Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM returns Spyware.ZeuS, Trojan.Agent, Backdoor.Bot


  • This topic is locked This topic is locked
11 replies to this topic

#1 mttime73

mttime73

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 10 September 2014 - 10:03 PM

Hello,

I was called in today after the dreaded, I think I have malware comment.  Downloaded a file from Gmail, which later flagged the email attachment as a virus.  Ran MSE which found bugs and followed up MBAM which found over 200 unwanted items.  The list included the ones noted above.

 

I respect Bleeping Computer and was hoping to enlist the help of an expert to ensure all traces of malware are eliminated.

 

Thanks,

Aaron



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 11 September 2014 - 04:34 AM

Hello Aaron,

please post up the log files from MSE and MBAM that show what exactly has been found and deleted.
And in addtion run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 11 September 2014 - 01:39 PM

Hello,

I searched for the MSE logs and couldn't find them anywhere.  Not very straight forward...

 

MBAM:

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/09/10 19:39:13 -0700</date>
<logfile>mbam-log-2014-09-10 (19-39-10).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.09.10.10</malware-database>
<rootkit-database>v2014.09.10.02</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Assistant Bookkeeper</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>431118</objects>
<time>1136</time>
<processes>7</processes>
<modules>0</modules>
<keys>25</keys>
<values>12</values>
<datas>3</datas>
<folders>28</folders>
<files>137</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><pid>2976</pid><hash>837faa42bcbf251106a48516e21f5da3</hash></process>
<process><path>C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><pid>1476</pid><hash>ef1322cafe7d8caaefbbdfbcb150ae52</hash></process>
<process><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\WUDHost.exe</path><vendor>Trojan.Agent</vendor><action>delete-on-reboot</action><pid>3148</pid><hash>3dc58e5e0675ef47702d9129847de917</hash></process>
<process><path>C:\Users\Assistant Bookkeeper\Music\Microsoft\Windows\cscservices.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><pid>6536</pid><hash>52b0b7354e2d171f22c3d2dadf222bd5</hash></process>
<process><path>C:\Users\Assistant Bookkeeper\Music\Microsoft\Windows\adobe.exe</path><vendor>Heuristics.Shuriken</vendor><action>delete-on-reboot</action><pid>2340</pid><hash>ffffffffffffffffffffffffffffffff</hash></process>
<process><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\Acctres.exe</path><vendor>Trojan.Agent.WDA</vendor><action>delete-on-reboot</action><pid>7148</pid><hash>f909925ac8b3f244c934d32748babd43</hash></process>
<process><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\svchost.exe</path><vendor>Trojan.Agent.Gen</vendor><action>delete-on-reboot</action><pid>5404</pid><hash>57ab6686dd9ee1556214be59996bce32</hash></process>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>9270816bb4c7b3830f9b7625fe035ca4</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\INPROCSERVER32</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D4027C7F-154A-4066-A1AD-4243D8127440}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\GenericAskToolbar.ToolbarWnd.1</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\GenericAskToolbar.ToolbarWnd.1</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6C434537-053E-486D-B62A-160059D9D456}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKU\S-1-5-21-3578726923-2452504054-157316393-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D4027C7F-154A-4066-A1AD-4243D8127440}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKU\S-1-5-21-3578726923-2452504054-157316393-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D4027C7F-154A-4066-A1AD-4243D8127440}</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>03ffc626cfac1e18dd1f1057a460bb45</hash></key>
<key><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>d42e57953942b482e3180265897bf709</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>9171ad3fee8d2214845ad930f70c37c9</hash></key>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>30d2c4283d3ea98df72bc93afe0553ad</hash></key>
<value><path>HKU\S-1-5-21-3578726923-2452504054-157316393-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>Boot File Servicing Utility</valuename><vendor>Trojan.Agent</vendor><action>success</action><valuedata>C:\Users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\WUDHost.exe</valuedata><hash>3dc58e5e0675ef47702d9129847de917</hash></value>
<value><path>HKU\S-1-5-21-3578726923-2452504054-157316393-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN</path><valuename>Network List Service</valuename><vendor>Backdoor.Bot</vendor><action>success</action><valuedata>C:\Users\Assistant Bookkeeper\Music\Microsoft\Windows\cscservices.exe</valuedata><hash>52b0b7354e2d171f22c3d2dadf222bd5</hash></value>
<value><path>HKU\S-1-5-21-3578726923-2452504054-157316393-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{D4027C7F-154A-4066-A1AD-4243D8127440}</valuename><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><valuedata>|ÔJf@¡­BCØt@</valuedata><hash>e51d7577aecda88ef2a73d80946eaa56</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{D4027C7F-154A-4066-A1AD-4243D8127440}</valuename><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><valuedata>0</valuedata><hash>e51d7577aecda88ef2a73d80946eaa56</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR</path><valuename>{D4027C7F-154A-4066-A1AD-4243D8127440}</valuename><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><valuedata>0</valuedata><hash>e51d7577aecda88ef2a73d80946eaa56</hash></value>
<value><path>HKU\S-1-5-21-3578726923-2452504054-157316393-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{D4027C7F-154A-4066-A1AD-4243D8127440}</path><valuename></valuename><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><valuedata></valuedata><hash>2ed428c48bf084b258414c71ae54f30d</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{D4027C7F-154A-4066-A1AD-4243D8127440}</path><valuename></valuename><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><valuedata></valuedata><hash>41c15c90403bdc5abedbd4e9857d5ca4</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{D4027C7F-154A-4066-A1AD-4243D8127440}</path><valuename></valuename><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><valuedata></valuedata><hash>21e124c83249da5cb7e211ac10f251af</hash></value>
<value><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN</path><valuename>1152673297</valuename><vendor>Trojan.Agent.PL</vendor><action>success</action><valuedata>C:\PROGRA~3\msvog.exe</valuedata><hash>9c664e9e007ba49278a29771dc27c63a</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN</path><valuename>1152673297</valuename><vendor>Trojan.Agent.PL</vendor><action>success</action><valuedata>C:\PROGRA~3\msvog.exe</valuedata><hash>9c664e9e007ba49278a29771dc27c63a</hash></value>
<value><path>HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT</path><valuename>InstallDir</valuename><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><valuedata>C:\PROGRA~2\SearchProtect</valuedata><hash>9171ad3fee8d2214845ad930f70c37c9</hash></value>
<value><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD</path><valuename>ImagePath</valuename><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><valuedata>\??\C:\Windows\system32\drivers\SPPD.sys</valuedata><hash>30d2c4283d3ea98df72bc93afe0553ad</hash></value>
<data><path>HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS</path><valuename>AppInit_DLLs</valuename><vendor>PUP.Optional.SearchProtect.A</vendor><action>replaced</action><valuedata>C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll</valuedata><baddata>C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll</baddata><gooddata></gooddata><hash>ff0334b855265bdb8a20811afe03718f</hash></data>
<data><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS</path><valuename>AppInit_DLLs</valuename><vendor>PUP.Optional.SearchProtect.A</vendor><action>replaced</action><valuedata>C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll</valuedata><baddata>C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll</baddata><gooddata></gooddata><hash>e61c14d897e4de58ddcda4f7a75ab050</hash></data>
<data><path>HKU\S-1-5-21-3578726923-2452504054-157316393-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN</path><valuename>Start Page</valuename><vendor>PUP.Optional.Trovi.A</vendor><action>replaced</action><valuedata>http://www.trovi.com/?gd=&amp;ctid=CT3324790&amp;octid=EB_ORIGINAL_CTID&amp;ISID=MFED00094-C2AB-4270-BC89-406ACC6DC6C4&amp;SearchSource=55&amp;CUI=&amp;UM=5&amp;UP=SPAC53B5A6-0598-436B-9535-D2511AF93323&amp;SSPV=</valuedata><baddata>http://www.trovi.com/?gd=&amp;ctid=CT3324790&amp;octid=EB_ORIGINAL_CTID&amp;ISID=MFED00094-C2AB-4270-BC89-406ACC6DC6C4&amp;SearchSource=55&amp;CUI=&amp;UM=5&amp;UP=SPAC53B5A6-0598-436B-9535-D2511AF93323&amp;SSPV=</baddata><gooddata>www.google.com</gooddata><hash>738fc22a27546dc9b80fdd10f90bdf21</hash></data>
<folder><path>C:\Program Files (x86)\SearchProtect</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\Main</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\Main\bin</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\Main\rep</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\SearchProtect</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\SearchProtect\bin</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\SearchProtect\rep</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\UI</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\UI\bin</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\UI\dialogs</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\libs</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protection</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Program Files (x86)\SearchProtect\UI\rep</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></folder>
<folder><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\OpenCandy</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>a06245a737449f97eaa529a42dd5ad53</hash></folder>
<folder><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\OpenCandy\07D7E179E28C431C82210282EFE85526</path><vendor>PUP.Optional.OpenCandy</vendor><action>success</action><hash>a06245a737449f97eaa529a42dd5ad53</hash></folder>
<folder><path>C:\Users\Assistant Bookkeeper\AppData\Local\SearchProtect</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><hash>8979c52718633ef855f5eff46c960cf4</hash></folder>
<folder><path>C:\Users\Assistant Bookkeeper\AppData\Local\SearchProtect\SearchProtect</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><hash>8979c52718633ef855f5eff46c960cf4</hash></folder>
<folder><path>C:\Users\Assistant Bookkeeper\AppData\Local\SearchProtect\SearchProtect\rep</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>8979c52718633ef855f5eff46c960cf4</hash></folder>
<folder><path>C:\Users\Assistant Bookkeeper\AppData\Local\SearchProtect\SearchProtect\STG</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>8979c52718633ef855f5eff46c960cf4</hash></folder>
<folder><path>C:\Users\Assistant Bookkeeper\AppData\Local\SearchProtect\UI</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>8979c52718633ef855f5eff46c960cf4</hash></folder>
<folder><path>C:\Users\Assistant Bookkeeper\AppData\Local\SearchProtect\UI\rep</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>8979c52718633ef855f5eff46c960cf4</hash></folder>
<folder><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B</path><vendor>PUP.Optional.Extutil.A</vendor><action>success</action><hash>b44e4ba19edd67cff4b5ad386c96bd43</hash></folder>
<folder><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42</path><vendor>PUP.Optional.Managera.A</vendor><action>success</action><hash>9c6613d91764102638729d48da28fb05</hash></folder>
<file><path>C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><hash>9270816bb4c7b3830f9b7625fe035ca4</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><hash>837faa42bcbf251106a48516e21f5da3</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>delete-on-reboot</action><hash>ef1322cafe7d8caaefbbdfbcb150ae52</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\KB96174663.exe</path><vendor>Spyware.ZeuS</vendor><action>delete-on-reboot</action><hash>946efbf12259fe38a018bafe06fb35cb</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\WUDHost.exe</path><vendor>Trojan.Agent</vendor><action>delete-on-reboot</action><hash>3dc58e5e0675ef47702d9129847de917</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\KB175306794.exe</path><vendor>Spyware.ZeuS</vendor><action>delete-on-reboot</action><hash>54ae589486f555e1e0d89d1b13eea15f</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\Music\Microsoft\Windows\cscservices.exe</path><vendor>Backdoor.Bot</vendor><action>delete-on-reboot</action><hash>52b0b7354e2d171f22c3d2dadf222bd5</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\Music\Microsoft\Windows\adobe.exe</path><vendor>Heuristics.Shuriken</vendor><action>delete-on-reboot</action><hash>ffffffffffffffffffffffffffffffff</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>ff0334b855265bdb8a20811afe03718f</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>e61c14d897e4de58ddcda4f7a75ab050</hash></file>
<file><path>C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AD5\Passport_x64.dll</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></file>
<file><path>C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AD5\Passport.dll</path><vendor>PUP.Optional.FrostwireTB.A</vendor><action>success</action><hash>e51d7577aecda88ef2a73d80946eaa56</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\OpenCandy\07D7E179E28C431C82210282EFE85526\SearchProtect_p1v2.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>32d05f8d047788ae4e6f07242bd6d32d</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\OpenCandy\07D7E179E28C431C82210282EFE85526\sp-downloader.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>d1318d5fbebdd2642f8ea5867f829b65</hash></file>
<file><path>C:\$Recycle.Bin\S-1-5-21-3578726923-2452504054-157316393-1005\$R60IBHS.exe</path><vendor>Heuristics.Shuriken</vendor><action>success</action><hash>ffffffffffffffffffffffffffffffff</hash></file>
<file><path>C:\$Recycle.Bin\S-1-5-21-3578726923-2452504054-157316393-1005\$R9QVOG4.tmp</path><vendor>Trojan.Agent.FSAVXGen</vendor><action>success</action><hash>50b27676047780b6e538ceba46bb1fe1</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KB00767805.exe</path><vendor>Spyware.ZeuS</vendor><action>success</action><hash>a75b4ca0304bde58ab0d97210ff26b95</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KB175306794.exe</path><vendor>Spyware.ZeuS</vendor><action>success</action><hash>b74bb23a1c5fa096eccca61201000ef2</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KB96174663.exe</path><vendor>Spyware.ZeuS</vendor><action>success</action><hash>69997478b1ca0135cdeba315aa57d030</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\1174.tmp</path><vendor>Backdoor.Bot</vendor><action>success</action><hash>8979c5279ae196a0f5c93c7eed14d42c</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe</path><vendor>PUP.Optional.InstallCore</vendor><action>success</action><hash>c53d5993691292a488b00a4b2ad7c33d</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nslB94C.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>43bf7b71007b2313156e533efa0704fc</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nslF077.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>ac5659933f3c89add1b2375a8a77ab55</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nsm549.tmp</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>22e0c9238deeaf8747631586bd4440c0</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nsqB65E.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>47bb8f5d87f4d16543402170d32ec13f</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nsqF3F1.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>f80a24c81962b77ffd86f59c41c09f61</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nss7EAE.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>ce34c02c4d2e40f6374cdcb5ad54e31d</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nsu20C4.tmp</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>24de47a54239e650ecbe207b8f72f010</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nsx82C4.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>50b2a14b502b64d2bbc87e131ce538c8</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nsx861F.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>a959b438bcbf1e182c5769287a87ae52</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nsxDECD.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>e81a9d4f2b501f17a0e3bbd647ba926e</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nsxE6BB.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>7191c923f289ef47275c8a079d646c94</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nscE2E3.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>31d1e408fe7d7cbac5be6c2506fb24dc</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nse6BF8.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>ae5429c3dba0c472641f1081e021ce32</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nsgBC3A.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>2ed422caccaf93a361222b66bb4616ea</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\nsgF70E.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>11f12fbd4b3066d0344f7120b051ca36</hash></file>
<file><path>C:\Windows\Temp\nsh9C2D.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>768c93596f0c5cda99ea662bc9383bc5</hash></file>
<file><path>C:\Windows\Temp\nsj4A55.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>0df5df0db3c896a02162a8e97c857e82</hash></file>
<file><path>C:\Windows\Temp\nsnAB32.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>6d954aa2611a89ad3a49f79af50ca45c</hash></file>
<file><path>C:\Windows\Temp\nsoE4F.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>cc368963ed8e8caa23602170a958b749</hash></file>
<file><path>C:\Windows\Temp\nsu6D03.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>788ad7155d1eb482fc876d247a877090</hash></file>
<file><path>C:\Windows\Temp\nsuE8F4.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>e41e905cd0ab4aecb4cf019009f8a25e</hash></file>
<file><path>C:\Windows\Temp\nsvC7F7.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>a75b8963b6c5c076582be4ad80815fa1</hash></file>
<file><path>C:\Windows\Temp\nsvEC88.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>1fe3eb01166564d27b087b16c04108f8</hash></file>
<file><path>C:\Windows\Temp\nsx846F.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>ec1658942a515bdbc3c078198f72cb35</hash></file>
<file><path>C:\Windows\Temp\nsxB3B4.exe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>14eeeffdd9a271c5e59e721fd72acf31</hash></file>
<file><path>C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>d0325a92fd7ec96d1d8d831803feb848</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\Acctres.exe</path><vendor>Trojan.Agent.WDA</vendor><action>delete-on-reboot</action><hash>f909925ac8b3f244c934d32748babd43</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\uvg7cmtm.default\searchplugins\trovi-search.xml</path><vendor>PUP.Optional.Trovi.A</vendor><action>success</action><hash>ee14f4f8f982c86e34123dd83fc48080</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\svchost.exe</path><vendor>Trojan.Agent.Gen</vendor><action>delete-on-reboot</action><hash>57ab6686dd9ee1556214be59996bce32</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\EULA.txt</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>52b06d7f24573afce7b9d27baf5548b8</hash></file>
<file><path>C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb</path><vendor>PUP.Optional.SearchProtect</vendor><action>success</action><hash>7b876e7e6f0c2a0cd72851162bd941bf</hash></file>
<file><path>C:\ProgramData\msvog.exe</path><vendor>Trojan.Agent.PL</vendor><action>success</action><hash>9c664e9e007ba49278a29771dc27c63a</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>8979c52718633ef855f5eff46c960cf4</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>8979c52718633ef855f5eff46c960cf4</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>8979c52718633ef855f5eff46c960cf4</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\SearchProtect\UI\rep\UIRepository.dat</path><vendor>PUP.Optional.SearchProtect.A</vendor><action>success</action><hash>8979c52718633ef855f5eff46c960cf4</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js</path><vendor>PUP.Optional.Extutil.A</vendor><action>success</action><hash>b44e4ba19edd67cff4b5ad386c96bd43</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js</path><vendor>PUP.Optional.Extutil.A</vendor><action>success</action><hash>b44e4ba19edd67cff4b5ad386c96bd43</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json</path><vendor>PUP.Optional.Extutil.A</vendor><action>success</action><hash>b44e4ba19edd67cff4b5ad386c96bd43</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js</path><vendor>PUP.Optional.Managera.A</vendor><action>success</action><hash>9c6613d91764102638729d48da28fb05</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json</path><vendor>PUP.Optional.Managera.A</vendor><action>success</action><hash>9c6613d91764102638729d48da28fb05</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\uvg7cmtm.default\prefs.js</path><vendor>PUP.Optional.Trovi</vendor><action>replaced</action><baddata>user_pref(&quot;browser.search.defaultenginename&quot;, &quot;Trovi search&quot;);</baddata><gooddata></gooddata><hash>54aed71594e7a6909684ec3e58ad6898</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\uvg7cmtm.default\prefs.js</path><vendor>PUP.Optional.Trovi</vendor><action>replaced</action><baddata>user_pref(&quot;browser.search.selectedEngine&quot;, &quot;Trovi search&quot;);</baddata><gooddata></gooddata><hash>42c0feee4d2e74c275a69a9041c4837d</hash></file>
<file><path>C:\Users\Assistant Bookkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\uvg7cmtm.default\prefs.js</path><vendor>PUP.Optional.Trovi.A</vendor><action>replaced</action><baddata>user_pref(&quot;browser.startup.homepage&quot;, &quot;http://www.trovi.com/?gd=&amp;ctid=CT3324790&amp;octid=EB_ORIGINAL_CTID&amp;ISID=MFED00094-C2AB-4270-BC89-406ACC6DC6C4&amp;SearchSource=55&amp;CUI=&amp;UM=5&amp;UP=SPAC53B5A6-0598-436B-9535-D2511AF93323&amp;SSPV=&quot;);</baddata><gooddata></gooddata><hash>35cd6587cdae12245e4ac961af56d52b</hash></file>
</items>
</mbam-log>
 



#4 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 11 September 2014 - 01:40 PM

Here is FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Assistant Bookkeeper (administrator) on SERVER on 11-09-2014 11:33:13
Running from C:\Users\Assistant Bookkeeper\Desktop\Malware Tools
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(PC Drivers Headquarters) C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VBoxTray] => C:\Windows\system32\VBoxTray.exe [1238544 2009-08-04] (Sun Microsystems, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11464296 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-17] (InstallShield Software Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-09-03] (APN)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [20480 2007-07-26] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3578726923-2452504054-157316393-1005\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-18] (Google Inc.)
HKU\S-1-5-21-3578726923-2452504054-157316393-1005\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20587168 2013-11-18] (Skype Technologies S.A.)
HKU\S-1-5-21-3578726923-2452504054-157316393-1005\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3578726923-2452504054-157316393-1005\...\Run: [Driver Support] => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [4785504 2014-05-07] (PC Drivers Headquarters)
HKU\S-1-5-21-3578726923-2452504054-157316393-1005\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3578726923-2452504054-157316393-1005\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (No File)
Startup: C:\Users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDB4CAE889521CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
SearchScopes: HKCU - {37BAD45D-139F-4D98-B429-9850E0F00721} URL = http://www.search.ask.com/web?tpid=AD5&o=APN10090&pf=V7&p2=^A5G^YYYYYY^YY^US&gct=&itbv=12.10.2.4130&apn_uid=9e540f27-760e-4fb3-a9f1-b611131ff1f7&apn_ptnrs=^A5G&apn_dtid=^YYYYYY^YY^US&apn_dbr=ff_4.0&doi=2014-02-03&trgb=ALL&q={searchTerms}&psv=&pt=tb
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=SWL&chn=&geo=US&ver=1
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Norton Safe Web Lite BHO -> {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} -> C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab?rnd=4081526441
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{11795C1D-3229-4DB0-927D-43657BDEA3B5}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{F090DBA6-5D56-44D1-A664-899587E09F38}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Assistant Bookkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\uvg7cmtm.default
FF NewTab: about:newtab
FF SearchEngineOrder.1: Ask.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Assistant Bookkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\uvg7cmtm.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Assistant Bookkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\uvg7cmtm.default\searchplugins\ask-search.xml
FF SearchPlugin: C:\Users\Assistant Bookkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\uvg7cmtm.default\searchplugins\askcom.xml
FF Extension: Avery Toolbar - C:\Users\Assistant Bookkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\uvg7cmtm.default\Extensions\toolbar@ask.com.xpi [2014-09-10]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [{3112ca9c-de6d-4884-a869-9855de68056c}] - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF Extension: Google Toolbar for Firefox - C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011-03-18]
FF HKLM-x32\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST
FF Extension: Norton Safe Web Lite Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.6\coFFNST [2011-05-31]
FF Extension: No Name - C:\Program Files (x86)\PassShow-soft\171.xpi [Not Found]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/webhp?sourceid=chrome-instant&rlz=1C1GPCK_enUS454US454&ion=1&espv=2&ie=UTF-8
CHR DefaultSearchKeyword: Default -> 07950AA65F3EA7A3FF18061D77D4F2B6FE71458282B9D756AF085ABCC03B7F2A
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Assistant Bookkeeper\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Profile: C:\Users\Assistant Bookkeeper\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avery Toolbar) - C:\Users\Assistant Bookkeeper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanobhlcpfoihhejhjhpcclemfaocd [2013-04-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Assistant Bookkeeper\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Mindjet) - C:\Users\Assistant Bookkeeper\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgpkinhfhnglbhoeoeooekalejbhbhgl [2011-12-19]
CHR Extension: (YouTube) - C:\Users\Assistant Bookkeeper\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-13]
CHR Extension: (Google Search) - C:\Users\Assistant Bookkeeper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-13]
CHR Extension: (Magic Pen) - C:\Users\Assistant Bookkeeper\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiaebdkflmgakgaloagbhadfciekhdcl [2011-12-19]
CHR Extension: (Skype Click to Call) - C:\Users\Assistant Bookkeeper\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-01-18]
CHR Extension: (Google Wallet) - C:\Users\Assistant Bookkeeper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Assistant Bookkeeper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-13]
CHR HKLM\...\Chrome\Extension: [aaaanobhlcpfoihhejhjhpcclemfaocd] - C:\ProgramData\AskPartnerNetwork\Toolbar\AD5\CRX\ToolbarCR.crx [2014-09-10]
CHR HKLM-x32\...\Chrome\Extension: [aaaanobhlcpfoihhejhjhpcclemfaocd] - C:\ProgramData\AskPartnerNetwork\Toolbar\AD5\CRX\ToolbarCR.crx [2014-09-10]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-29]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-09-03] (APN LLC.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NSL; C:\Program Files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [130000 2010-11-23] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21544 2010-04-27] ()
R0 fttxr52P; C:\Windows\System32\drivers\fttxr52P.sys [191384 2007-02-15] (Promise Technology, Inc.)
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-09-11] ()
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 cpuz131; \??\C:\Users\LICENS~1\AppData\Local\Temp\cpuz131\cpuz_x64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 11:32 - 2014-09-11 11:33 - 00000000 ____D () C:\Users\Assistant Bookkeeper\Desktop\Malware Tools
2014-09-11 11:32 - 2014-09-11 11:33 - 00000000 ____D () C:\FRST
2014-09-10 17:01 - 2014-09-11 09:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-10 17:01 - 2014-09-10 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-10 17:01 - 2014-09-10 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 17:01 - 2014-09-10 17:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-10 17:01 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-10 17:01 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-10 17:01 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-10 16:53 - 2014-09-10 16:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Assistant Bookkeeper\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-09 18:28 - 2014-09-09 18:28 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-09 08:58 - 2014-09-09 13:12 - 00028284 _____ () C:\Users\Assistant Bookkeeper\Desktop\fair wage.xlsx
2014-09-08 11:01 - 2014-09-10 11:31 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-08-29 13:17 - 2014-08-29 13:17 - 00024064 _____ () C:\Users\Assistant Bookkeeper\Desktop\Training Schedule.xls
2014-08-27 11:00 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-27 11:00 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-27 11:00 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 10:29 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 10:29 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 10:29 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 10:29 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 10:29 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 10:29 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 10:29 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 10:29 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 10:29 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 10:29 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 10:28 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 10:28 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 10:28 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 10:28 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-22 08:25 - 2014-08-22 08:25 - 00000000 __SHD () C:\Users\Assistant Bookkeeper\AppData\Local\EmieUserList
2014-08-22 08:25 - 2014-08-22 08:25 - 00000000 __SHD () C:\Users\Assistant Bookkeeper\AppData\Local\EmieSiteList
2014-08-13 03:01 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 03:01 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 03:01 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 03:01 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 03:01 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 03:01 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 03:01 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 03:01 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 02:08 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 02:08 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 02:08 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 02:08 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 02:08 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 02:08 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 02:08 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 02:08 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-13 02:08 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-13 02:08 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 02:08 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-13 02:08 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 02:08 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 02:08 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 02:08 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 02:08 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-13 02:08 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-13 02:08 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-13 02:08 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 02:08 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 02:08 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-13 02:08 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 02:08 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-13 02:08 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-13 02:08 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 02:08 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 02:08 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 02:08 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 02:08 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 02:08 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 02:08 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 02:08 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 02:08 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 02:08 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-13 02:08 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-13 02:08 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 02:08 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 02:08 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 02:08 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 02:08 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 02:08 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 02:08 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-13 02:08 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 02:08 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 02:08 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 02:08 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 02:08 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 02:08 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 02:08 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-13 02:08 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 02:08 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 02:08 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 02:08 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-13 02:08 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-13 02:08 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 02:08 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 02:08 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 02:08 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 02:08 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 02:08 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 02:08 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 02:08 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 02:08 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 02:08 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 02:08 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 02:08 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 02:08 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 02:08 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 02:08 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 02:08 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 02:08 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 02:08 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 02:08 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 02:08 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 02:08 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 02:08 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 02:08 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 02:08 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 02:08 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 02:08 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 02:06 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 02:06 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 02:06 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 02:06 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-11 11:33 - 2014-09-11 11:32 - 00000000 ____D () C:\Users\Assistant Bookkeeper\Desktop\Malware Tools
2014-09-11 11:33 - 2014-09-11 11:32 - 00000000 ____D () C:\FRST
2014-09-11 11:33 - 2009-07-13 21:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 11:33 - 2009-07-13 21:45 - 00023392 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 11:30 - 2011-03-25 14:28 - 00000000 ____D () C:\Users\Assistant Bookkeeper\Documents\Outlook Files
2014-09-11 11:28 - 2012-07-03 12:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 10:50 - 2009-08-27 17:26 - 01550607 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 10:48 - 2011-03-18 09:59 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 09:31 - 2014-09-10 17:01 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 09:06 - 2012-04-02 09:49 - 00000000 ___RD () C:\Users\Assistant Bookkeeper\Dropbox
2014-09-11 08:55 - 2012-04-02 09:47 - 00000000 ____D () C:\Users\Assistant Bookkeeper\AppData\Roaming\Dropbox
2014-09-11 08:55 - 2011-03-24 15:16 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-09-11 08:55 - 2011-03-24 15:16 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-09-11 08:54 - 2011-03-25 05:29 - 00017848 _____ () C:\Windows\setupact.log
2014-09-11 08:54 - 2011-03-24 15:16 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-09-11 08:54 - 2011-03-18 09:59 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 08:54 - 2010-07-09 13:16 - 00440014 _____ () C:\Windows\PFRO.log
2014-09-11 08:54 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 08:33 - 2009-07-13 22:13 - 00786598 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 08:07 - 2011-03-28 15:28 - 00799604 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 08:03 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Vss
2014-09-10 20:04 - 2012-01-18 12:59 - 00000000 ____D () C:\Users\Assistant Bookkeeper\AppData\Roaming\Skype
2014-09-10 17:01 - 2014-09-10 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-10 17:01 - 2014-09-10 17:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 17:01 - 2014-09-10 17:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-10 16:54 - 2014-09-10 16:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Assistant Bookkeeper\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 13:39 - 2011-03-18 09:57 - 00000880 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-09-10 11:31 - 2014-09-08 11:01 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2014-09-09 18:29 - 2012-07-03 12:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-09 18:29 - 2012-07-03 12:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 18:29 - 2011-06-02 08:04 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-09 18:28 - 2014-09-09 18:28 - 17903792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-09 15:57 - 2011-12-22 09:21 - 00000000 ____D () C:\Users\Assistant Bookkeeper\Desktop\Files
2014-09-09 13:12 - 2014-09-09 08:58 - 00028284 _____ () C:\Users\Assistant Bookkeeper\Desktop\fair wage.xlsx
2014-09-09 11:23 - 2012-02-10 14:18 - 00000000 ____D () C:\Users\Assistant Bookkeeper\AppData\Roaming\FlexiBake
2014-09-09 11:23 - 2012-02-09 16:15 - 00000000 ____D () C:\ProgramData\FlexiBake
2014-09-09 08:55 - 2009-07-14 00:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-08 11:33 - 2012-02-29 15:09 - 00000000 ____D () C:\Users\Assistant Bookkeeper\AppData\Local\LogMeIn Hamachi
2014-08-29 13:17 - 2014-08-29 13:17 - 00024064 _____ () C:\Users\Assistant Bookkeeper\Desktop\Training Schedule.xls
2014-08-28 03:55 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-08-28 03:18 - 2009-07-13 21:45 - 00408808 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 15:30 - 2011-10-27 11:07 - 00000000 ____D () C:\Users\Assistant Bookkeeper\AppData\Local\CrashDumps
2014-08-22 19:07 - 2014-08-27 11:00 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-08-27 11:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-08-27 11:00 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 08:25 - 2014-08-22 08:25 - 00000000 __SHD () C:\Users\Assistant Bookkeeper\AppData\Local\EmieUserList
2014-08-22 08:25 - 2014-08-22 08:25 - 00000000 __SHD () C:\Users\Assistant Bookkeeper\AppData\Local\EmieSiteList
2014-08-21 13:44 - 2012-04-02 09:48 - 00000000 ____D () C:\Users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-17 14:51 - 2013-02-08 09:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-08-13 03:33 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-13 03:17 - 2011-03-25 12:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 03:10 - 2013-07-27 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 03:06 - 2009-10-06 10:14 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 03:00 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

Some content of TEMP:
====================
C:\Users\Assistant Bookkeeper\AppData\Local\Temp\BackupSetup.exe
C:\Users\Assistant Bookkeeper\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp1arflu.dll
C:\Users\Assistant Bookkeeper\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Assistant Bookkeeper\AppData\Local\Temp\install_flashplayer11x32ax_gtbp_chra_aih.exe
C:\Users\Assistant Bookkeeper\AppData\Local\Temp\msvcr71.dll
C:\Users\Assistant Bookkeeper\AppData\Local\Temp\Package.exe
C:\Users\Assistant Bookkeeper\AppData\Local\Temp\setup.exe
C:\Users\Assistant Bookkeeper\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Assistant Bookkeeper\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Licensed User\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 00:16

==================== End Of Log ============================

 

Here is Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Assistant Bookkeeper at 2014-09-11 11:33:51
Running from C:\Users\Assistant Bookkeeper\Desktop\Malware Tools
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.1 - Nero AG) Hidden
Ask Toolbar (HKLM-x32\...\{41443500-6A76-A76A-76A7-A758B70C1002}) (Version: 12.16.2.1980 - APN, LLC) <==== ATTENTION
AutoGreen B09.1014.2 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B09.1014.2 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Awesome Duplicate Photo Finder v. 1.1 (HKLM-x32\...\Awesome Duplicate Photo Finder_is1) (Version:  - Duplicate-Finder.com)
BakeSmart Demo 5.1 v4 (HKLM-x32\...\BakeSmart_Demo_2.0) (Version:  - )
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Crystal Reports XI RDC Redistribution Installation (HKLM-x32\...\{9CDB681C-F823-4EA3-B8DE-54F1B75559A1}) (Version: 1.000.0000 - Randem Systems, Inc)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden
Driver Support (HKLM-x32\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - Driver Support)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
Duplicate Cleaner Pro 3.2.4 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 3.2.4 - DigitalVolcano Software Ltd)
Easy Tune 6 B10.0521.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B10.0521.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FlexiBake Version 2 (HKLM-x32\...\{EB7BEEFB-6672-471D-83FF-12E3EEB8CB40}_is1) (Version: 2.7 - FlexiBake Ltd.)
GoMeetNow (HKCU\...\TurboMeeting) (Version: 3.0.308 - RHUB Communications, Inc.)
GoMeetNow (HKLM-x32\...\TurboMeeting) (Version: 3.0.232 - RHUB Communications, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{47BBA5AA-CA6F-4A41-858D-A7A776F29A8B}) (Version: 3.0.11752 - Google, Inc.)
Google Toolbar for Firefox (HKLM-x32\...\{2CCBABCB-6427-4A55-B091-49864623C43F}) (Version: 7.1.20101113b1 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 4.8.0.723 (HKCU\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.8.2 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Menu Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Publisher 2010 (HKLM-x32\...\Office14.PUBLISHERR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual FoxPro OLE DB Provider (HKLM-x32\...\{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}) (Version: 1.0.0 - Microsoft Corporation)
Movie Templates - Starter Kit (x32 Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{bcc13822-816f-4221-9d83-d7e03c155625}) (Version:  - Nero AG)
Nero BurnRights (x32 Version: 3.4.11.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.11.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.11.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.6.2.101 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.11.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.12.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.8.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.17.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Norton Safe Web Lite (HKLM-x32\...\NST) (Version: 1.2.0.6 - Symantec Corporation)
ON_OFF Charge B10.0427.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6194 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.8.8855 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
surveyor 3.5.30 (HKLM-x32\...\Surveyor_is1) (Version:  - )
TeamViewer 6 Host (HKLM-x32\...\TeamViewer 6 Host) (Version: 6.0.11117 - TeamViewer GmbH)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PUBLISHERR_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PUBLISHERR_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PUBLISHERR_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PUBLISHERR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{91140000-0019-0000-0000-0000000FF1CE}_Office14.PUBLISHERR_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WebEx (HKCU\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3578726923-2452504054-157316393-1005_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3578726923-2452504054-157316393-1005_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\457\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3578726923-2452504054-157316393-1005_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\Windows\system32\kernel32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3578726923-2452504054-157316393-1005_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3578726923-2452504054-157316393-1005_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3578726923-2452504054-157316393-1005_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3578726923-2452504054-157316393-1005_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3578726923-2452504054-157316393-1005_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3578726923-2452504054-157316393-1005_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3578726923-2452504054-157316393-1005_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3578726923-2452504054-157316393-1005_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

11-09-2014 17:16:33 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-09-10 11:31 - 00001388 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
50.30.39.65 www.google-analytics.com.
50.30.39.65 google-analytics.com.
50.30.39.65 connect.facebook.net.
198.37.114.178 www.google-analytics.com.
198.37.114.178 google-analytics.com.
198.37.114.178 connect.facebook.net.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {52CDE309-5024-447E-BD8B-B871C898321A} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-10] (Google)
Task: {60901A83-541F-421A-AFD7-A84290AAA959} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {8F942D25-010F-42B2-96B2-43E598C17D23} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {966AEA65-15EA-4F07-BB4B-408175457E7D} - System32\Tasks\Driver Support-RTMRules => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)
Task: {98D5CB37-8CAC-4763-B6DC-6B2B250DEBE3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B09C7D83-25FF-4D1A-AA04-C64A237DD930} - System32\Tasks\Driver Support-RTMScan => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)
Task: {CB45F0FB-87D0-4EE7-97E6-DA09256DA6DF} - System32\Tasks\{E050972C-5B9B-4F9D-8338-52FDC4509B18} => Firefox.exe http://ui.skype.com/ui/0/6.3.59.107/en/abandoninstall?page=tsProgressBar
Task: {D1E381E2-343A-4551-B160-F6C76354E054} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)
Task: {D67A889C-28B7-4319-8853-E34BBDA80C96} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-18] (Google Inc.)
Task: {EA67E9CB-30C2-4CC8-9CBE-1B615F6862FC} - System32\Tasks\{015890F0-9EB0-4BAE-88D1-86A292AD1B1F} => Iexplore.exe http://ui.skype.com/ui/0/5.9.59.115/en/abandoninstall?page=tsMain
Task: {EFA91ABA-4509-40F0-8B50-3751C2778009} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-03-18] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-03-25 17:21 - 2008-03-25 17:21 - 00219656 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2014-05-07 13:31 - 2014-05-07 13:31 - 00428424 _____ () C:\Program Files (x86)\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2010-05-20 09:56 - 2010-05-20 09:56 - 02347079 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2010-04-16 11:38 - 2010-04-16 11:38 - 00344131 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2010-01-12 17:09 - 2010-01-12 17:09 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 15:22 - 2008-05-07 15:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2010-04-13 13:38 - 2010-04-13 13:38 - 00139264 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2009-12-22 16:52 - 2009-12-22 16:52 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2009-10-21 14:07 - 2009-10-21 14:07 - 00106496 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2010-05-21 13:29 - 2010-05-21 13:29 - 00196608 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 14:11 - 2003-02-14 14:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2010-04-02 16:04 - 2010-04-02 16:04 - 00110592 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2010-03-12 05:40 - 2010-03-12 05:40 - 04449632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2010-03-12 05:40 - 2010-03-12 05:40 - 00423256 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2010-04-07 15:35 - 2010-04-07 15:35 - 00274432 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
2014-09-04 17:50 - 2014-08-29 19:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-04 17:50 - 2014-08-29 19:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-04 17:50 - 2014-08-29 19:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-04 17:50 - 2014-08-29 19:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-04 17:50 - 2014-08-29 19:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 16:46 - 2013-02-14 16:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2010-10-20 16:08 - 2010-10-20 16:08 - 00122720 _____ () C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TurboMeeting => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/08/2014 11:44:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (09/07/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (09/04/2014 05:13:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (09/02/2014 11:22:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 6.11.59.102 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1038

Start Time: 01cfc2d36a11ef63

Termination Time: 10

Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report Id:

Error: (08/31/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/28/2014 09:59:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (08/27/2014 03:30:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: chrome.dll, version: 36.0.1985.143, time stamp: 0x53e2e1c7
Exception code: 0xc0000005
Fault offset: 0x00006667
Faulting process id: 0x178c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (08/24/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/17/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location E:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (08/13/2014 08:10:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108


System errors:
=============
Error: (09/11/2014 08:54:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/11/2014 08:50:40 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/11/2014 08:38:30 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.183.2074.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (09/11/2014 08:27:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/11/2014 08:14:06 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.183.2074.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (09/11/2014 08:04:04 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (09/11/2014 08:04:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (09/10/2014 08:13:36 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.183.2074.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.5.0216.00

    Source Path: 4.5.0216.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (09/10/2014 08:02:25 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.

Error: (09/10/2014 08:02:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================
Error: (09/08/2014 11:44:08 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (09/07/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (09/04/2014 05:13:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (09/02/2014 11:22:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Skype.exe6.11.59.102103801cfc2d36a11ef6310C:\Program Files (x86)\Skype\Phone\Skype.exe

Error: (08/31/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (08/28/2014 09:59:50 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (08/27/2014 03:30:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe36.0.1985.14353e2e515chrome.dll36.0.1985.14353e2e1c7c000000500006667178c01cfc246903c7525C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\chrome.dllcffe8f5f-2e39-11e4-a945-1c6f65a73b99

Error: (08/24/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (08/17/2014 07:00:00 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: E:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (08/13/2014 08:10:20 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 650 @ 3.20GHz
Percentage of memory in use: 69%
Total physical RAM: 3831.47 MB
Available physical RAM: 1154.36 MB
Total Pagefile: 7661.12 MB
Available Pagefile: 4977.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.03 GB) (Free:188.72 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: ADB72861)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thanks!



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 11 September 2014 - 01:51 PM

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#6 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 11 September 2014 - 10:57 PM

Here is combofix:

ComboFix 14-09-12.01 - Assistant Bookkeeper 09/11/2014  20:33:27.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3831.1260 [GMT -7:00]
Running from: c:\users\Assistant Bookkeeper\Desktop\Malware Tools\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Assistant Bookkeeper\AppData\Local\Microsoft\Windows\Temporary Internet Files\{39458405-07F9-4EEA-B365-4EE9D3695B2F}.xps
c:\users\Assistant Bookkeeper\Documents\~WRL0638.tmp
c:\users\Assistant Bookkeeper\Documents\~WRL3025.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-12 to 2014-09-12  )))))))))))))))))))))))))))))))
.
.
2014-09-12 03:41 . 2014-09-12 03:41    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-09-11 18:58 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-11 18:58 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-11 18:32 . 2014-09-11 18:34    --------    d-----w-    C:\FRST
2014-09-11 16:06 . 2014-08-21 03:43    11319192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F44FB3D6-A59A-4DF1-A2C5-303FEEED3A69}\mpengine.dll
2014-09-11 16:00 . 2014-08-01 11:53    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-11 16:00 . 2014-08-01 11:35    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-09-11 16:00 . 2014-06-24 03:29    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-11 16:00 . 2014-06-24 02:59    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-09-11 15:57 . 2014-07-07 02:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-11 15:57 . 2014-07-07 02:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-11 15:57 . 2014-07-07 01:40    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-09-11 15:57 . 2014-07-07 01:40    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-09-11 15:57 . 2014-07-07 01:39    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-09-11 15:57 . 2014-09-05 02:10    578048    ----a-w-    c:\windows\system32\aepdu.dll
2014-09-11 15:57 . 2014-09-05 02:05    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-09-11 00:01 . 2014-09-11 22:11    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-11 00:01 . 2014-05-12 14:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-11 00:01 . 2014-05-12 14:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-11 00:01 . 2014-05-12 14:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-11 00:01 . 2014-09-11 00:01    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-11 00:01 . 2014-09-11 00:01    --------    d-----w-    c:\programdata\Malwarebytes
2014-09-10 15:35 . 2014-09-10 15:35    --------    d-----w-    c:\users\Assistant Bookkeeper\AppData\Roaming\Logs
2014-09-10 01:28 . 2014-09-10 01:28    17903792    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-09 18:02 . 2014-08-21 03:43    11319192    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-29 10:30 . 2014-08-20 10:49    1169712    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55FEF8F4-8C34-409C-A3DF-FF592D6CD0C4}\gapaengine.dll
2014-08-27 18:00 . 2014-08-23 02:07    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-27 18:00 . 2014-08-23 01:45    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-27 18:00 . 2014-08-23 00:59    3163648    ----a-w-    c:\windows\system32\win32k.sys
2014-08-22 17:29 . 2014-05-14 16:23    44512    ----a-w-    c:\windows\system32\wups2.dll
2014-08-22 17:29 . 2014-05-14 16:23    58336    ----a-w-    c:\windows\system32\wuauclt.exe
2014-08-22 17:29 . 2014-05-14 16:23    2477536    ----a-w-    c:\windows\system32\wuaueng.dll
2014-08-22 17:29 . 2014-05-14 16:21    2620928    ----a-w-    c:\windows\system32\wucltux.dll
2014-08-22 17:29 . 2014-05-14 16:23    38880    ----a-w-    c:\windows\system32\wups.dll
2014-08-22 17:29 . 2014-05-14 16:23    36320    ----a-w-    c:\windows\SysWow64\wups.dll
2014-08-22 17:29 . 2014-05-14 16:23    700384    ----a-w-    c:\windows\system32\wuapi.dll
2014-08-22 17:29 . 2014-05-14 16:23    581600    ----a-w-    c:\windows\SysWow64\wuapi.dll
2014-08-22 17:29 . 2014-05-14 16:20    97792    ----a-w-    c:\windows\system32\wudriver.dll
2014-08-22 17:29 . 2014-05-14 16:17    92672    ----a-w-    c:\windows\SysWow64\wudriver.dll
2014-08-22 17:28 . 2014-05-14 16:23    198600    ----a-w-    c:\windows\system32\wuwebv.dll
2014-08-22 17:28 . 2014-05-14 16:23    179656    ----a-w-    c:\windows\SysWow64\wuwebv.dll
2014-08-22 17:28 . 2014-05-14 16:20    36864    ----a-w-    c:\windows\system32\wuapp.exe
2014-08-22 17:28 . 2014-05-14 16:17    33792    ----a-w-    c:\windows\SysWow64\wuapp.exe
2014-08-22 15:25 . 2014-08-22 15:25    --------    d-sh--w-    c:\users\Assistant Bookkeeper\AppData\Local\EmieUserList
2014-08-22 15:25 . 2014-08-22 15:25    --------    d-sh--w-    c:\users\Assistant Bookkeeper\AppData\Local\EmieSiteList
2014-08-13 10:01 . 2014-03-09 21:48    171160    ----a-w-    c:\windows\system32\infocardapi.dll
2014-08-13 10:01 . 2014-03-09 21:48    1389208    ----a-w-    c:\windows\system32\icardagt.exe
2014-08-13 10:01 . 2014-03-09 21:47    99480    ----a-w-    c:\windows\SysWow64\infocardapi.dll
2014-08-13 10:01 . 2014-03-09 21:47    619672    ----a-w-    c:\windows\SysWow64\icardagt.exe
2014-08-13 10:01 . 2014-06-30 22:24    8856    ----a-w-    c:\windows\system32\icardres.dll
2014-08-13 10:01 . 2014-06-30 22:14    8856    ----a-w-    c:\windows\SysWow64\icardres.dll
2014-08-13 10:01 . 2014-06-06 06:16    35480    ----a-w-    c:\windows\SysWow64\TsWpfWrp.exe
2014-08-13 10:01 . 2014-06-06 06:12    35480    ----a-w-    c:\windows\system32\TsWpfWrp.exe
2014-08-13 09:06 . 2014-07-14 02:02    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-08-13 09:06 . 2014-07-14 01:40    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-11 19:34 . 2011-03-24 22:16    30528    ----a-w-    c:\windows\GVTDrv64.sys
2014-09-11 19:34 . 2011-03-24 22:16    25640    ----a-w-    c:\windows\gdrv.sys
2014-09-11 18:59 . 2009-10-06 17:14    101694776    ----a-w-    c:\windows\system32\MRT.exe
2014-09-11 15:19 . 2014-07-31 16:32    163504    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-09-10 01:29 . 2012-07-03 19:24    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 01:29 . 2011-06-02 15:04    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-28 15:19 . 2011-03-29 01:36    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-20 10:49 . 2011-03-28 23:08    1169712    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-07-25 09:35 . 2014-07-25 09:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 06:47 . 2014-07-25 06:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-18 01:05 . 2014-07-18 01:05    269008    ----a-w-    c:\windows\system32\drivers\MpFilter.sys
2014-07-18 01:05 . 2010-10-25 04:25    125584    ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
2014-06-18 02:18 . 2014-07-09 04:08    692736    ----a-w-    c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-09 04:08    646144    ----a-w-    c:\windows\SysWow64\osk.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    131480    ----a-w-    c:\users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-18 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-18 20587168]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"Driver Support"="c:\program files (x86)\Driver Support\Driver Support\DriverSupport.exe" [2014-05-07 4785504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-09-03 1942424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"EasyTuneVI"="c:\program files (x86)\GIGABYTE\ET6\ETCall.exe" [2007-07-26 20480]
.
c:\users\Assistant Bookkeeper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-8-15 36414752]
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2CEC3M0405KD;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin_V2M"= 5 (0x5)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 cpuz131;cpuz131;c:\users\LICENS~1\AppData\Local\Temp\cpuz131\cpuz_x64.sys;c:\users\LICENS~1\AppData\Local\Temp\cpuz131\cpuz_x64.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 fttxr52P;fttxr52P;c:\windows\system32\drivers\fttxr52P.sys;c:\windows\SYSNATIVE\drivers\fttxr52P.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe;c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [x]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NISDRV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-05 00:49    1096520    ----a-w-    c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 01:29]
.
2014-09-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-03-18 23:46]
.
2014-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-18 16:59]
.
2014-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-18 16:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04    164760    ----a-w-    c:\users\Assistant Bookkeeper\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 17:34    777032    ----a-w-    c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBoxTray"="c:\windows\system32\VBoxTray.exe" [2009-08-04 1238544]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{11795C1D-3229-4DB0-927D-43657BDEA3B5}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{F090DBA6-5D56-44D1-A664-899587E09F38}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
FF - ProfilePath - c:\users\Assistant Bookkeeper\AppData\Roaming\Mozilla\Firefox\Profiles\uvg7cmtm.default\
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-11  20:42:50
ComboFix-quarantined-files.txt  2014-09-12 03:42
.
Pre-Run: 200,973,590,528 bytes free
Post-Run: 204,603,047,936 bytes free
.
- - End Of File - - 8F6A1FA28C7A09DEFB1F2125B71C0FAC
 



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 12 September 2014 - 04:57 AM

Hi,

does Malwarebytes still find malware if you re-run the scan now?
Also:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#8 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 13 September 2014 - 03:03 AM

Hello!

Looking much better... MBAM came up clean! :guitar: Awesome!!

 

ESET found a few items...

C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe    Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AD5\Source\AskToolbarInstaller-12.10.2_AD5.msi    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Users\Assistant Bookkeeper\AppData\Local\Mozilla\Firefox\Profiles\uvg7cmtm.default\Cache\D\C9\89DFFd01    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\Installer\44609720.msi    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AD5[1].7z    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AD5[1].7z    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 13 September 2014 - 05:17 AM

Great, and also the stuff found by ESET is nothing to worry about.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Reader X (10.1.0)




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.

#10 mttime73

mttime73
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:12:11 AM

Posted 13 September 2014 - 02:23 PM

Everything looks great!  Thank you so much for your help.  You guys are amazing!!



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 13 September 2014 - 02:36 PM

You're welcome.
Take care.

#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:11 AM

Posted 13 September 2014 - 02:36 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users