kenelsner Posted January 25, 2016 ID:1014568 Share Posted January 25, 2016 My email account was hacked and an "invoice" from my lawfirm was sent to every one of my contacts. It had my email signature also. It shows up in my gmail outbox Malawarebytes has cannot find a virus but Malawarebytes is now blocking an outgoing IP 95.128.182.121 every minute or so Any suggestions on what is happening? What to do? ThanksKen Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 25, 2016 ID:1014574 Share Posted January 25, 2016 Hello, Please follow this topic and attach required reports https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/ Link to post Share on other sites More sharing options...
kenelsner Posted January 25, 2016 Author ID:1014583 Share Posted January 25, 2016 Thank you. See below ==================== Accounts: ============================= Administrator (S-1-5-21-1993962763-1965331169-682003330-500 - Administrator - Enabled)ASPNET (S-1-5-21-1993962763-1965331169-682003330-1005 - Limited - Enabled)Guest (S-1-5-21-1993962763-1965331169-682003330-501 - Limited - Disabled)HelpAssistant (S-1-5-21-1993962763-1965331169-682003330-1000 - Limited - Disabled)Ken (S-1-5-21-1993962763-1965331169-682003330-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\KenSUPPORT_388945a0 (S-1-5-21-1993962763-1965331169-682003330-1002 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2004 Lacerte Tax (HKLM\...\2004 Lacerte Tax) (Version: - )2004 Lacerte Tax Planner (HKLM\...\2004 Lacerte Tax Planner) (Version: - )2005 Lacerte Tax (HKLM\...\2005 Lacerte Tax) (Version: - )2006 Lacerte Tax (HKLM\...\2006 Lacerte Tax) (Version: - )2008 Lacerte Tax (HKLM\...\2008 Lacerte Tax) (Version: - Intuit Inc.)2009 Lacerte Tax (HKLM\...\2009 Lacerte Tax) (Version: - Intuit Inc.)2010 Lacerte Tax (HKLM\...\2010 Lacerte Tax) (Version: - Intuit Inc.)2011 Lacerte Tax (HKLM\...\2011 Lacerte Tax) (Version: - Intuit Inc.)2012 Lacerte Tax (HKLM\...\2012 Lacerte Tax) (Version: - Intuit Inc.)2013 Lacerte Tax (HKLM\...\2013 Lacerte Tax) (Version: - Intuit Inc.)Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.9.1.0 - Ask.com) <==== ATTENTIONBejeweled Blitz (HKLM\...\Bejeweled Blitz) (Version: - PopCap Games)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)Brother MFL-Pro Suite (HKLM\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.)Bulk Image Downloader v4.37.0.0 (HKLM\...\Bulk Image Downloader_is1) (Version: - Antibody Software)CAM UnZip 4.5 (HKLM\...\CUZ4_is1) (Version: - CAM Development)Carbonite (HKLM\...\Carbonite Backup) (Version: 5.7.7 build 5155 (Jul-14-2015) - Carbonite)Cisco Systems VPN Client 5.0.07.0410 (HKLM\...\{1CE60928-8325-49A8-8B06-633E48DD2B67}) (Version: 5.0.7 - Cisco Systems, Inc.)Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)CrossLoop 2.82 (HKLM\...\CrossLoop_is1) (Version: 2.82 - CrossLoop, Inc.)Dashlane (HKU\S-1-5-21-1993962763-1965331169-682003330-1003\...\Dashlane) (Version: 4.0.1.98943 - Dashlane SAS)Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)deskPDF Studio X (HKLM\...\deskPDF Studio_is1) (Version: - Docudesk)Document eSort Components (HKLM\...\{2D1CC783-A217-4A21-8BD9-09FDE885EF8A}) (Version: 2.4.3.1022 - Intuit Inc.)Dropbox (HKU\S-1-5-21-1993962763-1965331169-682003330-1003\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)Evernote v. 4.5.2 (HKLM\...\{8CE152BA-1D16-11E1-867D-984BE15F174E}) (Version: 4.5.2.5904 - Evernote Corp.)FLV Player (HKLM\...\FLV Player2.0.25) (Version: 2.0.25 - Martijn de Visser Software)Free File Viewer 2011 (HKLM\...\FreeFileViewer_is1) (Version: - Bitberry Software) <==== ATTENTIONFree RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 4.10 - Philipp Winterberg)Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.36.9.WIN.FullTilt.COM - )Gadwin PrintScreen Professional (HKLM\...\Gadwin PrintScreen Professional) (Version: 4.8 - Gadwin Systems, Inc.)Google Chrome (HKLM\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)Google Chrome Frame (HKLM\...\Google Chrome Frame) (Version: 32.0.1700.107 - Google Inc.)Google Toolbar for Firefox (HKLM\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20101113 - Google Inc.)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.29.1 - Google Inc.) HiddenGoToMyPC (HKLM\...\{2C0E6DC2-DF88-40EA-9D37-D2BCFF5632D2}) (Version: 8.4.1704 - Citrix Systems, Inc.)iCare Data Recovery 4.6.4 (HKLM\...\iCare Data Recovery_is1) (Version: - iCare Software)Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )Intuit Runtime Components 6.0.16 (HKLM\...\{6A3CAA8E-6DDB-4AA7-A411-9982FF9180FE}) (Version: 6.0.16 - Intuit Inc.)IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)Kingsoft Presentation (8.1.0.3030) (HKLM\...\Kingsoft Presentation) (Version: 8.1.0.3030 - Kingsoft Corp.)Lacerte Runtime Components (HKLM\...\{7FEE267E-003F-43B0-95D2-534D4213D4BA}) (Version: 6.0.10 - Intuit Inc.)Lenware XM Radio Player Desktop (HKLM\...\{EDA228B6-2CB0-4E87-B970-2E67BBACF0E1}) (Version: 1.0.3508 - Lenware)Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.266.3 - McAfee, Inc.)M-Files 9.0.3372.75 (HKLM\...\{9DE194E8-085D-4AA2-A4A3-23C01ABE48A9}) (Version: 9.0.3372.75 - M-Files Corporation)Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft Filter Pack 1.0 (HKLM\...\{95120000-2000-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1104 - Microsoft Corporation)Microsoft Money 2007 (HKLM\...\Money2007b) (Version: 16 - Microsoft)Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)Microsoft Office Live Meeting 2007 (HKLM\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Outlook 2010 (HKLM\...\Office14.OUTLOOKR) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server Desktop Engine (LACERTEDB) (HKLM\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)NeoDownloader Lite 2.8.1 (HKLM\...\{3CB3508A-5388-42FF-BDA6-43271D2C7F0A}_is1) (Version: - Neowise Software)PC Inspector File Recovery (HKLM\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )PDFTOEXCEL (HKLM\...\{ECCE5126-9A87-48CC-A2FA-A3D8483AE86B}_is1) (Version: - Blue Label Soft)PDF-XChange 2012 (HKLM\...\{504022CD-6A58-42D5-ACC9-966F695AAD93}_is1) (Version: 5.0.264.0 - Tracker Software Products Ltd)QuickBooks (Version: 21.0.4014.904 - Intuit Inc.) HiddenQuickBooks Pro 2011 (HKLM\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)RealDownloader (Version: 1.3.4 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks)REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.16.0000 - Realtek)Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5532 - Realtek Semiconductor Corp.)Sage Download Manager (HKU\S-1-5-21-1993962763-1965331169-682003330-1003\...\2f8d25aeed0b3ae4) (Version: 1.0.0.9 - Sage)Sage Timeslips 2011 (HKLM\...\{1E02748D-4CFB-437A-805E-7F66E9A56FDA}) (Version: 19.0.0.0 - Sage)Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.103 - Skype Technologies S.A.)Spotify (HKU\S-1-5-21-1993962763-1965331169-682003330-1003\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)Stamps.com (HKLM\...\Stamps.com) (Version: - Stamps.com, Inc.)Stamps.com (Version: 9.6.1.2323 - Stamps.com, Inc.) HiddenTeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)Time Zone Data Update Tool for Microsoft Office Outlook (HKLM\...\{95120000-0038-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1093 - Microsoft Corporation)VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: - Elaborate Bytes)VirtualLab Client 6.0.14 (HKLM\...\VirtualLab 7 Client_is1) (Version: - BinaryBiz)Web Sudoku Deluxe 1.2.2 (HKLM\...\Web Sudoku Deluxe_is1) (Version: 1.2.2 - Web Sudoku)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWinASO Registry Optimizer 4.7.6 (HKLM\...\WinASO Registry Optimizer_is1) (Version: - X.M.Y International LLC)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Ken\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Documents and Settings\Ken\Local Settings\Application Data\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{2860AAC8-9D91-420F-9EE3-9FFB970729EE}\InprocServer32 -> C:\Credenza\Outlook Client\adxloader.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Documents and Settings\Ken\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Documents and Settings\Ken\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Documents and Settings\Ken\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Documents and Settings\Ken\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Documents and Settings\Ken\Local Settings\Application Data\Dropbox\Update\1.3.27.33\DropboxUpdateOnDemand.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Documents and Settings\Ken\Local Settings\Application Data\Dropbox\Update\1.3.27.29\psuser.dll => (the data entry has 8 more characters).CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{E69341A3-E6D2-4175-B60C-C9D3D6FA40F6}\localserver32 -> C:\Documents and Settings\Ken\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Documents and Settings\Ken\Application Data\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No FileCustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ken\Application Data\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ken\Application Data\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ken\Application Data\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ken\Application Data\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ken\Application Data\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ken\Application Data\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ken\Application Data\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Documents and Settings\Ken\Application Data\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Documents and Settings\Ken\Application Data\Dropbox\bin\DropboxExt.28.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1993962763-1965331169-682003330-1003_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Documents and Settings\Ken\Local Settings\Application Data\Dropbox\Update\1.3.27.33\psuser.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exeTask: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1993962763-1965331169-682003330-1003Core.job => C:\Documents and Settings\Ken\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exeTask: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1993962763-1965331169-682003330-1003UA.job => C:\Documents and Settings\Ken\Local Settings\Application Data\Dropbox\Update\DropboxUpdate.exeTask: C:\WINDOWS\Tasks\Free File Viewer Update Checker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1993962763-1965331169-682003330-1003.job => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1993962763-1965331169-682003330-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1993962763-1965331169-682003330-1003.job => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1993962763-1965331169-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1993962763-1965331169-682003330-1003.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exeTask: C:\WINDOWS\Tasks\WpsUpdateTask_Ken.job => C:\Program Files\Kingsoft\Kingsoft Presentation\office6\wpsupdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Documents and Settings\Ken\Start Menu\Programs\CrossLoop\CrossLoop.lnk -> C:\Documents and Settings\Ken\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server ShortcutWithArgument: C:\Documents and Settings\Ken\Desktop\Unused Desktop Shortcuts\CrossLoop Connect.lnk -> C:\Documents and Settings\Ken\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server ShortcutWithArgument: C:\Documents and Settings\Ken\Application Data\Microsoft\Internet Explorer\Quick Launch\CrossLoop.lnk -> C:\Documents and Settings\Ken\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe (CrossLoop) -> -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server ==================== Loaded Modules (Whitelisted) ============== 2014-08-12 09:18 - 2013-06-17 16:40 - 00034920 _____ () C:\WINDOWS\system32\ddmon4-XP32.dll2013-12-06 18:18 - 2013-12-06 18:18 - 05130592 _____ () C:\Program Files\M-Files\9.0.3372.75\Bin\x86\MFRes2.dll2013-12-06 17:37 - 2013-12-06 17:37 - 00063328 _____ () C:\Program Files\M-Files\9.0.3372.75\Bin\x86\MFCliPS.dll2010-09-27 11:03 - 2010-09-27 11:03 - 00201512 _____ () C:\WINDOWS\system32\vpnapi.dll2014-08-12 10:34 - 2014-08-12 10:34 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe2008-04-14 07:00 - 2008-04-14 07:00 - 01288192 _____ () C:\WINDOWS\system32\quartz.dll2011-03-02 17:50 - 2010-06-04 14:47 - 00705024 _____ () C:\WINDOWS\system32\TSSchBkpService.exe2011-03-02 17:51 - 1999-06-21 05:10 - 00589312 _____ () C:\Program Files\Borland\Common Files\BDE\IDAPI32.DLL2011-03-02 17:51 - 1999-06-21 05:10 - 00116736 _____ () C:\Program Files\Borland\Common Files\BDE\IDR20009.DLL2011-03-02 17:51 - 1999-06-21 05:10 - 00101376 _____ () C:\Program Files\Borland\Common Files\BDE\BANTAM.DLL2011-03-02 17:51 - 1999-06-21 05:10 - 00255488 _____ () C:\Program Files\Borland\Common Files\BDE\IDPDX32.DLL2014-02-04 01:42 - 2014-02-04 01:42 - 00269128 _____ () C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll2014-02-04 01:43 - 2014-02-04 01:43 - 00021320 _____ () C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.dll2005-07-19 23:18 - 2005-07-19 23:18 - 00059904 _____ () C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll2014-02-04 01:42 - 2014-02-04 01:42 - 00348488 _____ () C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll2014-02-04 01:43 - 2014-02-04 01:43 - 00126792 _____ () C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll2014-02-04 01:42 - 2014-02-04 01:42 - 00176968 _____ () C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll2014-02-04 01:43 - 2014-02-04 01:43 - 00042824 _____ () C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll2015-12-10 21:18 - 2015-10-30 19:59 - 00034768 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\_multiprocessing.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00019408 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\faulthandler.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00022848 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00023352 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\Crypto.Util._counter.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00042296 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\Crypto.Cipher._AES.pyd2015-12-10 21:18 - 2015-10-30 19:59 - 00116688 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\pywintypes27.dll2015-12-10 21:18 - 2015-10-30 19:59 - 00093640 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\_ctypes.pyd2015-12-10 21:18 - 2015-10-30 19:59 - 00018376 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\select.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00019760 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\tornado.speedups.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00105928 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32api.pyd2015-12-10 21:18 - 2015-10-30 19:59 - 00392144 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\pythoncom27.dll2015-12-10 21:18 - 2015-12-08 16:36 - 00381752 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32com.shell.shell.pyd2015-12-10 21:18 - 2015-10-30 19:59 - 00692688 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\unicodedata.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00020816 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00109520 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\_cffi_backend.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 01737032 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00020808 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00020800 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00021840 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00038696 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\fastpath.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00024528 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32event.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00020936 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\mmapfile.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00114640 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32security.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00021320 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00124880 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32file.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00030160 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32pipe.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00043472 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32process.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00175560 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32gui.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00028616 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32ts.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00024016 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32clipboard.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00048592 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32service.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00024392 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00036296 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\librsync.dll2015-12-10 21:18 - 2015-10-30 20:00 - 00024016 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32profile.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00117056 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\breakpad.client.windows.handler.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00023376 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd2015-12-10 21:18 - 2015-10-30 19:59 - 00134608 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\_elementtree.pyd2015-12-10 21:18 - 2015-10-30 19:59 - 00134088 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\pyexpat.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00240584 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\jpegtran.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00020280 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\cpuid.compiled._cpuid.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00052024 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\psutil._psutil_windows.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00021304 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\Crypto.Util.strxor.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00350152 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\winxpgui.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00084792 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\dropbox_sqlite_ext.dll2015-12-10 21:18 - 2015-12-08 16:36 - 01826608 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\PyQt5.QtCore.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00083912 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\sip.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 03891504 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\PyQt5.QtWidgets.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 01950000 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\PyQt5.QtGui.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00519984 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\PyQt5.QtNetwork.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00133936 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\PyQt5.QtWebKit.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00225080 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00207672 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\PyQt5.QtPrintSupport.pyd2015-12-10 21:18 - 2015-12-08 16:36 - 00024904 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd2015-12-10 21:18 - 2015-10-30 20:00 - 00060880 _____ () C:\Documents and Settings\Ken\Application Data\Dropbox\bin\win32print.pyd2011-08-31 15:44 - 2011-08-31 15:44 - 00433664 _____ () C:\Program Files\Evernote\Evernote\libxml2.dll2011-08-31 15:44 - 2011-08-31 15:44 - 00315392 _____ () C:\Program Files\Evernote\Evernote\libtidy.dll2015-12-30 15:35 - 2016-01-19 12:48 - 00227712 _____ () C:\Documents and Settings\Ken\Application Data\Dashlane\Dashlane.exe2016-01-19 22:45 - 2016-01-19 12:47 - 00343936 _____ () C:\Documents and Settings\Ken\Application Data\Dashlane\4.0.1.98943\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.4.0.1.98943.dll2016-01-19 22:45 - 2016-01-19 12:47 - 00433536 _____ () C:\Documents and Settings\Ken\Application Data\Dashlane\4.0.1.98943\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.4.0.1.98943.dll2016-01-19 22:45 - 2016-01-19 12:47 - 00467328 _____ () C:\Documents and Settings\Ken\Application Data\Dashlane\4.0.1.98943\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.4.0.1.98943.dll2016-01-19 22:45 - 2016-01-19 12:47 - 32424832 _____ () C:\Documents and Settings\Ken\Application Data\Dashlane\4.0.1.98943\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.4.0.1.98943.dll2016-01-19 22:45 - 2016-01-19 12:47 - 00299392 _____ () C:\Documents and Settings\Ken\Application Data\Dashlane\4.0.1.98943\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.4.0.1.98943.dll2016-01-19 22:45 - 2016-01-19 12:47 - 06175104 _____ () C:\Documents and Settings\Ken\Application Data\Dashlane\4.0.1.98943\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.4.0.1.98943.dll2016-01-19 22:45 - 2016-01-19 12:47 - 07339904 _____ () C:\Documents and Settings\Ken\Application Data\Dashlane\4.0.1.98943\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.4.0.1.98943.dll2015-12-30 15:32 - 2016-01-19 12:48 - 00285568 _____ () C:\Documents and Settings\Ken\Application Data\Dashlane\DashlanePlugin.exe2016-01-19 22:45 - 2016-01-19 12:47 - 13635456 _____ () C:\Documents and Settings\Ken\Application Data\Dashlane\4.0.1.98943\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.4.0.1.98943.dll2016-01-19 22:45 - 2016-01-19 12:47 - 02259840 _____ () C:\Documents and Settings\Ken\Application Data\Dashlane\4.0.1.98943\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.4.0.1.98943.dll2016-01-19 22:45 - 2016-01-19 12:47 - 00353664 _____ () C:\Documents and Settings\Ken\Application Data\Dashlane\4.0.1.98943\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.4.0.1.98943.dll2008-04-14 07:00 - 2008-04-14 07:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll2008-04-14 07:00 - 2008-04-14 07:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll2014-04-09 07:59 - 2014-02-10 12:44 - 04592128 _____ () C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll2014-04-09 07:59 - 2014-02-10 12:44 - 00112128 _____ () C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll2016-01-22 00:35 - 2016-01-19 14:06 - 16792256 _____ () C:\Documents and Settings\Ken\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\20.0.0.286\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2008-04-14 07:00 - 2016-01-04 08:50 - 00000057 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost0.0.0.1 mssplus.mcafee.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1993962763-1965331169-682003330-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmpDNS Servers: 10.1.10.1Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) DomainProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe] => Enabled:Microsoft Office Live Meeting 2007StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Plugin Manager\skypePM.exe] => Enabled:Skype Extras ManagerStandardProfile\AuthorizedApplications: [C:\Program Files\Intuit\QuickBooks 2011\QBDBMgrN.exe] => Enabled:QuickBooks 2011 Data ManagerStandardProfile\AuthorizedApplications: [C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe] => Enabled:Free File Viewer Update CheckerStandardProfile\AuthorizedApplications: [C:\ProgramFiles\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office OutlookStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ken\Application Data\Spotify\spotify.exe] => Enabled:SpotifyStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ken\Application Data\Dropbox\bin\Dropbox.exe] => Enabled:DropboxStandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe] => Enabled:Microsoft Office Live Meeting 2007StandardProfile\AuthorizedApplications: [C:\Program Files\Bonjour\mDNSResponder.exe] => Enabled:Bonjour ServiceStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ken\Local Settings\Application Data\CrossLoop\vncviewer.exe] => Enabled:vncviewer.exeStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ken\Local Settings\Application Data\CrossLoop\tvnserver.exe] => Enabled:tvnserver.exeStandardProfile\AuthorizedApplications: [C:\Documents and Settings\Ken\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe] => Enabled:CrossLoop - Simple Secure Screen SharingStandardProfile\AuthorizedApplications: [C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe] => Enabled:WebKitStandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\dpvsetup.exe] => Enabled:Microsoft DirectPlay Voice TestStandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\rundll32.exe] => Enabled:Run a DLL as an AppStandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version9\TeamViewer.exe] => Enabled:Teamviewer Remote Control ApplicationStandardProfile\AuthorizedApplications: [C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe] => Enabled:Teamviewer Remote Control ServiceStandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google ChromeStandardProfile\AuthorizedApplications: [C:\Spotify.exe] => Enabled:SpotifyStandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:SkypeStandardProfile\GloballyOpenPorts: [5910:TCP] => Enabled:vnc5910 ==================== Restore Points ========================= 28-10-2015 01:25:33 System Checkpoint29-10-2015 02:24:29 System Checkpoint30-10-2015 03:20:49 System Checkpoint31-10-2015 04:16:15 System Checkpoint01-11-2015 05:16:13 System Checkpoint02-11-2015 06:16:13 System Checkpoint03-11-2015 06:16:47 System Checkpoint04-11-2015 07:14:03 System Checkpoint05-11-2015 08:09:18 System Checkpoint06-11-2015 13:19:19 System Checkpoint07-11-2015 13:59:33 System Checkpoint08-11-2015 14:59:31 System Checkpoint09-11-2015 17:36:04 System Checkpoint10-11-2015 17:41:02 System Checkpoint11-11-2015 18:41:02 System Checkpoint12-11-2015 19:40:38 System Checkpoint13-11-2015 20:40:38 System Checkpoint14-11-2015 21:40:11 System Checkpoint15-11-2015 21:40:38 System Checkpoint16-11-2015 22:39:30 System Checkpoint17-11-2015 23:38:23 System Checkpoint19-11-2015 00:38:23 System Checkpoint20-11-2015 01:35:55 System Checkpoint21-11-2015 02:35:50 System Checkpoint22-11-2015 03:35:50 System Checkpoint23-11-2015 04:35:50 System Checkpoint24-11-2015 05:34:49 System Checkpoint25-11-2015 06:34:47 System Checkpoint26-11-2015 07:28:10 System Checkpoint27-11-2015 07:28:46 System Checkpoint28-11-2015 08:28:45 System Checkpoint29-11-2015 09:28:46 System Checkpoint30-11-2015 13:04:27 System Checkpoint01-12-2015 13:18:08 System Checkpoint02-12-2015 14:00:11 System Checkpoint03-12-2015 14:26:28 System Checkpoint04-12-2015 15:07:17 System Checkpoint05-12-2015 15:55:13 System Checkpoint06-12-2015 16:55:14 System Checkpoint07-12-2015 17:57:10 System Checkpoint08-12-2015 18:46:10 System Checkpoint09-12-2015 19:46:10 System Checkpoint10-12-2015 20:44:46 System Checkpoint11-12-2015 21:41:39 System Checkpoint12-12-2015 21:43:40 System Checkpoint13-12-2015 22:43:40 System Checkpoint14-12-2015 23:28:03 System Checkpoint16-12-2015 00:26:50 System Checkpoint17-12-2015 01:00:58 System Checkpoint18-12-2015 01:59:45 System Checkpoint19-12-2015 02:58:26 System Checkpoint20-12-2015 03:58:34 System Checkpoint21-12-2015 04:55:34 System Checkpoint22-12-2015 04:57:47 System Checkpoint23-12-2015 05:57:52 System Checkpoint24-12-2015 06:56:06 System Checkpoint25-12-2015 06:56:20 System Checkpoint26-12-2015 07:56:19 System Checkpoint27-12-2015 08:56:19 System Checkpoint28-12-2015 12:52:08 System Checkpoint29-12-2015 12:52:48 System Checkpoint30-12-2015 14:26:48 System Checkpoint31-12-2015 14:51:45 System Checkpoint01-01-2016 15:51:44 System Checkpoint02-01-2016 16:51:43 System Checkpoint03-01-2016 17:51:43 System Checkpoint04-01-2016 18:48:29 System Checkpoint05-01-2016 19:48:07 System Checkpoint06-01-2016 20:48:03 System Checkpoint07-01-2016 21:02:13 System Checkpoint08-01-2016 21:28:13 System Checkpoint09-01-2016 22:28:17 System Checkpoint10-01-2016 22:28:45 System Checkpoint11-01-2016 23:25:54 System Checkpoint12-01-2016 23:39:44 System Checkpoint14-01-2016 00:39:42 System Checkpoint15-01-2016 01:37:21 System Checkpoint16-01-2016 02:36:11 System Checkpoint17-01-2016 03:36:08 System Checkpoint18-01-2016 04:34:26 System Checkpoint19-01-2016 04:35:38 System Checkpoint20-01-2016 04:45:42 System Checkpoint21-01-2016 05:45:38 System Checkpoint22-01-2016 06:45:38 System Checkpoint23-01-2016 06:57:11 System Checkpoint24-01-2016 07:23:13 System Checkpoint25-01-2016 08:38:15 System Checkpoint ==================== Faulty Device Manager Devices ============= Name: Cisco Systems VPN AdapterDescription: Cisco Systems VPN AdapterClass Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}Manufacturer: Cisco SystemsService: CVirtAProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (01/25/2016 08:18:11 AM) (Source: Microsoft Office 14) (EventID: 1000) (User: )Description: Faulting application outlook.exe, version 14.0.4760.1000, stamp 4ba8fefd, faulting module mspst32.dll, version 14.0.4760.1000, stamp 4ba8fe02, debug? 0, fault address 0x00011c07. Error: (01/23/2016 02:46:39 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application carboniteservice.exe, version 5.7.7.5155, faulting module carboniteservice.exe, version 5.7.7.5155, fault address 0x0013e665.Processing media-specific event for [carboniteservice.exe!ws!] Error: (01/19/2016 04:09:11 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\KEN\MY DOCUMENTS\DROPBOX\.DROPBOX.CACHE\J7KP1MPF64KHTWETQWLB9DVRNTHO7U8RNLROZ-ATR_G> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (01/19/2016 03:09:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\KEN\RECENT\LAWFIRM (5).LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (01/19/2016 03:09:17 PM) (Source: Windows Search Service) (EventID: 3013) (User: )Description: The entry <C:\DOCUMENTS AND SETTINGS\KEN\RECENT\LAWFIRM (5).LNK> in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:A device attached to the system is not functioning. (0x8007001f) Error: (01/19/2016 11:31:19 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application carboniteservice.exe, version 5.7.7.5155, faulting module carboniteservice.exe, version 5.7.7.5155, fault address 0x0013e665.Processing media-specific event for [carboniteservice.exe!ws!] Error: (01/19/2016 10:47:09 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (01/19/2016 10:47:09 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (01/19/2016 10:47:09 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (01/19/2016 09:58:25 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: Hanging application OUTLOOK.EXE, version 14.0.4760.1000, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors:=============Error: (01/25/2016 12:07:50 PM) (Source: 0) (EventID: 7) (User: )Description: \Device\Harddisk1\D Error: (01/25/2016 12:06:50 PM) (Source: 0) (EventID: 7) (User: )Description: \Device\Harddisk1\D Error: (01/25/2016 12:05:50 PM) (Source: 0) (EventID: 7) (User: )Description: \Device\Harddisk1\D Error: (01/25/2016 12:04:50 PM) (Source: 0) (EventID: 7) (User: )Description: \Device\Harddisk1\D Error: (01/25/2016 12:03:51 PM) (Source: 0) (EventID: 7) (User: )Description: \Device\Harddisk1\D Error: (01/25/2016 12:02:50 PM) (Source: 0) (EventID: 7) (User: )Description: \Device\Harddisk1\D Error: (01/25/2016 12:01:50 PM) (Source: 0) (EventID: 7) (User: )Description: \Device\Harddisk1\D Error: (01/25/2016 12:00:50 PM) (Source: 0) (EventID: 7) (User: )Description: \Device\Harddisk1\D Error: (01/25/2016 11:59:50 AM) (Source: 0) (EventID: 7) (User: )Description: \Device\Harddisk1\D Error: (01/25/2016 11:58:50 AM) (Source: 0) (EventID: 7) (User: )Description: \Device\Harddisk1\D ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU E7200 @ 2.53GHzPercentage of memory in use: 54%Total physical RAM: 3061.1 MBAvailable physical RAM: 1381.38 MBTotal Virtual: 4947.2 MBAvailable Virtual: 2343 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.75 GB) (Free:343.11 GB) NTFS ==>[drive with boot components (Windows XP)]Drive f: (CD04TAX) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFSDrive m: (M-Files) (Fixed) (Total:100 GB) (Free:90 GB) MFilesFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 55C455C4)Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: A42D04A3)Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)Partition 2: (Active) - (Size=298 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
David H. Lipman Posted January 25, 2016 ID:1014588 Share Posted January 25, 2016 kenelsner: This is a computer used at a law firm ? That is a business computer ? Link to post Share on other sites More sharing options...
kenelsner Posted January 25, 2016 Author ID:1014590 Share Posted January 25, 2016 kenelsner: This is a computer used at a law firm ? That is a business computer ?Yes Link to post Share on other sites More sharing options...
David H. Lipman Posted January 25, 2016 ID:1014595 Share Posted January 25, 2016 Then you need to bring this issue up to your employer. Let's assume that there was/is something on the computer. Email may not be the only compromise. Proprietary data could be exfiltrated that can leave a case of litigation or cases "At Risk". The Law Firm needs to approach this from their POV through their IT personnel. Link to post Share on other sites More sharing options...
kenelsner Posted January 25, 2016 Author ID:1014603 Share Posted January 25, 2016 David I have taken the necessary steps, now I am just trying to figure out what happened and what the outbound notice means Thanks Link to post Share on other sites More sharing options...
David H. Lipman Posted January 25, 2016 ID:1014609 Share Posted January 25, 2016 I understand but there a few points... What may get done may erase important evidenceYour IT group needs to handle this and they can discuss their company Authorized Use Policy ( AUP ), remediation, mitigation, prevention and security with you.This service is for the home user and is provided free of change and is mainly performed by volunteers. Use of the retail version Malwarebytes' Anti-Malware on a business computer is a End User License Agreement (EULA) violation. There is a corporate version of MBAM that needs to be used and your IT group should be working with the Malwarebytes corporate support personnel.In a business there should be a IT group and you must work with them. Going outside of the corporate IT group may be a company AUP violation and you may make things worse, not better. Link to post Share on other sites More sharing options...
kenelsner Posted January 25, 2016 Author ID:1014611 Share Posted January 25, 2016 David Thank you for the information. I have a very small part-time practice that I run from home and dont have an IT department or anything else for that matter. I came here for help in trying to determine what caused the problem and what the message means. Thanks for your input Ken Link to post Share on other sites More sharing options...
kenelsner Posted January 25, 2016 Author ID:1014613 Share Posted January 25, 2016 Files attached. ThanksAddition.txtFRST.txt Link to post Share on other sites More sharing options...
TwinHeadedEagle Posted January 26, 2016 ID:1014738 Share Posted January 26, 2016 As David stated this and I will repeat, as I volunteer here I won't provide help for business machines. If you have MalwareBytes subscription, you can contact their business support via online form. On the other side, running a business on a XP machine is very risky, because this system isn't getting security patches anymore and there are probably a dozens of exploits for it easily accessible even for rookies. Link to post Share on other sites More sharing options...
kenelsner Posted January 26, 2016 Author ID:1014769 Share Posted January 26, 2016 My apologies, I wasnt aware of the TOU when I posted, just very frustrated. I agree with you on the XP issues and am purchasing a new computer. Thank you very much for your time Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 9, 2016 Root Admin ID:1018402 Share Posted February 9, 2016 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts