Jump to content

Malware just won't go away. Tried the usual


bradnts

Recommended Posts

Ok so I usually run the typical Rkill, JRT, TDSSkiller, adwcleaner and MBAM and that solves 95% of issues.  This won't go away, here is a log from roguekiller

 

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Russ [Administrator]
Mode : Scan -- Date : 02/09/2015  19:29:11
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 17 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\A2DDA (\??\C:\Users\Russ\Desktop\EEK\Run\a2ddax86.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\Russ\AppData\Local\Temp\catchme.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\A2DDA (\??\C:\Users\Russ\Desktop\EEK\Run\a2ddax86.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\Russ\AppData\Local\Temp\catchme.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\A2DDA (\??\C:\Users\Russ\Desktop\EEK\Run\a2ddax86.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\Russ\AppData\Local\Temp\catchme.sys) -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-21-3939348730-1059948344-1189981323-1001\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-3939348730-1059948344-1189981323-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3939348730-1059948344-1189981323-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-3939348730-1059948344-1189981323-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[ZeroAccess][File] u -- C:\$RECYCLE.BIN\S-1-5-21-3939348730-1059948344-1189981323-1001\$RN9UX7P\u -> Found
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721616PLA380 ATA Device +++++
--- User ---
[MBR] 12fd2c832c66a1deeda278d007a18235
[bSP] c5b622da10310a0f3a0dd7359cc0296a : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: TEAC USB   HS-CF Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive2: TEAC USB   HS-xD/SM USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive3: TEAC USB   HS-MS Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive4: TEAC USB   HS-SD Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
+++++ PhysicalDrive5: HP Officejet Pro 86 USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
Link to post
Share on other sites

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Russ (administrator) on RUSS-PC on 09-02-2015 19:40:24
Running from C:\Users\Russ\Desktop
Loaded Profiles: Russ (Available profiles: Russ)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Users\Russ\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue_srv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(LogMeIn, Inc.) C:\Users\Russ\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\lmi_rescue.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(X1 Technologies, Inc.) C:\Program Files\X1\X1FileMonitor.exe
(Dropbox, Inc.) C:\Users\Russ\AppData\Roaming\Dropbox\bin\Dropbox.exe
(X1 Technologies, Inc.) C:\Program Files\X1\X1Systray.exe
(X1 Technologies, Inc.) C:\Program Files\X1\X1.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(X1 Technologies, Inc.) C:\Program Files\X1\X1Service.exe
(LogMeIn, Inc.) C:\Users\Russ\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue_srv.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
() C:\Users\Russ\Desktop\RogueKiller.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [495616 2014-05-12] (Greenshot)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3939348730-1059948344-1189981323-1001\...\Run: [X1FileMonitor.exe] => C:\Program Files\X1\X1FileMonitor.exe [400024 2012-06-06] (X1 Technologies, Inc.)
HKU\S-1-5-21-3939348730-1059948344-1189981323-1001\...\Run: [Google Update] => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-05] (Google Inc.)
HKU\S-1-5-21-3939348730-1059948344-1189981323-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3939348730-1059948344-1189981323-1001\...\Winlogon: [shell] C:\Windows\explorer.exe [2616320 2011-02-24] (Microsoft Corporation) <==== ATTENTION 
Startup: C:\Users\Russ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Russ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Russ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X1 System Tray.lnk
ShortcutTarget: X1 System Tray.lnk -> C:\Program Files\X1\X1Systray.exe (X1 Technologies, Inc.)
Startup: C:\Users\Russ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\X1.lnk
ShortcutTarget: X1.lnk -> C:\Program Files\X1\X1.exe (X1 Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3939348730-1059948344-1189981323-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3939348730-1059948344-1189981323-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-3939348730-1059948344-1189981323-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
SearchScopes: HKLM -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001 -> {A25AC313-DD19-4238-ACA2-401D6BEE4321} URL = 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3939348730-1059948344-1189981323-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Russ\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3939348730-1059948344-1189981323-1001: @talk.google.com/O1DPlugin -> C:\Users\Russ\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3939348730-1059948344-1189981323-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3939348730-1059948344-1189981323-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Russ\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Russ\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
 
Chrome: 
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.nytimes.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-20]
CHR Extension: (Google Drive) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-20]
CHR Extension: (Google Search) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-20]
CHR Extension: (Google Wallet) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]
CHR Extension: (Gmail) - C:\Users\Russ\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-20]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 LMIRescue_ddf9001b-ff4a-43c1-8e48-01e853378c73; C:\Users\Russ\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue_srv.exe [3088688 2015-02-09] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-02] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [29000 2012-12-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
R1 MpKsl4641bb61; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{97F3D421-7DDE-4C42-94D1-EB2A3B581A07}\MpKsl4641bb61.sys [39464 2015-02-09] (Microsoft Corporation)
R3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
R3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-09] ()
S1 A2DDA; \??\C:\Users\Russ\Desktop\EEK\Run\a2ddax86.sys [X]
S3 catchme; \??\C:\Users\Russ\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-09 19:40 - 2015-02-09 19:40 - 00013242 _____ () C:\Users\Russ\Desktop\FRST.txt
2015-02-09 19:40 - 2015-02-09 19:40 - 00000000 ____D () C:\FRST
2015-02-09 19:39 - 2015-02-09 19:39 - 01124352 _____ (Farbar) C:\Users\Russ\Desktop\FRST.exe
2015-02-09 19:20 - 2015-02-09 19:20 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-09 19:20 - 2015-02-09 19:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-09 19:12 - 2015-02-09 19:15 - 15431256 _____ () C:\Users\Russ\Desktop\RogueKiller.exe
2015-02-09 19:03 - 2015-02-09 19:04 - 37046976 _____ (Microsoft Corporation) C:\Users\Russ\Desktop\Windows-KB890830-V5.20.exe
2015-02-09 17:46 - 2015-02-09 17:46 - 00001499 _____ () C:\Users\Russ\Desktop\JRT.txt
2015-02-09 17:40 - 2015-02-09 19:05 - 00002332 _____ () C:\Users\Russ\Desktop\Rkill.txt
2015-02-09 17:39 - 2015-02-09 17:39 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Russ\Desktop\tdsskiller.exe
2015-02-09 17:37 - 2015-02-09 17:37 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Russ\Downloads\iExplore (1).exe
2015-02-09 17:37 - 2015-02-09 17:37 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Russ\Desktop\iExplore.exe
2015-02-09 17:36 - 2015-02-09 17:36 - 01388274 _____ (Thisisu) C:\Users\Russ\Desktop\JRT.exe
2015-02-09 11:22 - 2015-02-09 11:22 - 00002756 _____ () C:\Users\Russ\Desktop\Barking-How 2Mke Friends Easily And Strengthen The Friendships You Have (2).url
2015-02-08 23:55 - 2015-02-08 23:55 - 00000000 ____D () C:\ProgramData\webzoom
2015-02-08 15:20 - 2015-02-08 15:20 - 00012281 ____H () C:\Users\Russ\Desktop\~WRL2942.tmp
2015-02-02 01:46 - 2015-02-02 01:46 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\Mozilla
2015-02-01 19:27 - 2015-02-01 19:27 - 00000987 _____ () C:\Users\Russ\Desktop\Newark element14 US.url
2015-02-01 01:19 - 2015-02-09 17:21 - 00000000 ____D () C:\Users\Russ\Desktop\Particular Artists
2015-02-01 01:12 - 2015-02-01 01:23 - 00000000 ____D () C:\Users\Russ\Desktop\Dating Sites
2015-02-01 01:01 - 2015-02-01 01:02 - 00000000 ____D () C:\Users\Russ\Desktop\Corrugated Boxes
2015-02-01 00:56 - 2015-02-01 01:02 - 00000000 ____D () C:\Users\Russ\Desktop\America's Got Talent
2015-02-01 00:54 - 2015-02-01 01:04 - 00000000 ____D () C:\Users\Russ\Desktop\Clear Plastic Art Bags
2015-01-21 10:51 - 2015-01-21 10:51 - 00002553 _____ () C:\Users\Russ\Desktop\Real Fake News - The New Yorker.url
2015-01-14 16:01 - 2015-01-14 16:01 - 00001180 _____ () C:\Users\Russ\Desktop\Amazon.com Pratt PRA0145 Recycled Corrugated Cardboard Single Wall Standard Side Load Box with C Flute, 30 Length x 5 Width x 24 Height, (Pack of 10) Industrial & Scientific.url
2015-01-13 13:54 - 2014-12-18 18:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 13:54 - 2014-12-18 17:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 13:54 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-13 13:54 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 13:54 - 2014-12-11 09:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 13:54 - 2014-12-05 19:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-12 10:19 - 2015-01-12 10:19 - 00001765 _____ () C:\Users\Russ\Desktop\To Fall in Love With Anyone, Do This - NYTimes.com.url
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-09 19:40 - 2012-04-04 13:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-09 19:08 - 2009-07-13 20:34 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 19:08 - 2009-07-13 20:34 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-09 19:06 - 2011-11-18 14:00 - 01535543 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 18:59 - 2014-04-18 14:53 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 18:59 - 2013-02-25 08:50 - 00000000 ___RD () C:\Users\Russ\Dropbox
2015-02-09 18:59 - 2013-02-25 08:45 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\Dropbox
2015-02-09 18:59 - 2011-11-18 17:12 - 00000000 ____D () C:\Users\Russ\AppData\Local\X1 Desktop Search
2015-02-09 18:57 - 2013-09-21 19:03 - 00139352 _____ () C:\Windows\PFRO.log
2015-02-09 18:57 - 2013-09-21 19:03 - 00031631 _____ () C:\Windows\setupact.log
2015-02-09 18:57 - 2013-09-20 16:15 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 18:57 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 18:56 - 2012-06-04 14:25 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-02-09 18:52 - 2013-12-07 14:54 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3939348730-1059948344-1189981323-1001UA.job
2015-02-09 18:48 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\TAPI
2015-02-09 18:45 - 2013-09-20 16:15 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 17:16 - 2012-06-06 15:58 - 00000000 ____D () C:\Users\Russ\AppData\Local\LogMeIn Rescue Applet
2015-02-09 13:52 - 2013-12-07 14:54 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3939348730-1059948344-1189981323-1001Core.job
2015-02-09 11:08 - 2012-06-04 14:50 - 00000000 ____D () C:\Users\Russ\AppData\Roaming\.oit
2015-02-05 09:03 - 2012-04-04 13:59 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 09:03 - 2011-11-18 14:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-01 01:30 - 2014-09-13 23:08 - 00000000 ____D () C:\Users\Russ\Desktop\CSUEB stuff
2015-02-01 01:29 - 2014-07-13 12:11 - 00000000 ____D () C:\Users\Russ\Desktop\PHYSICIANS
2015-02-01 01:25 - 2014-06-11 16:10 - 00000000 ____D () C:\Users\Russ\Desktop\NUTRITION & EXERCISE
2015-02-01 01:23 - 2013-10-27 11:41 - 00000000 ____D () C:\Users\Russ\Desktop\Singles Orgs (online contacts)_files
2015-02-01 01:14 - 2014-06-18 20:27 - 00000000 ____D () C:\Users\Russ\Desktop\TO DO lists
2015-02-01 01:11 - 2012-09-25 17:12 - 00000000 ____D () C:\Users\Russ\Desktop\MY ART PHOTOS
2015-02-01 01:00 - 2014-12-07 12:47 - 00000000 ____D () C:\Users\Russ\Desktop\Food
2015-01-23 14:30 - 2014-07-18 13:51 - 00000000 ____D () C:\Users\Russ\AppData\Local\Greenshot
2015-01-21 21:54 - 2014-07-30 12:36 - 00000241 _____ () C:\Users\Russ\Desktop\Google Advanced Search.url
2015-01-14 03:09 - 2013-08-14 02:13 - 00000000 ____D () C:\Windows\system32\MRT
 
==================== Files in the root of some directories =======
 
2012-12-06 00:19 - 2012-12-07 17:01 - 0000000 _____ () C:\Users\Russ\AppData\Roaming\skype.ini
2012-02-25 18:10 - 2013-12-15 16:32 - 0005632 _____ () C:\Users\Russ\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-02 13:33 - 2012-07-02 13:33 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-06-06 16:11 - 2012-06-11 14:32 - 0015967 _____ () C:\ProgramData\hpzinstall.log
2012-04-15 18:26 - 2014-04-04 17:25 - 0001033 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Files to move or delete:
====================
C:\Users\Russ\AppData\Roaming\skype.ini
 
 
Some content of TEMP:
====================
C:\Users\Russ\AppData\Local\temp\cjcabfcccch.exe
C:\Users\Russ\AppData\Local\temp\dllnt_dump.dll
C:\Users\Russ\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpilefs2.dll
C:\Users\Russ\AppData\Local\temp\optprosetup.exe
C:\Users\Russ\AppData\Local\temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Russ\AppData\Local\temp\vcredist_x86.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 01:38
 
==================== End Of Log ============================
Link to post
Share on other sites

addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2015
Ran by Russ at 2015-02-09 19:41:10
Running from C:\Users\Russ\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ART AND ANTIQUE ORGANIZER DELUXE (S) (HKLM\...\{714A64F4-611A-40E7-8284-7EEFCFAB6F01}) (Version: 3.7 - PRIMASOFT PC, INC.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform)
Dropbox (HKU\S-1-5-21-3939348730-1059948344-1189981323-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Talk Plugin (HKLM\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Google+ Auto Backup (HKU\S-1-5-21-3939348730-1059948344-1189981323-1001\...\Google+ Auto Backup) (Version: 1.0.26.151 - Google, Inc.)
Greenshot 1.1.9.13 (HKLM\...\Greenshot_is1) (Version: 1.1.9.13 - Greenshot)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM\...\{9E5A03E3-6246-4920-9630-0527D5DA9B07}) (Version: 009.000.0002 - Vantage Linguistics)
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-3939348730-1059948344-1189981323-1001\...\Spotify) (Version: 0.8.5.1333.g822e0de8 - Spotify AB)
System Requirements Lab for Intel (HKLM\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
TurboTax 2009 (HKLM\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Village Tracker for Art  (HKLM\...\Village Tracker for Art) (Version:  - Data Village)
X1 Professional Client (HKLM\...\{1363E82C-BB77-4BF4-A1FB-B38B84F83F8A}) (Version: 6.7 - X1 Technologies, Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Russ\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{062D6B05-B83A-46DE-81AD-1750FB7C8DE5}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{92B0265C-B929-4D42-BA54-75AA39C99198}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}\InprocServer32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}\localserver32 -> "C:\Users\Russ\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe" No File
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3939348730-1059948344-1189981323-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Russ\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
17-01-2015 16:50:02 Windows Update
20-01-2015 19:30:18 Windows Update
24-01-2015 14:54:30 Windows Update
27-01-2015 21:44:32 Windows Update
31-01-2015 22:55:34 Windows Update
04-02-2015 12:06:17 Windows Update
07-02-2015 17:38:33 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:04 - 2012-06-04 14:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05E5DCCE-5FC3-404E-9EB5-76668790D06F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3939348730-1059948344-1189981323-1001UA => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-05] (Google Inc.)
Task: {11092FEB-D132-42C7-894A-F1C85ADC7543} - System32\Tasks\hpUrlLauncher.exe_{435D7B85-34F8-482C-A826-7FBC479093DD} => C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUrlLauncher.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {1517ACCD-254B-4B5C-A09D-A6E8498508F5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-20] (Google Inc.)
Task: {16C8F603-92D0-4B04-B52E-3FAF23A9D1EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-20] (Google Inc.)
Task: {46787E18-D0B8-420B-B7E1-47ACE05DE930} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {57421344-A2E6-4046-BB77-4EF2E89AECEE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {873207E9-563D-4020-A83A-5A116DE95B8A} - \Tempo Runner cozahost No Task File <==== ATTENTION
Task: {90D7BA76-64EC-43EB-ADD5-4C9782C8B0A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {D4B7772B-B9A5-4172-A146-6FD861E2BEE1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3939348730-1059948344-1189981323-1001Core => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-05] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3939348730-1059948344-1189981323-1001Core.job => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3939348730-1059948344-1189981323-1001UA.job => C:\Users\Russ\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00750080 _____ () C:\Users\Russ\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-02-09 18:59 - 2015-02-09 18:59 - 00043008 _____ () c:\users\russ\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpilefs2.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00047616 _____ () C:\Users\Russ\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00863744 _____ () C:\Users\Russ\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00200704 _____ () C:\Users\Russ\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-09-07 13:52 - 2013-09-07 13:52 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2013-09-07 13:52 - 2013-09-07 13:52 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2015-02-09 19:12 - 2015-02-09 19:15 - 15431256 _____ () C:\Users\Russ\Desktop\RogueKiller.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Russ\Documents\2007-09-01 00.00.00-148.jpg:com.dropbox.attributes
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_ddf9001b-ff4a-43c1-8e48-01e853378c73 => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Registry Areas =====================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3939348730-1059948344-1189981323-1001\Control Panel\Desktop\\Wallpaper -> 
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: MobileDocuments => C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3939348730-1059948344-1189981323-500 - Administrator - Disabled)
Guest (S-1-5-21-3939348730-1059948344-1189981323-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3939348730-1059948344-1189981323-1002 - Limited - Enabled)
Russ (S-1-5-21-3939348730-1059948344-1189981323-1001 - Administrator - Enabled) => C:\Users\Russ
 
==================== Faulty Device Manager Devices =============
 
Name: E:\
Description: USB   HS-CF Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC    
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: A2 Direct Disk Access Support Driver
Description: A2 Direct Disk Access Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: A2DDA
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: G:\
Description: USB   HS-MS Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC    
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: H:\
Description: USB   HS-SD Card
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC    
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: F:\
Description: USB   HS-xD/SM  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: TEAC    
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
Name: I:\
Description: Officejet Pro 86
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: HP      
Service: WUDFRd
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (02/09/2015 06:59:25 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (02/09/2015 06:48:39 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:47:19 PM on ‎2/‎9/‎2015 was unexpected.
 
Error: (02/09/2015 05:52:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cozaghost service failed to start due to the following error: 
%%1053
 
Error: (02/09/2015 05:52:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the cozaghost service to connect.
 
Error: (02/09/2015 05:51:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:50:28 PM on ‎2/‎9/‎2015 was unexpected.
 
 
Microsoft Office Sessions:
=========================
Error: (08/25/2014 11:08:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 122970 seconds with 5340 seconds of active time.  This session ended with a crash.
 
Error: (08/15/2014 01:45:43 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 83038 seconds with 1500 seconds of active time.  This session ended with a crash.
 
Error: (03/09/2014 08:45:15 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 60 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (03/09/2014 08:41:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 551 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (01/25/2014 10:42:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35055 seconds with 1500 seconds of active time.  This session ended with a crash.
 
Error: (01/14/2014 03:26:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 119096 seconds with 4140 seconds of active time.  This session ended with a crash.
 
Error: (08/12/2013 08:05:30 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 133357 seconds with 1380 seconds of active time.  This session ended with a crash.
 
Error: (07/30/2013 09:34:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 295132 seconds with 8640 seconds of active time.  This session ended with a crash.
 
Error: (05/20/2013 00:57:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16686 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (05/18/2013 11:20:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 129 seconds with 60 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2012-06-04 15:39:16.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 15:28:34.810
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 15:18:35.330
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 15:15:18.564
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 15:04:32.795
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 11:06:39.688
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 10:55:10.484
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 10:25:15.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 09:55:15.157
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2012-06-04 09:25:16.354
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz
Percentage of memory in use: 62%
Total physical RAM: 3317.18 MB
Available physical RAM: 1227.62 MB
Total Pagefile: 6632.64 MB
Available Pagefile: 4989.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888.71 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.95 GB) (Free:16.33 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================
Link to post
Share on other sites

Hello and :welcome:

I'm Radek and I'll try to help you with your issue.

Before we start please note the following:

  • Analysis and research take some time, also sometimes real life gets in the way, please be patient.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Paste the logs in your posts, attachments make my work harder and more complicated.
  • Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

warning.gif Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.


Ok so I usually run the typical Rkill, JRT, TDSSkiller, adwcleaner and MBAM and that solves 95% of issues.

That's very unwise, because you don't know what these tools do, what they don't and what damage they can do.

What is the issue?

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.