for any security scanner or toolbar if offered.

 

Download and install.

 

Having the latest updates ensures there are no security vulnerabilities in your system.

 

Next,

 

Your Java javaicon.gif is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version of Java components and upgrade the application.

 

Upgrading Java:

 

Go to http://java.com/en/ and click on "Do I have Java"

It will check your current version and then offer to update to the latest version

Watch for and make sure you untick the box next to whatever free program they prompt you to install during the installation, unless you want it.

 

***Note: Check in Programs and Features (or Add/Remove Programs if you are an XP user) to make certain there are no old versions of Java still installed, if so - remove them. <<-- Very Important

 

Next,

 

If no remaining issues or concerns run the following to clean up:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Any remnant files/logs from tools we have used can be deleted...

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out...

 

Thank you,

 

Kevin...

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.