Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am plagued with the fake google chrome virus!


  • This topic is locked This topic is locked
23 replies to this topic

#1 Megdalen

Megdalen

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 PM

Posted 29 October 2014 - 01:56 PM

Hello!  I am plagued by what I assume is a virus calling itself "google chrome."  I do not nor have I ever downloaded google chrome as an operating system; I run IE and it's fine.  However, in the following place:  Appdata-LocalLow-Macromedia-Muowcnvodn-Gupagzcjlbdl  There is a google chrome icon called "Vchoojpvy.exe" that cannot be deleted.  Malwarebytes constantly blocks websites trying to access this location but I can't get rid of it.  How do I get rid of it?!  Thank you so, so much.

Attached Files

  • Attached File  dds.txt   22.67KB   1 downloads


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:10 PM

Posted 29 October 2014 - 03:12 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Megdalen

Megdalen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 PM

Posted 29 October 2014 - 03:44 PM

Thank you!  Here are the results of the scan.  The items called "Google, Inc." in the running processes are the ones I think might be causing the trouble.  I am so happy to have you helping!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01
Ran by Megdalen (administrator) on HOME on 29-10-2014 16:38:06
Running from C:\Users\Megdalen\Downloads
Loaded Profile: Megdalen (Available profiles: Megdalen & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Users\Megdalen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Spotify Ltd) C:\Users\Megdalen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Dropbox, Inc.) C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HPQPrntW.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_152_ActiveX.exe
(Google Inc.) C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\Vchoojpvy.exe
(Google Inc.) C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\Vchoojpvy.exe
(Google Inc.) C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\Vchoojpvy.exe
(Google Inc.) C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\Vchoojpvy.exe
(Google Inc.) C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\Vchoojpvy.exe
(Google Inc.) C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\Vchoojpvy.exe
(Google Inc.) C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\Vchoojpvy.exe
(Google Inc.) C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\Vchoojpvy.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-29] (Dell)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\PC Tools <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-02-03] (Eastman Kodak Company)
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [Amazon Cloud Player] => C:\Users\Megdalen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3108864 2013-06-21] ()
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [Wpcbkwuj] => regsvr32.exe /s "C:\Users\Megdalen\AppData\Local\{A567593C-1B58-4CA8-9AD7-9EA75939FB46}\Wpcbkwuj.dll" <===== ATTENTION
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [Spotify] => C:\Users\Megdalen\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-28] (Spotify Ltd)
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [Spotify Web Helper] => C:\Users\Megdalen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-28] (Spotify Ltd)
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Megdalen\AppData\Local\Temp\stsitpq\shxbrgo\wow.dll ATTENTION! ====> ZeroAccess?
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Liberty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {8A060638-5F7A-4151-B60D-963AAD36D672} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://sslvpn.whipplehill.com/NELX.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.unh.edu/dana-cached/sc/JuniperSetupClient.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 173.44.120.32 173.44.120.33 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Megdalen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Megdalen\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-14]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2010-10-27] (SonicWALL Inc.)
S1 bbtqnakb; \??\C:\Windows\system32\drivers\bbtqnakb.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 irdzfoys; \??\C:\Windows\system32\drivers\irdzfoys.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 16:38 - 2014-10-29 16:38 - 00018754 _____ () C:\Users\Megdalen\Downloads\FRST.txt
2014-10-29 16:37 - 2014-10-29 16:38 - 00000000 ____D () C:\FRST
2014-10-29 16:37 - 2014-10-29 16:37 - 02113536 _____ (Farbar) C:\Users\Megdalen\Downloads\FRST64.exe
2014-10-29 15:04 - 2014-10-29 15:04 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-29 15:02 - 2014-10-29 15:02 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Megdalen\Downloads\tdsskiller.exe
2014-10-29 14:48 - 2014-10-29 14:48 - 00023215 _____ () C:\Users\Megdalen\Desktop\dds.txt
2014-10-29 14:48 - 2014-10-29 14:48 - 00006426 _____ () C:\Users\Megdalen\Desktop\attach.txt
2014-10-29 14:45 - 2014-10-29 14:45 - 00688992 ____R (Swearware) C:\Users\Megdalen\Downloads\dds.com
2014-10-29 14:12 - 2014-10-29 14:12 - 00000266 _____ () C:\Users\Administrator\Downloads\Enable_System_Restore.reg
2014-10-29 13:50 - 2014-10-29 13:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HP
2014-10-29 12:58 - 2014-10-29 16:33 - 00000224 _____ () C:\Windows\setupact.log
2014-10-29 12:58 - 2014-10-29 15:34 - 00007430 _____ () C:\Windows\PFRO.log
2014-10-29 12:58 - 2014-10-29 12:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-29 12:38 - 2014-10-29 15:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 12:38 - 2014-10-29 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 12:38 - 2014-10-29 12:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 12:38 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-29 12:38 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-29 12:38 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-29 12:23 - 2014-10-29 12:24 - 00169944 _____ () C:\Users\Megdalen\Documents\cc_20141029_122343backupoct29.reg
2014-10-29 12:15 - 2014-10-29 15:01 - 00000328 _____ () C:\Windows\Tasks\SuperEasy Registry Cleaner_DEFAULT.job
2014-10-29 12:15 - 2014-10-29 12:58 - 00000336 _____ () C:\Windows\Tasks\SuperEasy Registry Cleaner_UPDATES.job
2014-10-29 12:15 - 2014-10-29 12:15 - 00003182 _____ () C:\Windows\System32\Tasks\SuperEasy Registry Cleaner
2014-10-29 12:15 - 2014-10-29 12:15 - 00003076 _____ () C:\Windows\System32\Tasks\SuperEasy Registry Cleaner_UPDATES
2014-10-29 12:15 - 2014-10-29 12:15 - 00002920 _____ () C:\Windows\System32\Tasks\SuperEasy Registry Cleaner_DEFAULT
2014-10-29 12:15 - 2014-10-29 12:15 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\SuperEasy
2014-10-29 11:15 - 2014-10-29 11:15 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{5831862B-00F7-414C-A7F4-A225021AADE7}
2014-10-29 07:15 - 2014-10-29 07:15 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{26CF161D-7786-4C6D-BF3D-8041228B9FDB}
2014-10-28 22:58 - 2014-10-28 22:58 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{7FCF73EA-4B0C-4345-82C1-EBAA19B47303}
2014-10-28 20:56 - 2014-10-28 22:20 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\Spotify
2014-10-28 20:56 - 2014-10-28 20:56 - 00001820 _____ () C:\Users\Megdalen\Desktop\Spotify.lnk
2014-10-28 20:56 - 2014-10-28 20:56 - 00001806 _____ () C:\Users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-10-28 20:55 - 2014-10-29 15:36 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\Spotify
2014-10-28 11:23 - 2014-10-28 11:23 - 00003272 ____N () C:\bootsqm.dat
2014-10-28 10:57 - 2014-10-28 10:57 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{B8980156-8D6F-4C72-A5DF-3706D6301E9D}
2014-10-28 09:56 - 2014-10-28 09:56 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{D4B88BCE-BD8A-4E98-8246-5A347E527AA2}
2014-10-28 09:36 - 2014-10-28 09:36 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{402724A3-172F-4F4B-8EB6-B5ECC44D83DF}
2014-10-27 20:37 - 2014-10-27 20:37 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{647C5D0F-61D1-416F-A796-5C11557CD716}
2014-10-27 07:41 - 2014-10-27 07:41 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{FFA05E83-111E-4ECD-A0A0-DAA762614848}
2014-10-27 07:25 - 2014-10-27 07:25 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{1E92AB29-4647-4284-8499-91FCCD1EBAF4}
2014-10-26 13:47 - 2014-10-26 13:47 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{273153C6-091E-4195-ABD2-E387E1B9056E}
2014-10-25 23:06 - 2014-10-25 23:09 - 00000000 ____D () C:\Users\Megdalen\Documents\My Kindle Content
2014-10-25 23:06 - 2014-10-25 23:06 - 00002246 _____ () C:\Users\Megdalen\Desktop\Kindle.lnk
2014-10-25 23:06 - 2014-10-25 23:06 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\Amazon
2014-10-25 23:05 - 2014-10-25 23:06 - 38157960 _____ (Amazon.com) C:\Users\Megdalen\Downloads\KindleForPC-installer.exe
2014-10-25 12:34 - 2014-10-25 12:34 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{80EFEEB4-218F-476E-A1FE-62A77921538F}
2014-10-24 22:07 - 2014-10-24 22:07 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{CE3579F8-CB12-46F7-9D09-B7DEC82AC34C}
2014-10-24 10:04 - 2014-10-24 10:05 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{4FACC754-1923-4467-BBD3-25595536119E}
2014-10-23 21:57 - 2014-10-23 21:57 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{5185A6F6-C545-47E3-BC79-23A58D24FCC2}
2014-10-23 09:48 - 2014-10-23 09:48 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{CF319481-754B-4788-A743-1F484C32F8E7}
2014-10-22 17:05 - 2014-10-22 17:05 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{06ABBB35-3EB1-44B6-BD3C-78F5F5406DB9}
2014-10-22 07:44 - 2014-10-22 07:44 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{EE9E401E-8073-44A5-8879-E0DAEE27742F}
2014-10-21 10:51 - 2014-10-21 10:51 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{0D689FDF-E021-414E-B982-2CE3A8E6C0F1}
2014-10-20 11:11 - 2014-10-20 11:11 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{EF666CA0-7C49-40C3-824C-718D87943A32}
2014-10-19 20:45 - 2014-10-19 20:45 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{5D55ECC8-DF30-483C-BB0A-00E6305225DB}
2014-10-19 09:37 - 2014-10-19 09:37 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{38A9E4A8-6B4C-4CD9-9820-7E4EF61799E0}
2014-10-18 08:48 - 2014-10-18 08:48 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{DB752393-6A29-4ADF-B09B-956C5B261780}
2014-10-17 13:26 - 2014-10-17 13:26 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{275AD4E1-4912-474E-8B20-2A2083FACC7A}
2014-10-16 21:22 - 2014-10-16 21:22 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{6116C915-43CB-4E34-9247-5839BB46DE32}
2014-10-16 08:37 - 2014-10-16 08:37 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{1DA6117F-6792-422C-ADF6-59A6D5003B66}
2014-10-15 20:29 - 2014-10-15 20:29 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C4A79B1B-3430-483C-9BC4-9CFCD065059D}
2014-10-15 09:59 - 2014-10-15 09:59 - 04161313 _____ () C:\Users\Megdalen\Downloads\tdsskiller.zip
2014-10-15 07:43 - 2014-10-15 07:43 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{33F211C9-656D-41A8-8F99-B1FD4292FFD8}
2014-10-14 21:39 - 2014-10-14 21:39 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{B0ABD9FD-7166-4BDE-B2D2-4B0EAC25BCC9}
2014-10-14 09:28 - 2014-10-14 09:28 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C7D7EF2A-9EEA-4E18-874D-99E09EEE7405}
2014-10-14 01:20 - 2014-10-14 01:20 - 00000000 ____D () C:\Roxio
2014-10-13 09:40 - 2014-10-13 09:40 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{6CC2692B-951D-460A-A70E-0CEF95C80222}
2014-10-12 20:24 - 2014-10-12 20:24 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{9FCF1B34-93D3-4A8B-AFAB-6D7ED8E2BD95}
2014-10-12 07:31 - 2014-10-12 07:31 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{74D79BC4-D2D7-4C6B-8AAB-6157729F961C}
2014-10-11 09:58 - 2014-10-11 09:58 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{E8D9FC24-930D-492B-8513-67F755A82DF8}
2014-10-10 21:51 - 2014-10-10 21:51 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{F42B02C5-28D8-4676-98B6-6BFF86597BD8}
2014-10-10 21:39 - 2014-10-10 21:39 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{F99887AF-EBDA-4EDA-965B-66578EF1622E}
2014-10-10 09:11 - 2014-10-10 09:12 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C8537D87-4102-4F5C-AE45-C68DF5554D87}
2014-10-09 22:13 - 2014-10-09 22:13 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{14ADC8E5-6F24-4311-AA39-0619B14B9A75}
2014-10-09 08:58 - 2014-10-09 08:58 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{057ADD99-4DD1-42B4-9B00-0CC80F900E73}
2014-10-08 09:51 - 2014-10-08 09:51 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{3B00E2B0-76CB-4EE0-B03D-29924492591F}
2014-10-08 08:17 - 2014-10-08 08:17 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{B3763147-E08D-4D6F-A818-71EB43137635}
2014-10-07 10:08 - 2014-10-07 10:08 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{0E7CF397-33C6-4E19-80BA-3DDF7178EE27}
2014-10-06 19:03 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-06 19:01 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-06 19:01 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-06 19:01 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-06 19:01 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-06 19:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-06 19:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-06 19:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-06 19:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-06 19:01 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-06 19:01 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-06 19:01 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-06 09:12 - 2014-10-06 09:13 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{1B1CDC3F-FB95-40A1-80F3-8A8DEF7D98C0}
2014-10-05 14:01 - 2014-10-05 14:01 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C5C6CB88-20C7-4214-9BD8-74B695E61EF7}
2014-10-04 15:11 - 2014-10-04 15:11 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{0EC04417-AAB7-4BCA-898B-D916E58EBBF6}
2014-10-04 12:50 - 2014-10-04 12:50 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{9850FFC0-0DBA-4EE1-9250-C8FA69528D76}
2014-10-03 22:02 - 2014-10-03 22:02 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{A71A7DF3-D8BE-428B-A75C-22513F201401}
2014-10-03 08:55 - 2014-10-03 08:55 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{4DD64112-3041-4158-9BDD-BB47447506B8}
2014-10-02 21:39 - 2014-10-02 21:39 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{72081ED4-AFAB-4300-81F6-DC9D2558C645}
2014-10-02 08:33 - 2014-10-02 08:34 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{39DEAB24-87A1-4720-998E-6A5FF01967EC}
2014-10-01 12:47 - 2014-10-01 12:47 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{4BD0DD6D-1AC3-47BF-9C11-48E5BDDA0919}
2014-10-01 06:43 - 2014-10-01 06:43 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{3837D6D7-622E-4FAE-A7CD-C58DE4CD2ADF}
2014-09-30 09:33 - 2014-09-30 09:33 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{28DF4AB9-CC3A-4D8E-9C8C-96FF8C389B13}
2014-09-29 09:08 - 2014-09-29 09:08 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C7E8128F-8BED-49AE-BFE9-2C3ACA8B146E}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 15:55 - 2010-12-13 09:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-29 15:41 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-29 15:41 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-29 15:36 - 2013-02-23 17:59 - 00000000 ___RD () C:\Users\Megdalen\Dropbox
2014-10-29 15:36 - 2013-02-23 17:56 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\Dropbox
2014-10-29 15:36 - 2009-07-14 01:10 - 01532433 _____ () C:\Windows\WindowsUpdate.log
2014-10-29 15:35 - 2010-05-18 11:40 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\SoftThinks
2014-10-29 15:35 - 2010-05-11 17:28 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-10-29 15:35 - 2010-05-11 17:28 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-10-29 15:35 - 2010-05-11 17:08 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-10-29 15:34 - 2010-12-13 09:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-29 15:34 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-29 15:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas
2014-10-29 15:09 - 2013-05-01 22:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-29 12:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2014-10-29 12:38 - 2013-05-01 20:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-29 12:24 - 2011-01-14 22:07 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-10-28 22:03 - 2010-09-09 20:44 - 00000000 ____D () C:\Jonathan's
2014-10-28 11:28 - 2013-10-27 15:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-26 14:27 - 2013-09-09 09:50 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{A567593C-1B58-4CA8-9AD7-9EA75939FB46}
2014-10-25 23:06 - 2013-06-06 11:16 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-10-24 03:50 - 2010-12-13 09:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 03:50 - 2010-12-13 09:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-14 09:34 - 2011-10-21 20:47 - 00000000 ____D () C:\Users\Megdalen\Documents\ministry tools
2014-10-14 08:47 - 2009-07-14 00:45 - 00405880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-06 21:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-06 19:25 - 2013-02-23 17:59 - 00001026 _____ () C:\Users\Megdalen\Desktop\Dropbox.lnk
2014-10-06 19:25 - 2013-02-23 17:57 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
ZeroAccess:
C:\Users\Megdalen\AppData\Local\Google\Desktop\Install

Files to move or delete:
====================
C:\Users\Megdalen\AmazonMP3DownloaderInstall.exe
C:\Users\Megdalen\gotomypc_626.exe

Some content of TEMP:
====================
C:\Users\Megdalen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkvoskq.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 00:21

==================== End Of Log ============================

 

 

Here are the results of the additional scan

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014 01
Ran by Megdalen at 2014-10-29 16:39:38
Running from C:\Users\Megdalen\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.1.0.332 - Amazon Services LLC)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
F2400 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{B700113B-24A8-4D4C-8484-0CC944F764C8}) (Version: 3.0.3117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.2.0.822 - Citrix Online, a division of Citrix Systems, Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2008 - Intel Corporation)
Juniper Networks Network Connect 7.0.0 (HKLM-x32\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.18107 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.5.9755 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KODAK Share Button App (HKLM-x32\...\{16B2498C-C6C1-4AE7-95EF-D2A09F50071C}) (Version: 4.01.0000.0000 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Disc 2 (HKLM-x32\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.1.0000 - ETS)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> \\?\globalroot\Device\HarddiskVolume3\Users\Megdalen\AppData\Local\Temp\stsitpq\shxbrgo\wow.dll No F (the data entry has 3 more characters).

==================== Restore Points  =========================

29-10-2014 17:56:01 Windows Backup
29-10-2014 18:24:25 Removed Java 7 Update 71
29-10-2014 19:05:09 Microsoft Antimalware Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-06-22 22:06 - 00447225 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12B2EB03-9E19-4A22-A0B4-B14F67074E27} - System32\Tasks\SuperEasy Registry Cleaner_UPDATES => C:\Program Files (x86)\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: {26990738-27D2-4FFF-B30E-484BEB766B37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {424E671F-88FB-4E9D-9FC1-628FA668F1EB} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-02-03] (Eastman Kodak Company)
Task: {4E632D25-E2BF-4EF4-8CB2-8CA0705A1628} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {A2B16B66-3698-40BF-BDA7-9D87F03478E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {B3B5DBAD-112F-4698-913C-1C7E98AD4F8A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {E36C4445-CA74-4774-A5BB-4E45702986B1} - System32\Tasks\SuperEasy Registry Cleaner_DEFAULT => C:\Program Files (x86)\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: {F8EACFBF-70AD-439D-B80D-F053A05E00AE} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files (x86)\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SuperEasy Registry Cleaner_DEFAULT.job => C:\Program Files (x86)\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: C:\Windows\Tasks\SuperEasy Registry Cleaner_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe

==================== Loaded Modules (whitelisted) =============

2010-05-11 17:08 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-22 14:17 - 2013-05-22 14:17 - 00400704 _____ () C:\Users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-07-23 17:03 - 2013-06-21 19:23 - 03108864 _____ () C:\Users\Megdalen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2009-11-13 17:15 - 2009-11-13 17:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-12-15 21:14 - 2009-12-15 21:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2009-11-13 17:15 - 2009-11-13 17:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-10-29 15:36 - 2014-10-29 15:36 - 00043008 _____ () c:\users\megdalen\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkvoskq.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\libcef.dll
2014-09-10 23:17 - 2014-09-10 23:17 - 00718152 _____ () C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\36.0.1985.143\libglesv2.dll
2014-09-10 23:17 - 2014-09-10 23:17 - 00126280 _____ () C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\36.0.1985.143\libegl.dll
2014-09-10 23:17 - 2014-09-10 23:17 - 08537928 _____ () C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\36.0.1985.143\pdf.dll
2014-09-10 23:17 - 2014-09-10 23:17 - 00353096 _____ () C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-09-10 23:17 - 2014-09-10 23:17 - 01732936 _____ () C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\36.0.1985.143\ffmpegsumo.dll
2014-09-10 23:17 - 2014-09-10 23:17 - 14669128 _____ () C:\Users\Megdalen\AppData\LocalLow\Macromedia\Muowcnvodn\Gupagzcjlbdl\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:7E95B6FD
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Megdalen\Documents\100_1308.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Megdalen\Documents\100_1310.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19907830.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\40965465.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19907830.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\40965465.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2450339336-3116216016-3434664442-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2450339336-3116216016-3434664442-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2450339336-3116216016-3434664442-1002 - Limited - Enabled)
Megdalen (S-1-5-21-2450339336-3116216016-3434664442-1001 - Administrator - Enabled) => C:\Users\Megdalen

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2014 03:05:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3c34ff97-3462-4b2e-aff9-add4976e2307}

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

System errors:
=============
Error: (10/29/2014 04:13:56 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (10/29/2014 04:04:56 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (10/29/2014 03:53:02 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (10/29/2014 03:44:08 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (10/29/2014 03:34:57 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon

Error: (10/29/2014 03:34:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:33:24 PM on ‎10/‎29/‎2014 was unexpected.

Error: (10/29/2014 03:10:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/29/2014 03:10:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/29/2014 03:09:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon

Error: (10/29/2014 03:04:31 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Microsoft Office Sessions:
=========================
Error: (10/29/2014 03:05:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3c34ff97-3462-4b2e-aff9-add4976e2307}

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

CodeIntegrity Errors:
===================================
  Date: 2010-09-28 23:32:13.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 22:53:54.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 22:41:58.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 21:55:07.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 19:56:55.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 17:14:26.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 13:49:10.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 13:39:28.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 13:12:14.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 11:46:05.627
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 67%
Total physical RAM: 3895.12 MB
Available physical RAM: 1285.1 MB
Total Pagefile: 7788.41 MB
Available Pagefile: 4572.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:224.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2335E63E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:10 PM

Posted 29 October 2014 - 03:51 PM

Hi,

 

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.

 

Step 1

Please uninstall some programs:

  • Windows 7w7.png: Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

                          Catalina Savings Printer

  • Reboot your computer.

 
Step 2

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Megdalen

Megdalen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 PM

Posted 29 October 2014 - 05:41 PM

Here is the ComboFix text file.

 

 

ComboFix 14-10-29.01 - Megdalen 10/29/2014  17:21:50.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2154 [GMT -4:00]
Running from: c:\users\Megdalen\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\4228.tmp
c:\programdata\Microsoft\Windows\DRM\425A.tmp
c:\programdata\Microsoft\Windows\DRM\687A.tmp
c:\programdata\Microsoft\Windows\DRM\68AC.tmp
c:\programdata\Microsoft\Windows\DRM\6B63.tmp
c:\programdata\Microsoft\Windows\DRM\6BB4.tmp
c:\programdata\Microsoft\Windows\DRM\9205.tmp
c:\programdata\Microsoft\Windows\DRM\9237.tmp
c:\programdata\Microsoft\Windows\DRM\D62A.tmp
c:\programdata\Microsoft\Windows\DRM\D62B.tmp
c:\users\Administrator\GoToAssistDownloadHelper.exe
c:\users\Megdalen\AmazonMP3DownloaderInstall.exe
c:\users\Megdalen\AppData\Local\TempDIR
c:\users\Megdalen\AppData\Local\TempDIR\Offercast2821_NDV_.exe
c:\users\Megdalen\AppData\Roaming\1699739469
c:\users\Megdalen\AppData\Roaming\2676583237
c:\users\Megdalen\AppData\Roaming\275893594
c:\users\Megdalen\AppData\Roaming\2784958252
c:\users\Megdalen\AppData\Roaming\3081722151
c:\windows\PFRO.log
c:\windows\SysWow64\regobj.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-29  )))))))))))))))))))))))))))))))
.
.
2014-10-29 21:58 . 2014-10-29 21:58 -------- d-----w- c:\users\Liberty\AppData\Local\temp
2014-10-29 21:58 . 2014-10-29 21:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-29 21:58 . 2014-10-29 21:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-10-29 20:37 . 2014-10-29 20:40 -------- d-----w- C:\FRST
2014-10-29 19:04 . 2014-10-29 19:04 -------- d-----w- C:\TDSSKiller_Quarantine
2014-10-29 18:27 . 2014-10-29 18:27 -------- d-----w- c:\users\Administrator\AppData\Local\Programs
2014-10-29 17:50 . 2014-10-29 17:50 -------- d-----w- c:\users\Administrator\AppData\Roaming\HP
2014-10-29 16:38 . 2014-10-29 21:12 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-29 16:38 . 2014-10-29 16:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-29 16:38 . 2014-10-01 15:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-29 16:38 . 2014-10-01 15:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-29 16:38 . 2014-10-01 15:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-29 16:15 . 2014-10-29 16:15 -------- d-----w- c:\users\Megdalen\AppData\Roaming\SuperEasy
2014-10-29 14:16 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DD5B206-EDBA-4D04-9B03-37BF30A33762}\mpengine.dll
2014-10-29 00:56 . 2014-10-29 02:20 -------- d-----w- c:\users\Megdalen\AppData\Local\Spotify
2014-10-29 00:55 . 2014-10-29 21:15 -------- d-----w- c:\users\Megdalen\AppData\Roaming\Spotify
2014-10-28 13:14 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-10-26 03:06 . 2014-10-26 03:06 -------- d-----w- c:\users\Megdalen\AppData\Local\Amazon
2014-10-14 05:20 . 2014-10-14 05:20 -------- d-----w- C:\Roxio
2014-10-06 23:03 . 2014-08-18 21:56 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-10-01 17:41 . 2014-09-17 05:52 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{991AAC96-FE05-4598-B412-BF586DC1AF6A}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-22 06:42 . 2010-08-31 12:50 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-17 05:52 . 2011-03-26 19:39 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-11 13:11 . 2014-09-11 13:11 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-09-11 13:11 . 2014-09-11 13:11 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-09-11 13:11 . 2014-09-11 13:11 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-09-11 13:11 . 2014-09-11 13:11 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-09-11 13:11 . 2014-09-11 13:11 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-09-11 13:11 . 2014-09-11 13:11 1812992 ----a-w- c:\windows\SysWow64\wininet.dll
2014-09-11 13:11 . 2014-09-11 13:11 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-09-11 13:11 . 2014-09-11 13:11 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-11 13:11 . 2014-09-11 13:11 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-09-11 13:11 . 2014-09-11 13:11 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-09-11 13:11 . 2014-09-11 13:11 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-09-11 13:11 . 2014-09-11 13:11 2014208 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-09-11 13:11 . 2014-09-11 13:11 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-09-11 13:11 . 2014-09-11 13:11 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-09-11 13:11 . 2014-09-11 13:11 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-09-11 13:11 . 2014-09-11 13:11 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-09-11 13:11 . 2014-09-11 13:11 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-09-11 13:11 . 2014-09-11 13:11 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-09-11 13:11 . 2014-09-11 13:11 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-09-11 13:11 . 2014-09-11 13:11 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-09-11 13:11 . 2014-09-11 13:11 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-09-11 13:11 . 2014-09-11 13:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-09-11 13:11 . 2014-09-11 13:11 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-09-11 13:11 . 2014-09-11 13:11 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-09-11 13:11 . 2014-09-11 13:11 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-09-11 13:11 . 2014-09-11 13:11 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-09-11 13:11 . 2014-09-11 13:11 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-09-11 13:11 . 2014-09-11 13:11 4232704 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-09-11 13:11 . 2014-09-11 13:11 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-09-11 13:11 . 2014-09-11 13:11 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-09-11 13:11 . 2014-09-11 13:11 247808 ----a-w- c:\windows\system32\msls31.dll
2014-09-11 13:11 . 2014-09-11 13:11 1447424 ----a-w- c:\windows\system32\urlmon.dll
2014-09-11 13:11 . 2014-09-11 13:11 2310656 ----a-w- c:\windows\system32\wininet.dll
2014-09-11 13:11 . 2014-09-11 13:11 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-09-11 13:11 . 2014-09-11 13:11 758272 ----a-w- c:\windows\system32\jscript9diag.dll
2014-09-11 13:11 . 2014-09-11 13:11 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-09-11 13:11 . 2014-09-11 13:11 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-09-11 13:11 . 2014-09-11 13:11 2793984 ----a-w- c:\windows\system32\iertutil.dll
2014-09-11 13:11 . 2014-09-11 13:11 195584 ----a-w- c:\windows\system32\msrating.dll
2014-09-11 13:11 . 2014-09-11 13:11 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-09-11 13:11 . 2014-09-11 13:11 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-09-11 13:11 . 2014-09-11 13:11 5833728 ----a-w- c:\windows\system32\jscript9.dll
2014-09-11 13:11 . 2014-09-11 13:11 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-09-11 13:11 . 2014-09-11 13:11 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 13:11 . 2014-09-11 13:11 596480 ----a-w- c:\windows\system32\ieui.dll
2014-09-11 13:11 . 2014-09-11 13:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-09-11 13:11 . 2014-09-11 13:11 13588480 ----a-w- c:\windows\system32\ieframe.dll
2014-09-11 13:11 . 2014-09-11 13:11 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-09-11 13:11 . 2014-09-11 13:11 81408 ----a-w- c:\windows\system32\icardie.dll
2014-09-11 13:11 . 2014-09-11 13:11 775168 ----a-w- c:\windows\system32\ieapfltr.dll
2014-09-11 13:11 . 2014-09-11 13:11 707072 ----a-w- c:\windows\system32\ie4uinit.exe
2014-09-11 13:11 . 2014-09-11 13:11 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-09-11 13:11 . 2014-09-11 13:11 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-09-11 13:11 . 2014-09-11 13:11 446464 ----a-w- c:\windows\system32\dxtmsft.dll
2014-09-11 13:11 . 2014-09-11 13:11 413696 ----a-w- c:\windows\system32\html.iec
2014-09-11 13:11 . 2014-09-11 13:11 374968 ----a-w- c:\windows\system32\iedkcs32.dll
2014-09-11 13:11 . 2014-09-11 13:11 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-09-11 13:11 . 2014-09-11 13:11 289280 ----a-w- c:\windows\system32\dxtrans.dll
2014-09-11 13:11 . 2014-09-11 13:11 235520 ----a-w- c:\windows\system32\url.dll
2014-09-11 13:11 . 2014-09-11 13:11 2104832 ----a-w- c:\windows\system32\inetcpl.cpl
2014-09-11 13:11 . 2014-09-11 13:11 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-09-11 13:11 . 2014-09-11 13:11 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-09-11 13:11 . 2014-09-11 13:11 85504 ----a-w- c:\windows\system32\mshtmled.dll
2014-09-11 13:11 . 2014-09-11 13:11 727040 ----a-w- c:\windows\system32\msfeeds.dll
2014-09-11 13:11 . 2014-09-11 13:11 547328 ----a-w- c:\windows\system32\vbscript.dll
2014-09-11 13:11 . 2014-09-11 13:11 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-09-11 13:11 . 2014-09-11 13:11 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-09-11 13:11 . 2014-09-11 13:11 23591424 ----a-w- c:\windows\system32\mshtml.dll
2014-09-11 13:11 . 2014-09-11 13:11 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-09-11 13:11 . 2014-09-11 13:11 143872 ----a-w- c:\windows\system32\wextract.exe
2014-09-11 13:11 . 2014-09-11 13:11 101376 ----a-w- c:\windows\system32\inseng.dll
2014-09-11 13:11 . 2014-09-11 13:11 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-09-11 13:11 . 2014-09-11 13:11 774144 ----a-w- c:\windows\system32\jscript.dll
2014-09-11 13:11 . 2014-09-11 13:11 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-09-11 13:11 . 2014-09-11 13:11 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-09-11 13:11 . 2014-09-11 13:11 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-09-11 13:11 . 2014-09-11 13:11 147968 ----a-w- c:\windows\system32\occache.dll
2014-09-11 13:11 . 2014-09-11 13:11 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-09-11 13:11 . 2014-09-11 13:11 13824 ----a-w- c:\windows\system32\mshta.exe
2014-09-11 13:11 . 2014-09-11 13:11 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-09-11 13:11 . 2014-09-11 13:11 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-09-11 13:11 . 2014-09-11 13:11 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-09-04 16:29 . 2010-06-24 16:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-03 18:49 . 2010-12-01 22:28 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-09-03 18:49 . 2013-11-13 15:58 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-09-03 18:49 . 2013-11-13 15:58 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-08-29 17:01 . 2010-05-28 13:53 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-23 02:07 . 2014-09-11 12:34 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-11 12:34 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-09-11 12:34 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-01 11:53 . 2014-09-11 12:37 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-11 12:37 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
"AmazonMP3DownloaderHelper"="c:\users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
"Amazon Cloud Player"="c:\users\Megdalen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-06-21 3108864]
"Wpcbkwuj"="c:\users\Megdalen\AppData\Local\{A567593C-1B58-4CA8-9AD7-9EA75939FB46}\Wpcbkwuj.dll" [2014-10-26 287744]
"Spotify"="c:\users\Megdalen\AppData\Roaming\Spotify\Spotify.exe" [2014-10-29 6553144]
"Spotify Web Helper"="c:\users\Megdalen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-10-29 1514040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-29 559616]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\users\Liberty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
c:\users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Megdalen\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys;c:\windows\SYSNATIVE\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys;c:\windows\SYSNATIVE\drivers\TfSysMon.sys [x]
R1 bbtqnakb;bbtqnakb;c:\windows\system32\drivers\bbtqnakb.sys;c:\windows\SYSNATIVE\drivers\bbtqnakb.sys [x]
R1 irdzfoys;irdzfoys;c:\windows\system32\drivers\irdzfoys.sys;c:\windows\SYSNATIVE\drivers\irdzfoys.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NxDrv;SonicWALL NetExtender Adapter;c:\windows\system32\DRIVERS\NxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\NxDrv.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys;c:\windows\SYSNATIVE\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 07:50]
.
2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-13 07:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: whipplehill.com\sslvpn
TCP: DhcpNameServer = 173.44.120.32 173.44.120.33 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Spybot-S&D Cleaning - c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe
SafeBoot-19907830.sys
SafeBoot-40965465.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-29  18:13:32
ComboFix-quarantined-files.txt  2014-10-29 22:13
.
Pre-Run: 241,314,009,088 bytes free
Post-Run: 240,941,342,720 bytes free
.
- - End Of File - - 404A6682D93E3DB07CD6767E466F02F8
CDB4DE4BBD714F152979DA2DCBEF57EB
 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:10 PM

Posted 30 October 2014 - 12:18 AM

Hi,
 
Step 1
 
emsisoft_emergency_kit.pnglogo.png
  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Full Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.
EKK.gif
 
Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Megdalen

Megdalen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 PM

Posted 30 October 2014 - 08:42 AM

There was no "view report" button in the Emsisoft Program, but I did save the Quarantine report in Notepad. It did an automatic restart of my computer, and I had to click the "force restart" button. 

 

Emsisoft Emergency Kit - Version 9.0
Quarantine log

 Date Source Event Infection/PUP 
10/30/2014 9:24:05 AM Key: HKEY_USERS\S-1-5-21-2450339336-3116216016-3434664442-1001\SOFTWARE\SYSTWEAK Move To Quarantine Application.InstallAd (A) 8 
10/30/2014 9:24:04 AM C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\D62B.tmp.vir Move To Quarantine Trojan.Generic.8853295 (B) 3 
10/30/2014 9:24:04 AM C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\D62A.tmp.vir Move To Quarantine Trojan.Generic.8842410 (B) 4 
10/30/2014 9:24:04 AM Key: HKEY_USERS\S-1-5-21-2450339336-3116216016-3434664442-1001\SOFTWARE\YAHOOPARTNERTOOLBAR Move To Quarantine Application.Win32.YTool (A) 5 
10/30/2014 9:24:04 AM Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Move To Quarantine Setting.DisableRegistryTools (A) 6 
10/30/2014 9:24:04 AM Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\SYSTWEAK Move To Quarantine Application.InstallAd (A) 7 
10/30/2014 9:24:03 AM C:\Users\Megdalen\AppData\Local\{A567593C-1B58-4CA8-9AD7-9EA75939FB46}\Wpcbkwuj.dll File locked, removal on next reboot Trojan.GenericKD.1948144 (B) 2 
10/30/2014 9:24:02 AM C:\Users\Megdalen\AppData\LocalLow\qlilmjy.dll Move To Quarantine Trojan.GenericKD.1948144 (B) 1 

 

 

FRST logs in next reply....



#8 Megdalen

Megdalen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 PM

Posted 30 October 2014 - 08:54 AM

I ran the FRST from the icon that I downloaded yesterday, because when I clicked on the button in the reply in your email I got a different screen and it said "deeprybkatrojan" so I didn't want to mess with that.  So here are the files from the FRST scan I did just now.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01
Ran by Megdalen (administrator) on HOME on 30-10-2014 09:48:11
Running from C:\Users\Megdalen\Downloads
Loaded Profile: Megdalen (Available profiles: Megdalen & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Users\Megdalen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Spotify Ltd) C:\Users\Megdalen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Dropbox, Inc.) C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-29] (Dell)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\PC Tools <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-02-03] (Eastman Kodak Company)
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [Amazon Cloud Player] => C:\Users\Megdalen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3108864 2013-06-21] ()
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [Spotify] => C:\Users\Megdalen\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-28] (Spotify Ltd)
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [Spotify Web Helper] => C:\Users\Megdalen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-28] (Spotify Ltd)
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Liberty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {8A060638-5F7A-4151-B60D-963AAD36D672} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://sslvpn.whipplehill.com/NELX.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.unh.edu/dana-cached/sc/JuniperSetupClient.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 173.44.120.32 173.44.120.33 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Megdalen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-14]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-30] (Emsisoft GmbH)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2010-10-27] (SonicWALL Inc.)
S1 bbtqnakb; \??\C:\Windows\system32\drivers\bbtqnakb.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 irdzfoys; \??\C:\Windows\system32\drivers\irdzfoys.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 09:40 - 2014-10-30 09:40 - 00001299 _____ () C:\Users\Megdalen\Desktop\Quarantine_141030-094047.txt
2014-10-30 09:32 - 2014-10-30 09:32 - 00000552 _____ () C:\Windows\PFRO.log
2014-10-30 09:32 - 2014-10-30 09:32 - 00000438 _____ () C:\EamClean.log
2014-10-30 07:56 - 2014-10-30 09:34 - 00000000 ____D () C:\EEK
2014-10-30 07:56 - 2014-10-30 07:56 - 00000745 _____ () C:\Users\Megdalen\Desktop\Start Emsisoft Emergency Kit.lnk
2014-10-30 07:50 - 2014-10-30 07:56 - 154184960 _____ () C:\Users\Megdalen\Downloads\EmsisoftEmergencyKit.exe
2014-10-30 07:48 - 2014-10-30 07:49 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{3A7F93DE-7FD5-41A6-96D1-6E0C5964C5FA}
2014-10-29 18:44 - 2014-10-29 18:44 - 00027464 _____ () C:\Users\Megdalen\Desktop\combofix.txt
2014-10-29 18:13 - 2014-10-29 18:13 - 00027464 _____ () C:\ComboFix.txt
2014-10-29 17:19 - 2014-10-29 18:14 - 00000000 ____D () C:\Qoobox
2014-10-29 17:19 - 2014-10-29 18:08 - 00000000 ____D () C:\Windows\erdnt
2014-10-29 17:19 - 2014-10-29 17:19 - 05591672 ____R (Swearware) C:\Users\Megdalen\Downloads\ComboFix.exe
2014-10-29 17:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-29 17:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-29 17:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-29 17:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-29 17:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-29 17:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-29 17:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-29 17:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-29 16:39 - 2014-10-29 16:40 - 00034152 _____ () C:\Users\Megdalen\Downloads\Addition.txt
2014-10-29 16:38 - 2014-10-30 09:48 - 00016276 _____ () C:\Users\Megdalen\Downloads\FRST.txt
2014-10-29 16:37 - 2014-10-30 09:48 - 00000000 ____D () C:\FRST
2014-10-29 16:37 - 2014-10-29 16:37 - 02113536 _____ (Farbar) C:\Users\Megdalen\Downloads\FRST64.exe
2014-10-29 15:04 - 2014-10-29 15:04 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-29 15:02 - 2014-10-29 15:02 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Megdalen\Downloads\tdsskiller.exe
2014-10-29 14:48 - 2014-10-29 14:48 - 00023215 _____ () C:\Users\Megdalen\Desktop\dds.txt
2014-10-29 14:48 - 2014-10-29 14:48 - 00006426 _____ () C:\Users\Megdalen\Desktop\attach.txt
2014-10-29 14:45 - 2014-10-29 14:45 - 00688992 ____R (Swearware) C:\Users\Megdalen\Downloads\dds.com
2014-10-29 14:12 - 2014-10-29 14:12 - 00000266 _____ () C:\Users\Administrator\Downloads\Enable_System_Restore.reg
2014-10-29 13:50 - 2014-10-29 13:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HP
2014-10-29 12:58 - 2014-10-30 09:32 - 00000336 _____ () C:\Windows\setupact.log
2014-10-29 12:58 - 2014-10-29 12:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-29 12:38 - 2014-10-29 17:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 12:38 - 2014-10-29 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 12:38 - 2014-10-29 12:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 12:38 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-29 12:38 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-29 12:38 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-29 12:23 - 2014-10-29 12:24 - 00169944 _____ () C:\Users\Megdalen\Documents\cc_20141029_122343backupoct29.reg
2014-10-29 12:15 - 2014-10-29 12:15 - 00003182 _____ () C:\Windows\System32\Tasks\SuperEasy Registry Cleaner
2014-10-29 12:15 - 2014-10-29 12:15 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\SuperEasy
2014-10-29 11:15 - 2014-10-29 11:15 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{5831862B-00F7-414C-A7F4-A225021AADE7}
2014-10-29 07:15 - 2014-10-29 07:15 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{26CF161D-7786-4C6D-BF3D-8041228B9FDB}
2014-10-28 22:58 - 2014-10-28 22:58 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{7FCF73EA-4B0C-4345-82C1-EBAA19B47303}
2014-10-28 20:56 - 2014-10-28 22:20 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\Spotify
2014-10-28 20:56 - 2014-10-28 20:56 - 00001820 _____ () C:\Users\Megdalen\Desktop\Spotify.lnk
2014-10-28 20:56 - 2014-10-28 20:56 - 00001806 _____ () C:\Users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-10-28 20:55 - 2014-10-30 09:33 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\Spotify
2014-10-28 11:23 - 2014-10-28 11:23 - 00003272 ____N () C:\bootsqm.dat
2014-10-28 10:57 - 2014-10-28 10:57 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{B8980156-8D6F-4C72-A5DF-3706D6301E9D}
2014-10-28 09:56 - 2014-10-28 09:56 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{D4B88BCE-BD8A-4E98-8246-5A347E527AA2}
2014-10-28 09:36 - 2014-10-28 09:36 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{402724A3-172F-4F4B-8EB6-B5ECC44D83DF}
2014-10-27 20:37 - 2014-10-27 20:37 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{647C5D0F-61D1-416F-A796-5C11557CD716}
2014-10-27 07:41 - 2014-10-27 07:41 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{FFA05E83-111E-4ECD-A0A0-DAA762614848}
2014-10-27 07:25 - 2014-10-27 07:25 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{1E92AB29-4647-4284-8499-91FCCD1EBAF4}
2014-10-26 13:47 - 2014-10-26 13:47 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{273153C6-091E-4195-ABD2-E387E1B9056E}
2014-10-25 23:06 - 2014-10-25 23:09 - 00000000 ____D () C:\Users\Megdalen\Documents\My Kindle Content
2014-10-25 23:06 - 2014-10-25 23:06 - 00002246 _____ () C:\Users\Megdalen\Desktop\Kindle.lnk
2014-10-25 23:06 - 2014-10-25 23:06 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\Amazon
2014-10-25 23:05 - 2014-10-25 23:06 - 38157960 _____ (Amazon.com) C:\Users\Megdalen\Downloads\KindleForPC-installer.exe
2014-10-25 12:34 - 2014-10-25 12:34 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{80EFEEB4-218F-476E-A1FE-62A77921538F}
2014-10-24 22:07 - 2014-10-24 22:07 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{CE3579F8-CB12-46F7-9D09-B7DEC82AC34C}
2014-10-24 10:04 - 2014-10-24 10:05 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{4FACC754-1923-4467-BBD3-25595536119E}
2014-10-23 21:57 - 2014-10-23 21:57 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{5185A6F6-C545-47E3-BC79-23A58D24FCC2}
2014-10-23 09:48 - 2014-10-23 09:48 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{CF319481-754B-4788-A743-1F484C32F8E7}
2014-10-22 17:05 - 2014-10-22 17:05 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{06ABBB35-3EB1-44B6-BD3C-78F5F5406DB9}
2014-10-22 07:44 - 2014-10-22 07:44 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{EE9E401E-8073-44A5-8879-E0DAEE27742F}
2014-10-21 10:51 - 2014-10-21 10:51 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{0D689FDF-E021-414E-B982-2CE3A8E6C0F1}
2014-10-20 11:11 - 2014-10-20 11:11 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{EF666CA0-7C49-40C3-824C-718D87943A32}
2014-10-19 20:45 - 2014-10-19 20:45 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{5D55ECC8-DF30-483C-BB0A-00E6305225DB}
2014-10-19 09:37 - 2014-10-19 09:37 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{38A9E4A8-6B4C-4CD9-9820-7E4EF61799E0}
2014-10-18 08:48 - 2014-10-18 08:48 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{DB752393-6A29-4ADF-B09B-956C5B261780}
2014-10-17 13:26 - 2014-10-17 13:26 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{275AD4E1-4912-474E-8B20-2A2083FACC7A}
2014-10-16 21:22 - 2014-10-16 21:22 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{6116C915-43CB-4E34-9247-5839BB46DE32}
2014-10-16 08:37 - 2014-10-16 08:37 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{1DA6117F-6792-422C-ADF6-59A6D5003B66}
2014-10-15 20:29 - 2014-10-15 20:29 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C4A79B1B-3430-483C-9BC4-9CFCD065059D}
2014-10-15 09:59 - 2014-10-15 09:59 - 04161313 _____ () C:\Users\Megdalen\Downloads\tdsskiller.zip
2014-10-15 07:43 - 2014-10-15 07:43 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{33F211C9-656D-41A8-8F99-B1FD4292FFD8}
2014-10-14 21:39 - 2014-10-14 21:39 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{B0ABD9FD-7166-4BDE-B2D2-4B0EAC25BCC9}
2014-10-14 09:28 - 2014-10-14 09:28 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C7D7EF2A-9EEA-4E18-874D-99E09EEE7405}
2014-10-14 01:20 - 2014-10-14 01:20 - 00000000 ____D () C:\Roxio
2014-10-13 09:40 - 2014-10-13 09:40 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{6CC2692B-951D-460A-A70E-0CEF95C80222}
2014-10-12 20:24 - 2014-10-12 20:24 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{9FCF1B34-93D3-4A8B-AFAB-6D7ED8E2BD95}
2014-10-12 07:31 - 2014-10-12 07:31 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{74D79BC4-D2D7-4C6B-8AAB-6157729F961C}
2014-10-11 09:58 - 2014-10-11 09:58 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{E8D9FC24-930D-492B-8513-67F755A82DF8}
2014-10-10 21:51 - 2014-10-10 21:51 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{F42B02C5-28D8-4676-98B6-6BFF86597BD8}
2014-10-10 21:39 - 2014-10-10 21:39 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{F99887AF-EBDA-4EDA-965B-66578EF1622E}
2014-10-10 09:11 - 2014-10-10 09:12 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C8537D87-4102-4F5C-AE45-C68DF5554D87}
2014-10-09 22:13 - 2014-10-09 22:13 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{14ADC8E5-6F24-4311-AA39-0619B14B9A75}
2014-10-09 08:58 - 2014-10-09 08:58 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{057ADD99-4DD1-42B4-9B00-0CC80F900E73}
2014-10-08 09:51 - 2014-10-08 09:51 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{3B00E2B0-76CB-4EE0-B03D-29924492591F}
2014-10-08 08:17 - 2014-10-08 08:17 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{B3763147-E08D-4D6F-A818-71EB43137635}
2014-10-07 10:08 - 2014-10-07 10:08 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{0E7CF397-33C6-4E19-80BA-3DDF7178EE27}
2014-10-06 19:03 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-06 19:01 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-06 19:01 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-06 19:01 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-06 19:01 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-06 19:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-06 19:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-06 19:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-06 19:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-06 19:01 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-06 19:01 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-06 19:01 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-06 09:12 - 2014-10-06 09:13 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{1B1CDC3F-FB95-40A1-80F3-8A8DEF7D98C0}
2014-10-05 14:01 - 2014-10-05 14:01 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C5C6CB88-20C7-4214-9BD8-74B695E61EF7}
2014-10-04 15:11 - 2014-10-04 15:11 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{0EC04417-AAB7-4BCA-898B-D916E58EBBF6}
2014-10-04 12:50 - 2014-10-04 12:50 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{9850FFC0-0DBA-4EE1-9250-C8FA69528D76}
2014-10-03 22:02 - 2014-10-03 22:02 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{A71A7DF3-D8BE-428B-A75C-22513F201401}
2014-10-03 08:55 - 2014-10-03 08:55 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{4DD64112-3041-4158-9BDD-BB47447506B8}
2014-10-02 21:39 - 2014-10-02 21:39 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{72081ED4-AFAB-4300-81F6-DC9D2558C645}
2014-10-02 08:33 - 2014-10-02 08:34 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{39DEAB24-87A1-4720-998E-6A5FF01967EC}
2014-10-01 12:47 - 2014-10-01 12:47 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{4BD0DD6D-1AC3-47BF-9C11-48E5BDDA0919}
2014-10-01 06:43 - 2014-10-01 06:43 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{3837D6D7-622E-4FAE-A7CD-C58DE4CD2ADF}
2014-09-30 09:33 - 2014-09-30 09:33 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{28DF4AB9-CC3A-4D8E-9C8C-96FF8C389B13}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 09:39 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-30 09:39 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-30 09:36 - 2009-07-14 01:10 - 01572558 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 09:33 - 2013-02-23 17:59 - 00000000 ___RD () C:\Users\Megdalen\Dropbox
2014-10-30 09:33 - 2013-02-23 17:56 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\Dropbox
2014-10-30 09:32 - 2013-09-09 09:50 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{A567593C-1B58-4CA8-9AD7-9EA75939FB46}
2014-10-30 09:32 - 2010-12-13 09:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-30 09:32 - 2010-05-18 11:40 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\SoftThinks
2014-10-30 09:32 - 2010-05-11 17:28 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-10-30 09:32 - 2010-05-11 17:28 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-10-30 09:32 - 2010-05-11 17:08 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-10-30 09:32 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 08:55 - 2010-12-13 09:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-29 18:14 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-10-29 17:59 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-29 17:55 - 2014-07-12 15:14 - 00000000 ____D () C:\Users\Administrator
2014-10-29 17:55 - 2010-05-18 11:40 - 00000000 ____D () C:\Users\Megdalen
2014-10-29 17:50 - 2010-07-21 13:45 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-29 15:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas
2014-10-29 15:09 - 2013-05-01 22:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-29 12:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2014-10-29 12:38 - 2013-05-01 20:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-29 12:24 - 2011-01-14 22:07 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-10-28 22:03 - 2010-09-09 20:44 - 00000000 ____D () C:\Jonathan's
2014-10-28 11:28 - 2013-10-27 15:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-25 23:06 - 2013-06-06 11:16 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-10-24 03:50 - 2010-12-13 09:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 03:50 - 2010-12-13 09:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-14 09:34 - 2011-10-21 20:47 - 00000000 ____D () C:\Users\Megdalen\Documents\ministry tools
2014-10-14 08:47 - 2009-07-14 00:45 - 00405880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-06 21:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-06 19:25 - 2013-02-23 17:59 - 00001026 _____ () C:\Users\Megdalen\Desktop\Dropbox.lnk
2014-10-06 19:25 - 2013-02-23 17:57 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
ZeroAccess:
C:\Users\Megdalen\AppData\Local\Google\Desktop\Install

Files to move or delete:
====================
C:\Users\Megdalen\gotomypc_626.exe

Some content of TEMP:
====================
C:\Users\Megdalen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp66r_wp.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 00:21

==================== End Of Log ============================

 

And the addition text file

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014 01
Ran by Megdalen at 2014-10-30 09:49:22
Running from C:\Users\Megdalen\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.1.0.332 - Amazon Services LLC)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
F2400 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{B700113B-24A8-4D4C-8484-0CC944F764C8}) (Version: 3.0.3117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.2.0.822 - Citrix Online, a division of Citrix Systems, Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2008 - Intel Corporation)
Juniper Networks Network Connect 7.0.0 (HKLM-x32\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.18107 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.5.9755 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KODAK Share Button App (HKLM-x32\...\{16B2498C-C6C1-4AE7-95EF-D2A09F50071C}) (Version: 4.01.0000.0000 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Disc 2 (HKLM-x32\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.1.0000 - ETS)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-10-2014 17:56:01 Windows Backup
29-10-2014 18:24:25 Removed Java 7 Update 71
29-10-2014 19:05:09 Microsoft Antimalware Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-29 17:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26990738-27D2-4FFF-B30E-484BEB766B37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {424E671F-88FB-4E9D-9FC1-628FA668F1EB} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-02-03] (Eastman Kodak Company)
Task: {4E632D25-E2BF-4EF4-8CB2-8CA0705A1628} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {A2B16B66-3698-40BF-BDA7-9D87F03478E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {B3B5DBAD-112F-4698-913C-1C7E98AD4F8A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F8EACFBF-70AD-439D-B80D-F053A05E00AE} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files (x86)\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-05-11 17:08 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-22 14:17 - 2013-05-22 14:17 - 00400704 _____ () C:\Users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-07-23 17:03 - 2013-06-21 19:23 - 03108864 _____ () C:\Users\Megdalen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2009-11-13 17:15 - 2009-11-13 17:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-12-15 21:14 - 2009-12-15 21:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2009-11-13 17:15 - 2009-11-13 17:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-10-30 09:33 - 2014-10-30 09:33 - 00043008 _____ () c:\users\megdalen\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp66r_wp.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
AlternateDataStreams: C:\ProgramData\TEMP:7E95B6FD
AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Megdalen\Documents\100_1308.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Megdalen\Documents\100_1310.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2450339336-3116216016-3434664442-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2450339336-3116216016-3434664442-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2450339336-3116216016-3434664442-1002 - Limited - Enabled)
Megdalen (S-1-5-21-2450339336-3116216016-3434664442-1001 - Administrator - Enabled) => C:\Users\Megdalen

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2014 03:05:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3c34ff97-3462-4b2e-aff9-add4976e2307}

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

System errors:
=============
Error: (10/30/2014 09:33:01 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (10/30/2014 09:32:28 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon

Error: (10/30/2014 09:27:30 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (10/30/2014 09:25:21 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (10/30/2014 09:17:32 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (10/30/2014 09:10:14 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (10/30/2014 09:08:52 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (10/30/2014 09:00:29 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (10/30/2014 08:57:38 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (10/30/2014 08:52:06 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HOME\Megdalen (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Microsoft Office Sessions:
=========================
Error: (10/29/2014 03:05:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3c34ff97-3462-4b2e-aff9-add4976e2307}

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

CodeIntegrity Errors:
===================================
  Date: 2014-10-29 17:54:57.853
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-29 17:54:57.804
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-09-28 23:32:13.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 22:53:54.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 22:41:58.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 21:55:07.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 19:56:55.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 17:14:26.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 13:49:10.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 13:39:28.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 34%
Total physical RAM: 3895.12 MB
Available physical RAM: 2538.15 MB
Total Pagefile: 7788.41 MB
Available Pagefile: 6212.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:223.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2335E63E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:10 PM

Posted 30 October 2014 - 04:25 PM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    cmd: dir "C:\Users\Megdalen\AppData\Local\{5831862B-00F7-414C-A7F4-A225021AADE7}" /s
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\PC Tools <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {8A060638-5F7A-4151-B60D-963AAD36D672} URL =
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
    Toolbar: HKCU - No Name - {472734EA-242A-422B-ADF8-83D1E48CC825} -  No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    S1 bbtqnakb; \??\C:\Windows\system32\drivers\bbtqnakb.sys [X]
    S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
    S1 irdzfoys; \??\C:\Windows\system32\drivers\irdzfoys.sys [X]
    2014-10-29 11:15 - 2014-10-29 11:15 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{5831862B-00F7-414C-A7F4-A225021AADE7}
    2014-10-29 07:15 - 2014-10-29 07:15 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{26CF161D-7786-4C6D-BF3D-8041228B9FDB}
    2014-10-28 22:58 - 2014-10-28 22:58 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{7FCF73EA-4B0C-4345-82C1-EBAA19B47303}
    2014-10-28 10:57 - 2014-10-28 10:57 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{B8980156-8D6F-4C72-A5DF-3706D6301E9D}
    2014-10-28 09:56 - 2014-10-28 09:56 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{D4B88BCE-BD8A-4E98-8246-5A347E527AA2}
    2014-10-28 09:36 - 2014-10-28 09:36 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{402724A3-172F-4F4B-8EB6-B5ECC44D83DF}
    2014-10-27 20:37 - 2014-10-27 20:37 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{647C5D0F-61D1-416F-A796-5C11557CD716}
    2014-10-27 07:41 - 2014-10-27 07:41 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{FFA05E83-111E-4ECD-A0A0-DAA762614848}
    2014-10-27 07:25 - 2014-10-27 07:25 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{1E92AB29-4647-4284-8499-91FCCD1EBAF4}
    2014-10-26 13:47 - 2014-10-26 13:47 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{273153C6-091E-4195-ABD2-E387E1B9056E}
    2014-10-25 12:34 - 2014-10-25 12:34 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{80EFEEB4-218F-476E-A1FE-62A77921538F}
    2014-10-24 22:07 - 2014-10-24 22:07 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{CE3579F8-CB12-46F7-9D09-B7DEC82AC34C}
    2014-10-24 10:04 - 2014-10-24 10:05 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{4FACC754-1923-4467-BBD3-25595536119E}
    2014-10-23 21:57 - 2014-10-23 21:57 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{5185A6F6-C545-47E3-BC79-23A58D24FCC2}
    2014-10-23 09:48 - 2014-10-23 09:48 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{CF319481-754B-4788-A743-1F484C32F8E7}
    2014-10-22 17:05 - 2014-10-22 17:05 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{06ABBB35-3EB1-44B6-BD3C-78F5F5406DB9}
    2014-10-22 07:44 - 2014-10-22 07:44 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{EE9E401E-8073-44A5-8879-E0DAEE27742F}
    2014-10-21 10:51 - 2014-10-21 10:51 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{0D689FDF-E021-414E-B982-2CE3A8E6C0F1}
    2014-10-20 11:11 - 2014-10-20 11:11 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{EF666CA0-7C49-40C3-824C-718D87943A32}
    2014-10-19 20:45 - 2014-10-19 20:45 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{5D55ECC8-DF30-483C-BB0A-00E6305225DB}
    2014-10-19 09:37 - 2014-10-19 09:37 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{38A9E4A8-6B4C-4CD9-9820-7E4EF61799E0}
    2014-10-18 08:48 - 2014-10-18 08:48 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{DB752393-6A29-4ADF-B09B-956C5B261780}
    2014-10-17 13:26 - 2014-10-17 13:26 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{275AD4E1-4912-474E-8B20-2A2083FACC7A}
    2014-10-16 21:22 - 2014-10-16 21:22 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{6116C915-43CB-4E34-9247-5839BB46DE32}
    2014-10-16 08:37 - 2014-10-16 08:37 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{1DA6117F-6792-422C-ADF6-59A6D5003B66}
    2014-10-15 20:29 - 2014-10-15 20:29 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C4A79B1B-3430-483C-9BC4-9CFCD065059D}
    2014-10-15 07:43 - 2014-10-15 07:43 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{33F211C9-656D-41A8-8F99-B1FD4292FFD8}
    2014-10-14 21:39 - 2014-10-14 21:39 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{B0ABD9FD-7166-4BDE-B2D2-4B0EAC25BCC9}
    2014-10-14 09:28 - 2014-10-14 09:28 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C7D7EF2A-9EEA-4E18-874D-99E09EEE7405}
    2014-10-13 09:40 - 2014-10-13 09:40 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{6CC2692B-951D-460A-A70E-0CEF95C80222}
    2014-10-12 20:24 - 2014-10-12 20:24 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{9FCF1B34-93D3-4A8B-AFAB-6D7ED8E2BD95}
    2014-10-12 07:31 - 2014-10-12 07:31 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{74D79BC4-D2D7-4C6B-8AAB-6157729F961C}
    2014-10-11 09:58 - 2014-10-11 09:58 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{E8D9FC24-930D-492B-8513-67F755A82DF8}
    2014-10-10 21:51 - 2014-10-10 21:51 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{F42B02C5-28D8-4676-98B6-6BFF86597BD8}
    2014-10-10 21:39 - 2014-10-10 21:39 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{F99887AF-EBDA-4EDA-965B-66578EF1622E}
    2014-10-10 09:11 - 2014-10-10 09:12 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C8537D87-4102-4F5C-AE45-C68DF5554D87}
    2014-10-09 22:13 - 2014-10-09 22:13 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{14ADC8E5-6F24-4311-AA39-0619B14B9A75}
    2014-10-09 08:58 - 2014-10-09 08:58 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{057ADD99-4DD1-42B4-9B00-0CC80F900E73}
    2014-10-08 09:51 - 2014-10-08 09:51 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{3B00E2B0-76CB-4EE0-B03D-29924492591F}
    2014-10-08 08:17 - 2014-10-08 08:17 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{B3763147-E08D-4D6F-A818-71EB43137635}
    2014-10-07 10:08 - 2014-10-07 10:08 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{0E7CF397-33C6-4E19-80BA-3DDF7178EE27}
    2014-10-06 09:12 - 2014-10-06 09:13 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{1B1CDC3F-FB95-40A1-80F3-8A8DEF7D98C0}
    2014-10-05 14:01 - 2014-10-05 14:01 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{C5C6CB88-20C7-4214-9BD8-74B695E61EF7}
    2014-10-04 15:11 - 2014-10-04 15:11 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{0EC04417-AAB7-4BCA-898B-D916E58EBBF6}
    2014-10-04 12:50 - 2014-10-04 12:50 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{9850FFC0-0DBA-4EE1-9250-C8FA69528D76}
    2014-10-03 22:02 - 2014-10-03 22:02 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{A71A7DF3-D8BE-428B-A75C-22513F201401}
    2014-10-03 08:55 - 2014-10-03 08:55 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{4DD64112-3041-4158-9BDD-BB47447506B8}
    2014-10-02 21:39 - 2014-10-02 21:39 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{72081ED4-AFAB-4300-81F6-DC9D2558C645}
    2014-10-02 08:33 - 2014-10-02 08:34 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{39DEAB24-87A1-4720-998E-6A5FF01967EC}
    2014-10-01 12:47 - 2014-10-01 12:47 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{4BD0DD6D-1AC3-47BF-9C11-48E5BDDA0919}
    2014-10-01 06:43 - 2014-10-01 06:43 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{3837D6D7-622E-4FAE-A7CD-C58DE4CD2ADF}
    2014-09-30 09:33 - 2014-09-30 09:33 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{28DF4AB9-CC3A-4D8E-9C8C-96FF8C389B13}
    2014-10-26 14:27 - 2013-09-09 09:50 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{A567593C-1B58-4CA8-9AD7-9EA75939FB46}
    C:\Users\Megdalen\AppData\Local\Google\Desktop\Install
    C:\Users\Megdalen\gotomypc_626.exe
    AlternateDataStreams: C:\ProgramData\TEMP:430C6D84
    AlternateDataStreams: C:\ProgramData\TEMP:7E95B6FD
    AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8
    AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 Megdalen

Megdalen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 PM

Posted 30 October 2014 - 05:43 PM

I am having a problem.  I cannot get the fixlist.txt and the FRST tool in the same place.  Right now, the FRST tool is stored in my Downloads.  The notepad file is saved to the desktop.  How do I move them to the same place?



#11 Megdalen

Megdalen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 PM

Posted 30 October 2014 - 05:51 PM

Nevermind!  I figured it out.  I ran the fix and restarted the computer but FRST did not generate a file to the desktop.  It's possible I forgot to run the thing as an admin.  Should I try again?

 

I can't seem to get it right.  Either I drop the fixlist.txt file into the FRST program and the box pops up for me to run, or I can right-click on the FRST icon to run as admin but then the fixlist.txt file isn't there.  So, obviously, I am doing something wrong.  I am so sorry.


Edited by Megdalen, 30 October 2014 - 05:54 PM.


#12 Megdalen

Megdalen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 PM

Posted 30 October 2014 - 09:00 PM

Step 2 Results

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014 01
Ran by Megdalen (administrator) on HOME on 30-10-2014 18:54:40
Running from C:\Users\Megdalen\Downloads
Loaded Profile: Megdalen (Available profiles: Megdalen & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
() C:\Users\Megdalen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Spotify Ltd) C:\Users\Megdalen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(Dropbox, Inc.) C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-06] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-12-15] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-29] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [KGShareApp] => C:\Program Files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe [394752 2012-02-03] (Eastman Kodak Company)
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [Amazon Cloud Player] => C:\Users\Megdalen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3108864 2013-06-21] ()
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [Spotify] => C:\Users\Megdalen\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-10-28] (Spotify Ltd)
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Run: [Spotify Web Helper] => C:\Users\Megdalen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-28] (Spotify Ltd)
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2450339336-3116216016-3434664442-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Liberty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://sslvpn.whipplehill.com/NELX.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://vpn.unh.edu/dana-cached/sc/JuniperSetupClient.cab
Handler: ipp - No CLSID Value -
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp - No CLSID Value -
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 173.44.120.32 173.44.120.33 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Megdalen\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-01-14]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-30] (Emsisoft GmbH)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [24264 2010-10-27] (SonicWALL Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 TfFsMon; system32\drivers\TfFsMon.sys [X]
S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]
S0 TfSysMon; system32\drivers\TfSysMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 09:40 - 2014-10-30 09:40 - 00001299 _____ () C:\Users\Megdalen\Desktop\Quarantine_141030-094047.txt
2014-10-30 09:32 - 2014-10-30 09:32 - 00000552 _____ () C:\Windows\PFRO.log
2014-10-30 09:32 - 2014-10-30 09:32 - 00000438 _____ () C:\EamClean.log
2014-10-30 07:56 - 2014-10-30 10:50 - 00000000 ____D () C:\EEK
2014-10-30 07:56 - 2014-10-30 07:56 - 00000745 _____ () C:\Users\Megdalen\Desktop\Start Emsisoft Emergency Kit.lnk
2014-10-30 07:50 - 2014-10-30 07:56 - 154184960 _____ () C:\Users\Megdalen\Downloads\EmsisoftEmergencyKit.exe
2014-10-30 07:48 - 2014-10-30 07:49 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\{3A7F93DE-7FD5-41A6-96D1-6E0C5964C5FA}
2014-10-29 18:44 - 2014-10-29 18:44 - 00027464 _____ () C:\Users\Megdalen\Desktop\combofix.txt
2014-10-29 18:13 - 2014-10-29 18:13 - 00027464 _____ () C:\ComboFix.txt
2014-10-29 17:19 - 2014-10-29 18:14 - 00000000 ____D () C:\Qoobox
2014-10-29 17:19 - 2014-10-29 18:08 - 00000000 ____D () C:\Windows\erdnt
2014-10-29 17:19 - 2014-10-29 17:19 - 05591672 ____R (Swearware) C:\Users\Megdalen\Downloads\ComboFix.exe
2014-10-29 17:19 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-29 17:19 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-29 17:19 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-29 17:19 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-29 17:19 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-29 17:19 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-29 17:19 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-29 17:19 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-29 16:39 - 2014-10-30 09:49 - 00032659 _____ () C:\Users\Megdalen\Downloads\Addition.txt
2014-10-29 16:38 - 2014-10-30 18:55 - 00014938 _____ () C:\Users\Megdalen\Downloads\FRST.txt
2014-10-29 16:37 - 2014-10-30 18:54 - 00000000 ____D () C:\FRST
2014-10-29 16:37 - 2014-10-29 16:37 - 02113536 _____ (Farbar) C:\Users\Megdalen\Downloads\FRST64.exe
2014-10-29 15:04 - 2014-10-29 15:04 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-10-29 15:02 - 2014-10-29 15:02 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Megdalen\Downloads\tdsskiller.exe
2014-10-29 14:48 - 2014-10-29 14:48 - 00023215 _____ () C:\Users\Megdalen\Desktop\dds.txt
2014-10-29 14:48 - 2014-10-29 14:48 - 00006426 _____ () C:\Users\Megdalen\Desktop\attach.txt
2014-10-29 14:45 - 2014-10-29 14:45 - 00688992 ____R (Swearware) C:\Users\Megdalen\Downloads\dds.com
2014-10-29 14:12 - 2014-10-29 14:12 - 00000266 _____ () C:\Users\Administrator\Downloads\Enable_System_Restore.reg
2014-10-29 13:50 - 2014-10-29 13:50 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\HP
2014-10-29 12:58 - 2014-10-30 18:47 - 00000392 _____ () C:\Windows\setupact.log
2014-10-29 12:58 - 2014-10-29 12:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-29 12:38 - 2014-10-29 17:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-29 12:38 - 2014-10-29 12:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-29 12:38 - 2014-10-29 12:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-29 12:38 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-29 12:38 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-29 12:38 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-29 12:23 - 2014-10-29 12:24 - 00169944 _____ () C:\Users\Megdalen\Documents\cc_20141029_122343backupoct29.reg
2014-10-29 12:15 - 2014-10-29 12:15 - 00003182 _____ () C:\Windows\System32\Tasks\SuperEasy Registry Cleaner
2014-10-29 12:15 - 2014-10-29 12:15 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\SuperEasy
2014-10-28 20:56 - 2014-10-28 22:20 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\Spotify
2014-10-28 20:56 - 2014-10-28 20:56 - 00001820 _____ () C:\Users\Megdalen\Desktop\Spotify.lnk
2014-10-28 20:56 - 2014-10-28 20:56 - 00001806 _____ () C:\Users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-10-28 20:55 - 2014-10-30 18:49 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\Spotify
2014-10-25 23:06 - 2014-10-25 23:09 - 00000000 ____D () C:\Users\Megdalen\Documents\My Kindle Content
2014-10-25 23:06 - 2014-10-25 23:06 - 00002246 _____ () C:\Users\Megdalen\Desktop\Kindle.lnk
2014-10-25 23:06 - 2014-10-25 23:06 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\Amazon
2014-10-25 23:05 - 2014-10-25 23:06 - 38157960 _____ (Amazon.com) C:\Users\Megdalen\Downloads\KindleForPC-installer.exe
2014-10-15 09:59 - 2014-10-15 09:59 - 04161313 _____ () C:\Users\Megdalen\Downloads\tdsskiller.zip
2014-10-14 01:20 - 2014-10-14 01:20 - 00000000 ____D () C:\Roxio
2014-10-06 19:03 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-06 19:01 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-06 19:01 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-06 19:01 - 2014-09-09 18:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-06 19:01 - 2014-09-09 17:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-06 19:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-06 19:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-06 19:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-06 19:01 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-06 19:01 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-06 19:01 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-06 19:01 - 2014-07-08 18:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-06 19:01 - 2014-07-08 18:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-30 18:55 - 2010-12-13 09:00 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-30 18:55 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-30 18:55 - 2009-07-14 00:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-30 18:51 - 2009-07-14 01:10 - 01576899 _____ () C:\Windows\WindowsUpdate.log
2014-10-30 18:49 - 2013-02-23 17:59 - 00000000 ___RD () C:\Users\Megdalen\Dropbox
2014-10-30 18:49 - 2013-02-23 17:56 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\Dropbox
2014-10-30 18:48 - 2010-12-13 09:00 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-30 18:48 - 2010-05-18 11:40 - 00000000 ____D () C:\Users\Megdalen\AppData\Local\SoftThinks
2014-10-30 18:48 - 2010-05-11 17:28 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-10-30 18:48 - 2010-05-11 17:28 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-10-30 18:48 - 2010-05-11 17:08 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-10-30 18:47 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-30 18:46 - 2010-05-18 11:40 - 00000000 ____D () C:\Users\Megdalen
2014-10-29 18:14 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-10-29 17:59 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-29 17:55 - 2014-07-12 15:14 - 00000000 ____D () C:\Users\Administrator
2014-10-29 17:50 - 2010-07-21 13:45 - 00000000 ____D () C:\ProgramData\TEMP
2014-10-29 15:34 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas
2014-10-29 15:09 - 2013-05-01 22:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-10-29 12:58 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Help
2014-10-29 12:38 - 2013-05-01 20:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-29 12:24 - 2011-01-14 22:07 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-10-28 22:03 - 2010-09-09 20:44 - 00000000 ____D () C:\Jonathan's
2014-10-28 11:28 - 2013-10-27 15:25 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-25 23:06 - 2013-06-06 11:16 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-10-24 03:50 - 2010-12-13 09:00 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-24 03:50 - 2010-12-13 09:00 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-14 09:34 - 2011-10-21 20:47 - 00000000 ____D () C:\Users\Megdalen\Documents\ministry tools
2014-10-14 08:47 - 2009-07-14 00:45 - 00405880 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-06 21:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-10-06 19:25 - 2013-02-23 17:59 - 00001026 _____ () C:\Users\Megdalen\Desktop\Dropbox.lnk
2014-10-06 19:25 - 2013-02-23 17:57 - 00000000 ____D () C:\Users\Megdalen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Some content of TEMP:
====================
C:\Users\Megdalen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbxz_eq.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-30 12:12

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014 01
Ran by Megdalen at 2014-10-30 18:55:42
Running from C:\Users\Megdalen\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Amazon Cloud Player (HKCU\...\Amazon Amazon Cloud Player) (Version: 1.1.0.332 - Amazon Services LLC)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.15 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Copy (x32 Version: 130.0.366.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version:  - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F2400_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
F2400 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google SketchUp 8 (HKLM-x32\...\{B700113B-24A8-4D4C-8484-0CC944F764C8}) (Version: 3.0.3117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.2.0.822 - Citrix Online, a division of Citrix Systems, Inc.)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{CDBF8C2D-04B0-4F9B-9AE1-7422F7F0EC94}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2008 - Intel Corporation)
Juniper Networks Network Connect 7.0.0 (HKLM-x32\...\Juniper Network Connect 7.0.0) (Version: 7.0.0.18107 - Juniper Networks)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 2.2.5.9755 - Juniper Networks)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KODAK Share Button App (HKLM-x32\...\{16B2498C-C6C1-4AE7-95EF-D2A09F50071C}) (Version: 4.01.0000.0000 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Disc 2 (HKLM-x32\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
POWERPREP II (HKLM-x32\...\{2687340C-C114-47DC-9F0E-C1BA85FEB001}) (Version: 2.1.0000 - ETS)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5953 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKCU\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0) (HKLM\...\3D970B9F930E7AAE23C06D39A1AC98548C90B442) (Version: 01/29/2010 1.4.1.0 - Eastman Kodak)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2450339336-3116216016-3434664442-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

29-10-2014 17:56:01 Windows Backup
29-10-2014 18:24:25 Removed Java 7 Update 71
29-10-2014 19:05:09 Microsoft Antimalware Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-29 17:59 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {26990738-27D2-4FFF-B30E-484BEB766B37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {424E671F-88FB-4E9D-9FC1-628FA668F1EB} - System32\Tasks\{10EF5062-FADE-4238-95E4-4EA61663B88F}-Kodak Share Button App Camera detect => C:\Program Files (x86)\Kodak\KODAK Share Button App\Listener.exe [2012-02-03] (Eastman Kodak Company)
Task: {4E632D25-E2BF-4EF4-8CB2-8CA0705A1628} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {A2B16B66-3698-40BF-BDA7-9D87F03478E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {B3B5DBAD-112F-4698-913C-1C7E98AD4F8A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F8EACFBF-70AD-439D-B80D-F053A05E00AE} - System32\Tasks\SuperEasy Registry Cleaner => C:\Program Files (x86)\SuperEasy Software\Registry Cleaner\SuperEasyRC.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-05-11 17:08 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-05-22 14:17 - 2013-05-22 14:17 - 00400704 _____ () C:\Users\Megdalen\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-07-23 17:03 - 2013-06-21 19:23 - 03108864 _____ () C:\Users\Megdalen\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2009-11-13 17:15 - 2009-11-13 17:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
2009-12-15 21:14 - 2009-12-15 21:14 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2009-11-13 17:15 - 2009-11-13 17:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
2009-11-13 17:15 - 2009-11-13 17:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll
2014-10-30 18:48 - 2014-10-30 18:48 - 00043008 _____ () c:\users\megdalen\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbxz_eq.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Megdalen\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Megdalen\Documents\100_1308.JPG:com.dropbox.attributes
AlternateDataStreams: C:\Users\Megdalen\Documents\100_1310.JPG:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2450339336-3116216016-3434664442-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2450339336-3116216016-3434664442-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2450339336-3116216016-3434664442-1002 - Limited - Enabled)
Megdalen (S-1-5-21-2450339336-3116216016-3434664442-1001 - Administrator - Enabled) => C:\Users\Megdalen

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2014 03:05:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3c34ff97-3462-4b2e-aff9-add4976e2307}

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

System errors:
=============
Error: (10/30/2014 06:48:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
TfFsMon
TfSysMon

Error: (10/30/2014 06:45:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/30/2014 06:45:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/30/2014 06:45:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/30/2014 06:45:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/30/2014 06:45:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SeaPort service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/30/2014 06:45:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/30/2014 06:45:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SoftThinks Agent Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/30/2014 06:45:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dock Login Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/30/2014 06:45:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (10/29/2014 03:05:09 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {3c34ff97-3462-4b2e-aff9-add4976e2307}

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (10/29/2014 00:59:37 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (10/29/2014 00:59:31 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

CodeIntegrity Errors:
===================================
  Date: 2014-10-29 17:54:57.853
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-29 17:54:57.804
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-09-28 23:32:13.724
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 22:53:54.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 22:41:58.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 21:55:07.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 19:56:55.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 17:14:26.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 13:49:10.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

  Date: 2010-09-28 13:39:28.002
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\PC Tools Security\smum64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU 530 @ 2.93GHz
Percentage of memory in use: 37%
Total physical RAM: 3895.12 MB
Available physical RAM: 2441.16 MB
Total Pagefile: 7788.41 MB
Available Pagefile: 6233.57 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:221.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 2335E63E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#13 Megdalen

Megdalen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 PM

Posted 30 October 2014 - 09:49 PM

I should also mention that I can get to this forum through the link in my email, but IE does not bring me to my homepage or any other website, not even when I enter the name directly into the address bar.  This is a new problem, since the last FRST scan.  Sorry to add to your list of things to help with!



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:10 PM

Posted 31 October 2014 - 04:56 AM

Hi,

please try this:

Internet Explorer
How to reset Internet Explorer settings

Otherwise download Firefox for the next steps:
https://www.mozilla.org

Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Edited by deeprybka, 31 October 2014 - 04:57 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Megdalen

Megdalen
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:10 PM

Posted 31 October 2014 - 07:49 AM

The Reset of IE worked perfectly, thank you!  Running the security scan now...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users