Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor Trojan - Google Chrome browser.exe


  • This topic is locked This topic is locked
10 replies to this topic

#1 Flipster8

Flipster8

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 06 November 2014 - 05:10 PM

Hi, new member here. I found your site by researching the issues I am having. It appears I have the same/similar virus to this post:

 

http://www.bleepingcomputer.com/forums/t/545472/fake-google-chrome-browserexe-processes/

 

I don't have Google chrome installed, but I see multiple processes running (named Ewrztowuubcn.exe) with Google Chrome as the description. I also found that the process was being run from C:/Users/Flip/AppData/LocalLow/Google/oghaawlpefbx/ovqcaepedsgr-  so, like the other user, I ended the processes and deleted the folder, but the folder just immediately regenerated.

 

I am using a Dell OptiPlex 780 running Windows 7 Home Premier 64bit. I have run the Farbar Recovery Scan Tool as directed in the posting above and have the logs ready to post.

 

Thank you for any help.

 



BC AdBot (Login to Remove)

 


#2 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:02:55 AM

Posted 07 November 2014 - 07:14 AM

Hi. Please post the FRST logs.

Edited by Rootk, 07 November 2014 - 07:15 AM.


#3 Flipster8

Flipster8
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 07 November 2014 - 01:48 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-11-2014

Ran by Flip (administrator) on LMLFLIP on 03-11-2014 18:16:55

Running from C:\Users\Flip\Desktop

Loaded Profile: Flip (Available profiles: User & Flip)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Realtek) C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\RtlService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Realtek Semiconductor Corp.) C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\RtWLan.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Greenshot) C:\Program Files\Greenshot\Greenshot.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe

(Microsoft Corporation) C:\Windows\System32\regsvr32.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe

(Cox Business) C:\Program Files\Online Backup\Cox_Business_CBOBstat.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Cox Business) C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe

(Cox Business) C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgr.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_189_ActiveX.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

(Google Inc.) C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\Ewrztowuubcn.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)

HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [462848 2012-10-30] (Greenshot)

HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-21] (Intel Corporation)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)

HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-3116449129-1219029433-383667146-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)

HKU\S-1-5-21-3116449129-1219029433-383667146-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)

HKU\S-1-5-21-3116449129-1219029433-383667146-1003\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)

HKU\S-1-5-21-3116449129-1219029433-383667146-1003\...\Run: [drprevk] => regsvr32.exe /s "C:\Users\Flip\AppData\Local\Intuit_Inc\drprevk.dll" <===== ATTENTION

HKU\S-1-5-21-3116449129-1219029433-383667146-1003\...\MountPoints2: {3056dac0-77d0-11e3-b396-842b2bc1303e} - "F:\WD SmartWare.exe" autoplay=true

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-04] (Microsoft Corporation)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cox Business Online Backup Status.lnk

ShortcutTarget: Cox Business Online Backup Status.lnk -> C:\Program Files\Online Backup\Cox_Business_CBOBstat.exe (Cox Business)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)

ShellIconOverlayIdentifiers: [Cox_Business_CBOB] -> {0c5ad048-552c-fbe6-c6b0-6a08559c9c7d} => C:\Program Files\Online Backup\Cox_Business_CBOBshell.dll (Cox Business)

ShellIconOverlayIdentifiers: [Cox_Business_CBOB2] -> {660ab6ed-0dcb-8263-f187-c9e122de6608} => C:\Program Files\Online Backup\Cox_Business_CBOBshell.dll (Cox Business)

ShellIconOverlayIdentifiers: [Cox_Business_CBOB3] -> {08e527d9-6623-f035-7753-07126ac1c440} => C:\Program Files\Online Backup\Cox_Business_CBOBshell.dll (Cox Business)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x633812EC611BCF01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

SearchScopes: HKCU - DefaultScope {8B97C55F-C841-47C4-8885-9E1D70E0B9AB} URL = https://www.google.com/search?q={searchTerms}

SearchScopes: HKCU - {8B97C55F-C841-47C4-8885-9E1D70E0B9AB} URL = https://www.google.com/search?q={searchTerms}

BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)

Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File

DPF: HKLM-x32 {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom1_2009.cab

DPF: HKLM-x32 {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2008.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File

Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

 

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-10]

 

Chrome:

=======

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 B-Link11nSU; C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]

R2 Cox_Business_CBOBbackup; C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe [48504 2013-03-28] (Cox Business)

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-01-16] (Macrovision Europe Ltd.) [File not signed]

R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-21] (Intel Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2013-06-19] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-06-19] (Intuit Inc.) [File not signed]

R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R1 Cox_Business_CBOBFilter; C:\Windows\System32\DRIVERS\Cox_Business_CBOB.sys [67808 2014-02-10] (Mozy, Inc.)

R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)

R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)

R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-03 18:16 - 2014-11-03 18:17 - 00019196 _____ () C:\Users\Flip\Desktop\FRST.txt

2014-11-03 18:16 - 2014-11-03 18:16 - 00000000 ____D () C:\FRST

2014-11-03 18:14 - 2014-11-03 18:14 - 02114560 _____ (Farbar) C:\Users\Flip\Desktop\FRST64.exe

2014-10-31 07:44 - 2014-10-31 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-10-31 07:32 - 2014-10-31 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-10-31 07:31 - 2014-10-31 07:31 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

2014-10-31 07:31 - 2014-10-31 07:31 - 00000000 ____D () C:\Program Files\iTunes

2014-10-31 07:31 - 2014-10-31 07:31 - 00000000 ____D () C:\Program Files\iPod

2014-10-31 07:31 - 2014-10-31 07:31 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-10-31 06:45 - 2014-10-31 06:45 - 1431556673 _____ () C:\Windows\MEMORY.DMP

2014-10-31 06:45 - 2014-10-31 06:45 - 00276544 _____ () C:\Windows\Minidump\103114-41262-01.dmp

2014-10-31 06:45 - 2014-10-31 06:45 - 00000000 ____D () C:\Windows\Minidump

2014-10-27 21:18 - 2014-10-28 11:34 - 00012824 _____ () C:\Users\Flip\Desktop\Sizing Chart.xlsx

2014-10-22 06:53 - 2014-10-22 06:53 - 00028672 _____ () C:\Users\Flip\Desktop\Copy of BPOCost (UPDATED).xls

2014-10-16 04:54 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-16 04:54 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-16 04:54 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-16 04:54 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-16 04:54 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-16 04:54 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-16 04:54 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-16 04:54 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-16 04:54 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-16 04:54 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-16 04:54 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-16 04:54 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-16 04:54 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-16 04:54 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-16 04:54 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-16 04:54 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-16 04:54 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-16 04:54 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-16 04:54 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-16 04:54 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-16 04:54 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-16 04:54 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-16 04:54 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-16 04:54 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-16 04:54 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-16 04:54 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-16 04:54 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-16 04:54 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-16 04:54 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-16 04:54 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-16 04:54 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-16 04:54 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-16 04:54 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-16 04:54 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-16 04:54 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-10-16 04:54 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-10-16 04:54 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-10-16 04:54 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-10-16 04:54 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-10-16 04:54 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-10-16 04:54 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-10-16 04:54 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-10-16 04:54 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-10-16 04:54 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-10-16 04:54 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-10-16 04:54 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-10-16 04:54 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-16 04:54 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-16 04:54 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-16 04:54 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-16 04:54 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-16 04:54 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-16 04:53 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-16 04:53 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-16 04:53 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-16 04:53 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-16 04:53 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-16 04:53 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-16 04:53 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-16 04:53 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-16 04:53 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-16 04:53 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-16 04:53 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-16 04:53 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-16 04:53 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-16 04:53 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-16 04:53 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-16 04:53 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-16 04:53 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-16 04:53 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-16 04:53 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-16 04:53 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-16 04:53 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-16 04:53 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-16 04:53 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-16 04:53 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-16 04:53 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-16 04:53 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-16 04:52 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-16 04:52 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-16 04:52 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-16 04:52 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-16 04:52 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-16 04:52 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-16 04:52 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-16 04:52 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-10-16 04:52 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-16 04:52 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-16 04:52 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-16 04:52 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-16 04:52 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-16 04:52 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-16 04:52 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-16 04:52 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-16 04:52 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-10-16 04:52 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-10-16 04:52 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-16 04:52 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-16 04:52 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-16 04:52 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-10 18:25 - 2014-10-23 09:06 - 00000000 ____D () C:\Users\Flip\Desktop\Mannequins

2014-10-10 18:22 - 2014-10-10 18:22 - 00000000 ____D () C:\Users\Flip\Desktop\YOKE Products

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-03 18:16 - 2014-03-25 19:50 - 00000000 ____D () C:\Users\Flip\AppData\Local\45ACEB28-8E7B-4320-926B-84DFF9427A5A.aplzod

2014-11-03 18:16 - 2014-01-27 09:01 - 00000000 ____D () C:\Users\Flip\Documents\Outlook Files

2014-11-03 18:14 - 2014-08-07 15:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-03 18:03 - 2013-12-03 21:43 - 01747230 _____ () C:\Windows\WindowsUpdate.log

2014-11-03 17:51 - 2013-12-24 11:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-03 15:52 - 2014-08-29 10:02 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D4252910-1658-4073-BB32-19A25CD9987D}

2014-11-03 15:48 - 2014-06-25 08:26 - 00000000 ____D () C:\Users\Flip\Desktop\SG Labels

2014-11-03 15:48 - 2009-07-13 22:45 - 00022656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-03 15:48 - 2009-07-13 22:45 - 00022656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-03 15:47 - 2014-01-27 07:15 - 00000000 ____D () C:\Users\Flip\Documents\General Business Info

2014-11-03 15:46 - 2009-07-13 23:13 - 00785842 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-03 15:42 - 2014-08-07 15:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-11-03 15:40 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-03 15:40 - 2009-07-13 22:51 - 00081663 _____ () C:\Windows\setupact.log

2014-11-03 14:53 - 2013-03-28 14:28 - 00005664 _____ () C:\Windows\Cox_Business_CBOB.flt

2014-11-03 14:53 - 2013-03-28 14:28 - 00005186 _____ () C:\Windows\Cox_Business_CBOB.blk

2014-10-31 07:31 - 2014-01-08 10:39 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-10-31 06:56 - 2014-09-08 09:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-10-31 06:51 - 2014-06-13 12:15 - 00000000 ____D () C:\Users\Flip\AppData\Local\Adobe

2014-10-31 06:51 - 2013-12-24 11:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-10-31 06:51 - 2013-12-24 11:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-31 06:51 - 2013-12-24 11:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-10-30 05:25 - 2013-12-03 22:32 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-29 11:37 - 2014-05-29 08:30 - 00000000 ____D () C:\Users\Flip\Desktop\Technical Instructions-Warnings

2014-10-28 08:11 - 2014-02-10 21:56 - 00000000 ____D () C:\Users\Flip\AppData\Local\Intuit_Inc

2014-10-23 20:26 - 2014-09-19 06:32 - 00000000 ____D () C:\Users\Flip\Desktop\Lighthouse Project

2014-10-23 09:17 - 2014-08-12 17:35 - 00023662 _____ () C:\Users\Flip\Desktop\Copy of Descent Equipment List (With Values).xlsx

2014-10-23 09:17 - 2014-06-25 08:22 - 00000000 ____D () C:\Users\Flip\Desktop\SG Products & Pricing

2014-10-22 06:47 - 2014-08-07 16:44 - 00011745 _____ () C:\Users\Flip\Desktop\Employee Work Schedule.xlsx

2014-10-19 00:09 - 2014-08-07 15:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-19 00:09 - 2014-08-07 15:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-17 03:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache

2014-10-17 02:43 - 2009-07-13 22:45 - 02357944 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-17 02:40 - 2014-05-08 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-17 02:23 - 2013-12-03 23:51 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-17 02:04 - 2013-12-03 22:54 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-17 02:00 - 2013-12-03 22:54 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-13 14:57 - 2009-07-14 01:44 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-10-10 14:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF

 

Some content of TEMP:

====================

C:\Users\Flip\AppData\Local\Temp\LMkRstPt.exe

C:\Users\Flip\AppData\Local\Temp\SpotifyUninstall.exe

C:\Users\User\AppData\Local\Temp\Abspdf.exe

C:\Users\User\AppData\Local\Temp\acfpdfu.dll

C:\Users\User\AppData\Local\Temp\acfpdfuamd64.dll

C:\Users\User\AppData\Local\Temp\acfpdfui.dll

C:\Users\User\AppData\Local\Temp\acfpdfuia64.dll

C:\Users\User\AppData\Local\Temp\acfpdfuiamd64.dll

C:\Users\User\AppData\Local\Temp\acfpdfuiia64.dll

C:\Users\User\AppData\Local\Temp\cdintf.dll

C:\Users\User\AppData\Local\Temp\converter.exe

C:\Users\User\AppData\Local\Temp\ose00000.exe

C:\Users\User\AppData\Local\Temp\PDFPRT400.exe

C:\Users\User\AppData\Local\Temp\xmllite.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-10-31 23:07

 

==================== End Of Log ============================



#4 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:02:55 AM

Posted 07 November 2014 - 02:17 PM

I still need the Addition.txt log.

#5 Flipster8

Flipster8
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 07 November 2014 - 02:28 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-11-2014

Ran by Flip at 2014-11-03 18:17:33

Running from C:\Users\Flip\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}

AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )

Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)

Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)

AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)

Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

B-Link Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0175 - SHENZHEN BILIAN ELECTRONIC CO.,LTD)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Camtasia Studio 7 (HKLM-x32\...\{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}) (Version: 7.1.0 - TechSmith Corporation)

Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)

Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)

Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)

CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)

DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)

EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

Greenshot 1.0.6.2228 (HKLM\...\Greenshot_is1) (Version: 1.0.6.2228 - Greenshot)

HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Officejet 6500 E710n-z Help (HKLM-x32\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard)

HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{70BF6489-4E33-4AFE-90B6-9A8120E6EEA5}) (Version: 22.0.334.0 - Hewlett-Packard Co.)

HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)

I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)

iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)

Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)

iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)

Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)

Marketsplash Shortcuts (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Online Backup (HKLM\...\{A9F51355-B923-44B6-2E80-604D01FA9629}) (Version: 2.24.2.360 - Cox Business)

PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden

QuickBooks File Doctor (HKLM-x32\...\{A39730D7-3C42-4F26-978B-523E808EEADB}) (Version: 3.6.1 - Intuit)

QuickBooks Premier: Accountant Edition 2013 (HKLM-x32\...\{36B3E6E3-D4DE-4B89-A9E6-727715C2A318}) (Version: 23.0.4008.2305 - Intuit Inc.)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.24.0 - Ralink)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

23-10-2014 08:49:41 Windows Update

27-10-2014 08:49:23 Windows Update

31-10-2014 08:49:04 Windows Update

31-10-2014 12:53:54 Removed iTunes

31-10-2014 13:08:09 Installed iTunes

31-10-2014 13:30:51 Installed iTunes

03-11-2014 13:51:48 Windows Update

03-11-2014 21:35:55 Removed Google Earth.

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0D177825-E3D0-46D9-8E17-747A9CA2B40C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-31] (Adobe Systems Incorporated)

Task: {369537D6-8493-47DE-8356-584BFE3A2F08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07] (Google Inc.)

Task: {5B2FC021-CC22-4D43-9783-216B7230F293} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)

Task: {6E7BFED4-24D4-4FEF-B1A3-FCB9CDF22933} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07] (Google Inc.)

Task: {B704A221-71F0-4A0F-BAF7-FE52DD63DE46} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)

Task: {DF08F703-1853-4F9C-87D1-EAF6A715EC0A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-12-24 11:53 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-01-08 08:33 - 2009-07-16 11:20 - 00077824 _____ () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll

2013-12-24 11:31 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\EnumDevLib.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll

2014-10-28 08:11 - 2014-10-28 08:11 - 00718152 _____ () C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\36.0.1985.143\libglesv2.dll

2014-10-28 08:11 - 2014-10-28 08:11 - 00126280 _____ () C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\36.0.1985.143\libegl.dll

2014-10-28 08:11 - 2014-10-28 08:11 - 08537928 _____ () C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\36.0.1985.143\pdf.dll

2014-10-28 08:11 - 2014-10-28 08:11 - 00353096 _____ () C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\36.0.1985.143\ppGoogleNaClPluginChrome.dll

2014-10-28 08:11 - 2014-10-28 08:11 - 01732936 _____ () C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\ovqcaepedsgr\36.0.1985.143\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-3116449129-1219029433-383667146-500 - Administrator - Disabled)

Flip (S-1-5-21-3116449129-1219029433-383667146-1003 - Administrator - Enabled) => C:\Users\Flip

Guest (S-1-5-21-3116449129-1219029433-383667146-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3116449129-1219029433-383667146-1002 - Limited - Enabled)

User (S-1-5-21-3116449129-1219029433-383667146-1000 - Administrator - Enabled) => C:\Users\User

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/03/2014 05:09:51 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Ewrztowuubcn.exe, version: 36.0.1985.143, time stamp: 0x53e2e515

Faulting module name: drprevk.dll, version: 1.0.0.0, time stamp: 0x544f8934

Exception code: 0xc0000005

Fault offset: 0x0001586b

Faulting process id: 0x1fec

Faulting application start time: 0xEwrztowuubcn.exe0

Faulting application path: Ewrztowuubcn.exe1

Faulting module path: Ewrztowuubcn.exe2

Report Id: Ewrztowuubcn.exe3

 

Error: (11/03/2014 03:43:21 PM) (Source: MsiInstaller) (EventID: 1024) (User: LMLFLIP)

Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (11/03/2014 03:36:21 PM) (Source: MsiInstaller) (EventID: 11730) (User: LMLFLIP)

Description: Product: Google Earth -- Error 1730.You must be an Administrator to remove this application. To remove this application, you can log on as an administrator, or contact your technical support group for assistance.

 

Error: (11/02/2014 11:47:31 PM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.

The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

 

Error: (11/01/2014 11:11:07 PM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.

The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

 

Error: (10/31/2014 11:08:34 PM) (Source: SideBySide) (EventID: 72) (User: )

Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.

The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

 

Error: (10/31/2014 09:10:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Ewrztowuubcn.exe, version: 36.0.1985.143, time stamp: 0x53e2e515

Faulting module name: drprevk.dll, version: 1.0.0.0, time stamp: 0x544f8934

Exception code: 0xc0000005

Fault offset: 0x0001586b

Faulting process id: 0x22a0

Faulting application start time: 0xEwrztowuubcn.exe0

Faulting application path: Ewrztowuubcn.exe1

Faulting module path: Ewrztowuubcn.exe2

Report Id: Ewrztowuubcn.exe3

 

Error: (10/31/2014 04:19:52 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Ewrztowuubcn.exe, version: 36.0.1985.143, time stamp: 0x53e2e515

Faulting module name: drprevk.dll, version: 1.0.0.0, time stamp: 0x544f8934

Exception code: 0xc0000005

Fault offset: 0x0001586b

Faulting process id: 0x1960

Faulting application start time: 0xEwrztowuubcn.exe0

Faulting application path: Ewrztowuubcn.exe1

Faulting module path: Ewrztowuubcn.exe2

Report Id: Ewrztowuubcn.exe3

 

Error: (10/31/2014 08:08:58 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: Ewrztowuubcn.exe, version: 36.0.1985.143, time stamp: 0x53e2e515

Faulting module name: drprevk.dll, version: 1.0.0.0, time stamp: 0x544f8934

Exception code: 0xc0000005

Fault offset: 0x0001586b

Faulting process id: 0x1758

Faulting application start time: 0xEwrztowuubcn.exe0

Faulting application path: Ewrztowuubcn.exe1

Faulting module path: Ewrztowuubcn.exe2

Report Id: Ewrztowuubcn.exe3

 

Error: (10/31/2014 07:44:25 AM) (Source: MsiInstaller) (EventID: 11722) (User: LMLFLIP)

Description: Product: iCloud -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.  Action RuniCloudUpgrade, location: C:\Program Files (x86)\Common Files\Apple\Internet Services\, command: C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe /upgrade

 

 

System errors:

=============

Error: (11/03/2014 05:57:34 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}

 

Error: (11/03/2014 03:41:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (11/03/2014 03:41:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

 

Error: (11/03/2014 03:41:09 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the B-Link11nSU service.

 

Error: (11/03/2014 02:44:22 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer LMLACCOUNTING

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{81CCB0B9-6BEB-4D5C-9C42-55618266F17F}.

The master browser is stopping or an election is being forced.

 

Error: (10/31/2014 06:47:01 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

 

Error: (10/31/2014 06:46:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

 

Error: (10/31/2014 06:46:12 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )

Description: %%860 Real-Time Protection feature has encountered an error and failed.

 

                Feature: %%835

 

                Error Code: 0x80004005

 

                Error description: Unspecified error

 

                Reason: %%842

 

Error: (10/31/2014 06:45:29 AM) (Source: BugCheck) (EventID: 1001) (User: )

Description: 0x000000ea (0xfffffa801eee8060, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000)C:\Windows\MEMORY.DMP103114-41262-01

 

Error: (10/31/2014 06:45:19 AM) (Source: EventLog) (EventID: 6008) (User: )

Description: The previous system shutdown at 7:39:47 AM on ‎10/‎31/‎2014 was unexpected.

 

 

Microsoft Office Sessions:

=========================

 

==================== Memory info ===========================

 

Processor: Intel® Core™2 Quad CPU Q9650 @ 3.00GHz

Percentage of memory in use: 27%

Total physical RAM: 15293.59 MB

Available physical RAM: 11147.73 MB

Total Pagefile: 30585.37 MB

Available Pagefile: 25856.48 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:488.18 GB) (Free:400.2 GB) NTFS

Drive d: () (Fixed) (Total:443.23 GB) (Free:443.09 GB) NTFS

Drive e: (Tree Climbing Basics) (CDROM) (Total:3.08 GB) (Free:0 GB) UDF

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1A33782E)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================



#6 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:02:55 AM

Posted 08 November 2014 - 08:20 AM

Please follow these steps:

1.- Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it to your Desktop as fixlist.txt
 
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3116449129-1219029433-383667146-1003\...\Run: [drprevk] => regsvr32.exe /s "C:\Users\Flip\AppData\Local\Intuit_Inc\drprevk.dll" <===== ATTENTION
C:\Users\Flip\AppData\Local\Intuit_Inc\drprevk.dll
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\
EmptyTemp:
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

2.- Run FRST again, check Addition.txt, press Scan and attach both reports.

3.- Download AdwCleaner by Xplode onto your Desktop.
  • Double click on Adwcleaner.exe to run the tool.
  • Click on Scan
  • Once the scan is done, click on the Clean button.
  • You will get a prompt asking to close all programs. Click OK.
  • Click OK again to reboot your computer.
  • A text file will open after the restart. Please post the content of that logfile in your reply.
  • You can also find the logfile at C:\AdwCleaner[Sn].txt ('n' represents the number of the most recent report).
4.- Please download RogueKiller and Save to the desktop.
  • Close all windows and browsers
  • Double click on RogueKillerX64.exe to run the tool.
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please post it in your next reply.


#7 Flipster8

Flipster8
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 10 November 2014 - 01:05 PM

Here are the requested logs, thank you for your help:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Flip at 2014-11-10 11:11:13 Run:1
Running from C:\Users\Flip\Desktop
Loaded Profile: Flip (Available profiles: User & Flip)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] =>
[X]
HKU\S-1-5-21-3116449129-1219029433-383667146-1003\...\Run: [drprevk] => regsvr32.exe /s "C:\Users\Flip\AppData\Local\Intuit_Inc\drprevk.dll" <===== ATTENTION
C:\Users\Flip\AppData\Local\Intuit_Inc\drprevk.dll
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx\
EmptyTemp:
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
[X] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-3116449129-1219029433-383667146-1003\Software\Microsoft\Windows\CurrentVersion\Run\\drprevk => Value not found.
C:\Users\Flip\AppData\Local\Intuit_Inc\drprevk.dll => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} => value deleted successfully.
"HKCR\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" => Key not found.
"HKCR\PROTOCOLS\Handler\intu-help-qb6" => Key deleted successfully.
"HKCR\CLSID\{6898B29B-BF49-43cb-A0B1-D0B9496AF491}" => Key not found.
"HKCR\PROTOCOLS\Handler\qbwc" => Key deleted successfully.
"HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57}" => Key not found.
C:\Users\Flip\AppData\LocalLow\Google\oghaawlpefbx => Moved successfully.
EmptyTemp: => Removed 3.6 GB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Flip (administrator) on LMLFLIP on 10-11-2014 11:25:32
Running from C:\Users\Flip\Desktop
Loaded Profile: Flip (Available profiles: User & Flip)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Realtek) C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\RtlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\AMT\LMS.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\RtWLan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Cox Business) C:\Program Files\Online Backup\Cox_Business_CBOBstat.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Cox Business) C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe
(Cox Business) C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\Magnify.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [462848 2012-10-30] (Greenshot)
HKLM\...\Run: [picon] => C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [796696 2009-07-21] (Intel Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3116449129-1219029433-383667146-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-07] (Apple Inc.)
HKU\S-1-5-21-3116449129-1219029433-383667146-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-3116449129-1219029433-383667146-1003\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.)
HKU\S-1-5-21-3116449129-1219029433-383667146-1003\...\MountPoints2: {3056dac0-77d0-11e3-b396-842b2bc1303e} - "F:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-12-04] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cox Business Online Backup Status.lnk
ShortcutTarget: Cox Business Online Backup Status.lnk -> C:\Program Files\Online Backup\Cox_Business_CBOBstat.exe (Cox Business)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
ShellIconOverlayIdentifiers: [Cox_Business_CBOB] -> {0c5ad048-552c-fbe6-c6b0-6a08559c9c7d} => C:\Program Files\Online Backup\Cox_Business_CBOBshell.dll (Cox Business)
ShellIconOverlayIdentifiers: [Cox_Business_CBOB2] -> {660ab6ed-0dcb-8263-f187-c9e122de6608} => C:\Program Files\Online Backup\Cox_Business_CBOBshell.dll (Cox Business)
ShellIconOverlayIdentifiers: [Cox_Business_CBOB3] -> {08e527d9-6623-f035-7753-07126ac1c440} => C:\Program Files\Online Backup\Cox_Business_CBOBshell.dll (Cox Business)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x633812EC611BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {8B97C55F-C841-47C4-8885-9E1D70E0B9AB} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {8B97C55F-C841-47C4-8885-9E1D70E0B9AB} URL = https://www.google.com/search?q={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
DPF: HKLM-x32 {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom1_2009.cab
DPF: HKLM-x32 {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2008.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-10]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 B-Link11nSU; C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
R2 Cox_Business_CBOBbackup; C:\Program Files\Online Backup\Cox_Business_CBOBbackup.exe [48504 2013-03-28] (Cox Business)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2014-01-16] (Macrovision Europe Ltd.) [File not signed]
R2 LMS; C:\Program Files (x86)\Intel\AMT\LMS.exe [174616 2009-07-21] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2013-06-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-06-19] (Intuit Inc.) [File not signed]
R2 UNS; C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Cox_Business_CBOBFilter; C:\Windows\System32\DRIVERS\Cox_Business_CBOB.sys [67808 2014-02-10] (Mozy, Inc.)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k60x64.sys [220672 2009-06-10] (Intel Corporation)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S1 aaiaqeya; \??\C:\Windows\system32\drivers\aaiaqeya.sys [X]
S1 abrujbdw; \??\C:\Windows\system32\drivers\abrujbdw.sys [X]
S1 acnswagp; \??\C:\Windows\system32\drivers\acnswagp.sys [X]
S1 aisnspcf; \??\C:\Windows\system32\drivers\aisnspcf.sys [X]
S1 ajoyocwk; \??\C:\Windows\system32\drivers\ajoyocwk.sys [X]
S1 alhttosl; \??\C:\Windows\system32\drivers\alhttosl.sys [X]
S1 aodsynxy; \??\C:\Windows\system32\drivers\aodsynxy.sys [X]
S1 asjarlrl; \??\C:\Windows\system32\drivers\asjarlrl.sys [X]
S1 awqypcyt; \??\C:\Windows\system32\drivers\awqypcyt.sys [X]
S1 bhsmwzvj; \??\C:\Windows\system32\drivers\bhsmwzvj.sys [X]
S1 biaozwoe; \??\C:\Windows\system32\drivers\biaozwoe.sys [X]
S1 bjusfvrp; \??\C:\Windows\system32\drivers\bjusfvrp.sys [X]
S1 blumcrjz; \??\C:\Windows\system32\drivers\blumcrjz.sys [X]
S1 bpyvgvnr; \??\C:\Windows\system32\drivers\bpyvgvnr.sys [X]
S1 calgdhlt; \??\C:\Windows\system32\drivers\calgdhlt.sys [X]
S1 cayrbtmj; \??\C:\Windows\system32\drivers\cayrbtmj.sys [X]
S1 cbbwruiz; \??\C:\Windows\system32\drivers\cbbwruiz.sys [X]
S1 cdzybjnb; \??\C:\Windows\system32\drivers\cdzybjnb.sys [X]
S1 cexumkgy; \??\C:\Windows\system32\drivers\cexumkgy.sys [X]
S1 cinejrdw; \??\C:\Windows\system32\drivers\cinejrdw.sys [X]
S1 cpukylya; \??\C:\Windows\system32\drivers\cpukylya.sys [X]
S1 cqfltzci; \??\C:\Windows\system32\drivers\cqfltzci.sys [X]
S1 cvsxuaax; \??\C:\Windows\system32\drivers\cvsxuaax.sys [X]
S1 cvvtympc; \??\C:\Windows\system32\drivers\cvvtympc.sys [X]
S1 dblulvra; \??\C:\Windows\system32\drivers\dblulvra.sys [X]
S1 ddnfdgcj; \??\C:\Windows\system32\drivers\ddnfdgcj.sys [X]
S1 dilwugwb; \??\C:\Windows\system32\drivers\dilwugwb.sys [X]
S1 dnjydtuc; \??\C:\Windows\system32\drivers\dnjydtuc.sys [X]
S1 dsjpolbm; \??\C:\Windows\system32\drivers\dsjpolbm.sys [X]
S1 dyddxwbv; \??\C:\Windows\system32\drivers\dyddxwbv.sys [X]
S1 ecoflcej; \??\C:\Windows\system32\drivers\ecoflcej.sys [X]
S1 efbzbfeq; \??\C:\Windows\system32\drivers\efbzbfeq.sys [X]
S1 egilhdvm; \??\C:\Windows\system32\drivers\egilhdvm.sys [X]
S1 ehutpshg; \??\C:\Windows\system32\drivers\ehutpshg.sys [X]
S1 ekbujxgc; \??\C:\Windows\system32\drivers\ekbujxgc.sys [X]
S1 eqpmedod; \??\C:\Windows\system32\drivers\eqpmedod.sys [X]
S1 ermkaaos; \??\C:\Windows\system32\drivers\ermkaaos.sys [X]
S1 etoujigi; \??\C:\Windows\system32\drivers\etoujigi.sys [X]
S1 etuwpylf; \??\C:\Windows\system32\drivers\etuwpylf.sys [X]
S1 evoqbzcs; \??\C:\Windows\system32\drivers\evoqbzcs.sys [X]
S1 ewbfdsru; \??\C:\Windows\system32\drivers\ewbfdsru.sys [X]
S1 fawtebtz; \??\C:\Windows\system32\drivers\fawtebtz.sys [X]
S1 fcgoqgdo; \??\C:\Windows\system32\drivers\fcgoqgdo.sys [X]
S1 fddnoyzt; \??\C:\Windows\system32\drivers\fddnoyzt.sys [X]
S1 firlnysf; \??\C:\Windows\system32\drivers\firlnysf.sys [X]
S1 fkcxuqtp; \??\C:\Windows\system32\drivers\fkcxuqtp.sys [X]
S1 fkdtibnk; \??\C:\Windows\system32\drivers\fkdtibnk.sys [X]
S1 fsvaycod; \??\C:\Windows\system32\drivers\fsvaycod.sys [X]
S1 fsyqifps; \??\C:\Windows\system32\drivers\fsyqifps.sys [X]
S1 ftfotbxm; \??\C:\Windows\system32\drivers\ftfotbxm.sys [X]
S1 fxyzblua; \??\C:\Windows\system32\drivers\fxyzblua.sys [X]
S1 gacblglp; \??\C:\Windows\system32\drivers\gacblglp.sys [X]
S1 gcipvgay; \??\C:\Windows\system32\drivers\gcipvgay.sys [X]
S1 gffgthcf; \??\C:\Windows\system32\drivers\gffgthcf.sys [X]
S1 ggppxkxg; \??\C:\Windows\system32\drivers\ggppxkxg.sys [X]
S1 glaqvjea; \??\C:\Windows\system32\drivers\glaqvjea.sys [X]
S1 glsgofda; \??\C:\Windows\system32\drivers\glsgofda.sys [X]
S1 gmbiudqf; \??\C:\Windows\system32\drivers\gmbiudqf.sys [X]
S1 gontfaex; \??\C:\Windows\system32\drivers\gontfaex.sys [X]
S1 gotequfu; \??\C:\Windows\system32\drivers\gotequfu.sys [X]
S1 gvmnlber; \??\C:\Windows\system32\drivers\gvmnlber.sys [X]
S1 hclbpntl; \??\C:\Windows\system32\drivers\hclbpntl.sys [X]
S1 heqdcyao; \??\C:\Windows\system32\drivers\heqdcyao.sys [X]
S1 hgyrodla; \??\C:\Windows\system32\drivers\hgyrodla.sys [X]
S1 hipclvam; \??\C:\Windows\system32\drivers\hipclvam.sys [X]
S1 hliiukeu; \??\C:\Windows\system32\drivers\hliiukeu.sys [X]
S1 hmbmrylk; \??\C:\Windows\system32\drivers\hmbmrylk.sys [X]
S1 hmedypzb; \??\C:\Windows\system32\drivers\hmedypzb.sys [X]
S1 hnkfutke; \??\C:\Windows\system32\drivers\hnkfutke.sys [X]
S1 hqkmbxul; \??\C:\Windows\system32\drivers\hqkmbxul.sys [X]
S1 hxyysjcs; \??\C:\Windows\system32\drivers\hxyysjcs.sys [X]
S1 iaympqqc; \??\C:\Windows\system32\drivers\iaympqqc.sys [X]
S1 icbcxqum; \??\C:\Windows\system32\drivers\icbcxqum.sys [X]
S1 ideyltuq; \??\C:\Windows\system32\drivers\ideyltuq.sys [X]
S1 iqawgcwd; \??\C:\Windows\system32\drivers\iqawgcwd.sys [X]
S1 iyzovzvo; \??\C:\Windows\system32\drivers\iyzovzvo.sys [X]
S1 jfnawxzx; \??\C:\Windows\system32\drivers\jfnawxzx.sys [X]
S1 jkllgbzy; \??\C:\Windows\system32\drivers\jkllgbzy.sys [X]
S1 jlphqbpu; \??\C:\Windows\system32\drivers\jlphqbpu.sys [X]
S1 juedjrtu; \??\C:\Windows\system32\drivers\juedjrtu.sys [X]
S1 jypnjkaq; \??\C:\Windows\system32\drivers\jypnjkaq.sys [X]
S1 kffriqwj; \??\C:\Windows\system32\drivers\kffriqwj.sys [X]
S1 kfqexohq; \??\C:\Windows\system32\drivers\kfqexohq.sys [X]
S1 khzcxmqj; \??\C:\Windows\system32\drivers\khzcxmqj.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 11:25 - 2014-11-10 11:25 - 00021567 _____ () C:\Users\Flip\Desktop\FRST.txt
2014-11-10 11:11 - 2014-11-10 11:11 - 00000000 ____D () C:\Users\Flip\Desktop\FRST-OlderVersion
2014-11-07 08:26 - 2014-11-07 08:26 - 00000000 ____D () C:\Users\Flip\Desktop\IFAI
2014-11-07 08:01 - 2014-11-07 08:02 - 00000000 ____D () C:\Users\Flip\Desktop\IWCA ASCI14
2014-11-07 08:00 - 2014-11-10 11:25 - 00000000 ____D () C:\Users\Flip\Desktop\Virus
2014-11-03 18:16 - 2014-11-10 11:25 - 00000000 ____D () C:\FRST
2014-11-03 18:14 - 2014-11-10 11:11 - 02116096 _____ (Farbar) C:\Users\Flip\Desktop\FRST64.exe
2014-10-31 07:44 - 2014-10-31 07:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-31 07:32 - 2014-10-31 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-31 07:31 - 2014-10-31 07:31 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-31 07:31 - 2014-10-31 07:31 - 00000000 ____D () C:\Program Files\iTunes
2014-10-31 07:31 - 2014-10-31 07:31 - 00000000 ____D () C:\Program Files\iPod
2014-10-31 07:31 - 2014-10-31 07:31 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-31 06:45 - 2014-10-31 06:45 - 1431556673 _____ () C:\Windows\MEMORY.DMP
2014-10-31 06:45 - 2014-10-31 06:45 - 00276544 _____ () C:\Windows\Minidump\103114-41262-01.dmp
2014-10-31 06:45 - 2014-10-31 06:45 - 00000000 ____D () C:\Windows\Minidump
2014-10-22 06:53 - 2014-10-22 06:53 - 00028672 _____ () C:\Users\Flip\Desktop\Copy of BPOCost (UPDATED).xls
2014-10-16 04:54 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 04:54 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 04:54 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 04:54 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 04:54 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 04:54 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 04:54 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 04:54 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 04:54 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 04:54 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 04:54 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 04:54 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 04:54 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 04:54 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 04:54 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 04:54 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 04:54 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 04:54 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 04:54 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 04:54 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 04:54 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 04:54 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 04:54 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 04:54 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 04:54 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 04:54 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 04:54 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 04:54 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 04:54 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 04:54 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 04:54 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 04:54 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 04:54 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 04:54 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 04:54 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-16 04:54 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-16 04:54 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-16 04:54 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-16 04:54 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-16 04:54 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-16 04:54 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-16 04:54 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-16 04:54 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-16 04:54 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-16 04:54 - 2014-07-08 16:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-16 04:54 - 2014-07-08 16:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-16 04:54 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 04:54 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 04:54 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 04:54 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 04:54 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 04:54 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 04:53 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 04:53 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 04:53 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 04:53 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 04:53 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 04:53 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 04:53 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 04:53 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 04:53 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 04:53 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 04:53 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 04:53 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 04:53 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 04:53 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 04:53 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 04:53 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 04:53 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 04:53 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 04:53 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 04:53 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 04:53 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 04:53 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 04:53 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 04:53 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 04:53 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 04:53 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 04:52 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 04:52 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 04:52 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 04:52 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-16 04:52 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 04:52 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 04:52 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 04:52 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 04:52 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 04:52 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 04:52 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 04:52 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 04:52 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 04:52 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 04:52 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 04:52 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 04:52 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 04:52 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 04:52 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 04:52 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 04:52 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 04:52 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 11:23 - 2013-12-03 21:43 - 01050562 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 11:23 - 2009-07-13 23:13 - 00785842 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 11:21 - 2013-12-24 11:57 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-10 11:19 - 2014-08-07 15:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 11:18 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 11:18 - 2009-07-13 22:51 - 00081719 _____ () C:\Windows\setupact.log
2014-11-10 11:17 - 2013-12-04 18:48 - 00273434 _____ () C:\Windows\PFRO.log
2014-11-10 11:16 - 2009-07-13 22:45 - 00022656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 11:16 - 2009-07-13 22:45 - 00022656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 11:14 - 2014-08-07 15:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 11:11 - 2014-02-10 21:56 - 00000000 ____D () C:\Users\Flip\AppData\Local\Intuit_Inc
2014-11-10 10:51 - 2013-12-24 11:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-10 10:16 - 2014-03-25 19:50 - 00000000 ____D () C:\Users\Flip\AppData\Local\45ACEB28-8E7B-4320-926B-84DFF9427A5A.aplzod
2014-11-10 08:38 - 2014-01-27 09:01 - 00000000 ____D () C:\Users\Flip\Documents\Outlook Files
2014-11-10 07:01 - 2013-03-28 14:28 - 00005664 _____ () C:\Windows\Cox_Business_CBOB.flt
2014-11-10 07:01 - 2013-03-28 14:28 - 00005186 _____ () C:\Windows\Cox_Business_CBOB.blk
2014-11-09 19:37 - 2014-08-29 10:02 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D4252910-1658-4073-BB32-19A25CD9987D}
2014-11-07 12:27 - 2014-06-25 08:26 - 00000000 ____D () C:\Users\Flip\Desktop\SG Labels
2014-11-07 08:46 - 2014-05-29 08:30 - 00000000 ____D () C:\Users\Flip\Desktop\Technical Instructions-Warnings
2014-11-07 08:24 - 2014-06-25 08:43 - 00000000 ____D () C:\Users\Flip\Desktop\SG Product Development
2014-11-07 08:22 - 2014-09-02 14:10 - 00000000 ____D () C:\Users\Flip\Desktop\Mine
2014-11-07 08:22 - 2014-03-05 07:49 - 00000000 ____D () C:\Users\Flip\Desktop\ADP
2014-11-07 07:52 - 2014-06-03 14:32 - 00000000 ____D () C:\Users\Flip\Desktop\USDA Forest Service
2014-11-07 07:46 - 2014-10-10 18:25 - 00000000 ____D () C:\Users\Flip\Desktop\Mannequins
2014-11-03 15:47 - 2014-01-27 07:15 - 00000000 ____D () C:\Users\Flip\Documents\General Business Info
2014-10-31 07:31 - 2014-01-08 10:39 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-31 06:56 - 2014-09-08 09:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-31 06:51 - 2014-06-13 12:15 - 00000000 ____D () C:\Users\Flip\AppData\Local\Adobe
2014-10-31 06:51 - 2013-12-24 11:48 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-31 06:51 - 2013-12-24 11:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-31 06:51 - 2013-12-24 11:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-30 05:25 - 2013-12-03 22:32 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-23 20:26 - 2014-09-19 06:32 - 00000000 ____D () C:\Users\Flip\Desktop\Lighthouse Project
2014-10-23 09:17 - 2014-08-12 17:35 - 00023662 _____ () C:\Users\Flip\Desktop\Copy of Descent Equipment List (With Values).xlsx
2014-10-23 09:17 - 2014-06-25 08:22 - 00000000 ____D () C:\Users\Flip\Desktop\SG Products & Pricing
2014-10-22 06:47 - 2014-08-07 16:44 - 00011745 _____ () C:\Users\Flip\Desktop\Employee Work Schedule.xlsx
2014-10-19 00:09 - 2014-08-07 15:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 00:09 - 2014-08-07 15:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 03:20 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-17 02:43 - 2009-07-13 22:45 - 02357944 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-17 02:40 - 2014-05-08 02:16 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-17 02:23 - 2013-12-03 23:51 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 02:04 - 2013-12-03 22:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-17 02:00 - 2013-12-03 22:54 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-13 14:57 - 2009-07-14 01:44 - 00000000 ___RD () C:\Users\Public\Recorded TV

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-31 23:07

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Flip at 2014-11-10 11:26:04
Running from C:\Users\Flip\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat  9 Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}{AC76BA86-1033-F400-BA7E-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
B-Link Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0175 - SHENZHEN BILIAN ELECTRONIC CO.,LTD)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camtasia Studio 7 (HKLM-x32\...\{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}) (Version: 7.1.0 - TechSmith Corporation)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
DriverTuner 3.1.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.1 - LionSea SoftWare)
EPSON WF-2530 Series Printer Uninstall (HKLM\...\EPSON WF-2530 Series) (Version:  - SEIKO EPSON Corporation)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Greenshot 1.0.6.2228 (HKLM\...\Greenshot_is1) (Version: 1.0.6.2228 - Greenshot)
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{BF09A017-54F4-46BC-AF54-F6DA0D7486D3}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM-x32\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6500 E710n-z Product Improvement Study (HKLM\...\{70BF6489-4E33-4AFE-90B6-9A8120E6EEA5}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Active Management Technology (HKLM\...\MESOL) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Marketsplash Shortcuts (HKLM-x32\...\{FB0C267C-8B4F-4867-8161-A6A3B66D42C1}) (Version: 1.0.0.9 - Hewlett-Packard)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Backup (HKLM\...\{A9F51355-B923-44B6-2E80-604D01FA9629}) (Version: 2.24.2.360 - Cox Business)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks File Doctor (HKLM-x32\...\{A39730D7-3C42-4F26-978B-523E808EEADB}) (Version: 3.6.1 - Intuit)
QuickBooks Premier: Accountant Edition 2013 (HKLM-x32\...\{36B3E6E3-D4DE-4B89-A9E6-727715C2A318}) (Version: 23.0.4008.2305 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.24.0 - Ralink)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

31-10-2014 08:49:04 Windows Update
31-10-2014 12:53:54 Removed iTunes
31-10-2014 13:08:09 Installed iTunes
31-10-2014 13:30:51 Installed iTunes
03-11-2014 13:51:48 Windows Update
03-11-2014 21:35:55 Removed Google Earth.
06-11-2014 21:46:22 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D177825-E3D0-46D9-8E17-747A9CA2B40C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-31] (Adobe Systems Incorporated)
Task: {1DA42FB5-4AFE-4F80-8E14-6F881963C0CD} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {369537D6-8493-47DE-8356-584BFE3A2F08} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07] (Google Inc.)
Task: {5B2FC021-CC22-4D43-9783-216B7230F293} - System32\Tasks\HPCustParticipation HP Officejet 6500 E710n-z => C:\Program Files\HP\HP Officejet 6500 E710n-z\Bin\HPCustPartic.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {6E7BFED4-24D4-4FEF-B1A3-FCB9CDF22933} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07] (Google Inc.)
Task: {DF08F703-1853-4F9C-87D1-EAF6A715EC0A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-24 11:53 - 2013-10-23 15:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-08 08:33 - 2009-07-16 11:20 - 00077824 _____ () C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\DTMessageLib.dll
2013-12-24 11:31 - 2009-12-09 21:20 - 00126976 _____ () C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\EnumDevLib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-3116449129-1219029433-383667146-500 - Administrator - Disabled)
Flip (S-1-5-21-3116449129-1219029433-383667146-1003 - Administrator - Enabled) => C:\Users\Flip
Guest (S-1-5-21-3116449129-1219029433-383667146-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3116449129-1219029433-383667146-1002 - Limited - Enabled)
User (S-1-5-21-3116449129-1219029433-383667146-1000 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 11:20:28 AM) (Source: MsiInstaller) (EventID: 1024) (User: LMLFLIP)
Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/10/2014 00:55:54 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (11/08/2014 03:59:52 PM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (11/07/2014 09:40:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SnagitEditor.exe, version: 10.0.0.788, time stamp: 0x4bc4ea08
Faulting module name: SnagitEditor.exe, version: 10.0.0.788, time stamp: 0x4bc4ea08
Exception code: 0xc0000005
Fault offset: 0x00134947
Faulting process id: 0xefb0
Faulting application start time: 0xSnagitEditor.exe0
Faulting application path: SnagitEditor.exe1
Faulting module path: SnagitEditor.exe2
Report Id: SnagitEditor.exe3

Error: (11/06/2014 09:03:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: snagiteditor.exe, version: 10.0.0.788, time stamp: 0x4bc4ea08
Faulting module name: snagiteditor.exe, version: 10.0.0.788, time stamp: 0x4bc4ea08
Exception code: 0xc0000005
Fault offset: 0x00134947
Faulting process id: 0x65ec
Faulting application start time: 0xsnagiteditor.exe0
Faulting application path: snagiteditor.exe1
Faulting module path: snagiteditor.exe2
Report Id: snagiteditor.exe3

Error: (11/05/2014 02:45:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17344, time stamp: 0x541b6f63
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x0003662e
Faulting process id: 0x12d4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (11/04/2014 02:15:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5d3c

Start Time: 01cff86bff5a64b5

Termination Time: 61

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 4c176b37-645f-11e4-965b-842b2bc1303e

Error: (11/04/2014 02:14:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6108

Start Time: 01cff86b4cff5947

Termination Time: 80

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 391f2f1c-645f-11e4-965b-842b2bc1303e

Error: (11/04/2014 01:24:35 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (11/03/2014 05:09:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Ewrztowuubcn.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: drprevk.dll, version: 1.0.0.0, time stamp: 0x544f8934
Exception code: 0xc0000005
Fault offset: 0x0001586b
Faulting process id: 0x1fec
Faulting application start time: 0xEwrztowuubcn.exe0
Faulting application path: Ewrztowuubcn.exe1
Faulting module path: Ewrztowuubcn.exe2
Report Id: Ewrztowuubcn.exe3

System errors:
=============
Error: (11/10/2014 11:19:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/10/2014 11:19:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (11/10/2014 11:19:08 AM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

 Feature: %%835

 Error Code: 0x80004005

 Error description: Unspecified error

 Reason: %%842

Error: (11/10/2014 11:11:44 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/10/2014 11:11:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/10/2014 11:11:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Online Backup Backup Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/10/2014 11:11:14 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/10/2014 11:11:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/10/2014 11:11:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/10/2014 11:11:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Network Inspection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 15000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™2 Quad CPU Q9650 @ 3.00GHz
Percentage of memory in use: 17%
Total physical RAM: 15293.59 MB
Available physical RAM: 12628.55 MB
Total Pagefile: 30585.37 MB
Available Pagefile: 27843.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.18 GB) (Free:403.42 GB) NTFS
Drive d: () (Fixed) (Total:443.23 GB) (Free:443.09 GB) NTFS
Drive f: () (Removable) (Total:14.9 GB) (Free:14.9 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1A33782E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

# AdwCleaner v4.101 - Report created 10/11/2014 at 11:40:24
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Flip - LMLFLIP
# Running from : C:\Users\Flip\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ARIL0WW5\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

*************************

AdwCleaner[R0].txt - [1210 octets] - [10/11/2014 11:31:30]
AdwCleaner[S0].txt - [1131 octets] - [10/11/2014 11:40:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1191 octets] ##########

 

 

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Flip [Administrator]
Mode : Scan -- Date : 11/10/2014  11:54:24

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{47EFC679-1932-4B6E-A587-FC1A1EFC9B37} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8310BEF2-1137-4CC3-AA85-C37B26A648C8} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{47EFC679-1932-4B6E-A587-FC1A1EFC9B37} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8310BEF2-1137-4CC3-AA85-C37B26A648C8} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{47EFC679-1932-4B6E-A587-FC1A1EFC9B37} | DhcpNameServer : 172.20.10.1 [(Private Address) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8310BEF2-1137-4CC3-AA85-C37B26A648C8} | DhcpNameServer : 68.105.28.11 68.105.29.11 68.105.28.12 [UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++
--- User ---
[MBR] ba7822aca3e564946a9a25ed04181075
[BSP] 76bc828b28d6e82dea4b71d4d2c4c10b : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 499900 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1024002048 | Size: 453867 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SanDisk Cruzer USB Device +++++
--- User ---
[MBR] a124dc1f32b91ceacb765c7a5ad6ec2e
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 32 | Size: 15266 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )



#8 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:02:55 AM

Posted 10 November 2014 - 05:27 PM

Please follow these steps:

1.- Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it to your Desktop as fixlist.txt
 
S1 aaiaqeya; \??\C:\Windows\system32\drivers\aaiaqeya.sys [X]
S1 abrujbdw; \??\C:\Windows\system32\drivers\abrujbdw.sys [X]
S1 acnswagp; \??\C:\Windows\system32\drivers\acnswagp.sys [X]
S1 aisnspcf; \??\C:\Windows\system32\drivers\aisnspcf.sys [X]
S1 ajoyocwk; \??\C:\Windows\system32\drivers\ajoyocwk.sys [X]
S1 alhttosl; \??\C:\Windows\system32\drivers\alhttosl.sys [X]
S1 aodsynxy; \??\C:\Windows\system32\drivers\aodsynxy.sys [X]
S1 asjarlrl; \??\C:\Windows\system32\drivers\asjarlrl.sys [X]
S1 awqypcyt; \??\C:\Windows\system32\drivers\awqypcyt.sys [X]
S1 bhsmwzvj; \??\C:\Windows\system32\drivers\bhsmwzvj.sys [X]
S1 biaozwoe; \??\C:\Windows\system32\drivers\biaozwoe.sys [X]
S1 bjusfvrp; \??\C:\Windows\system32\drivers\bjusfvrp.sys [X]
S1 blumcrjz; \??\C:\Windows\system32\drivers\blumcrjz.sys [X]
S1 bpyvgvnr; \??\C:\Windows\system32\drivers\bpyvgvnr.sys [X]
S1 calgdhlt; \??\C:\Windows\system32\drivers\calgdhlt.sys [X]
S1 cayrbtmj; \??\C:\Windows\system32\drivers\cayrbtmj.sys [X]
S1 cbbwruiz; \??\C:\Windows\system32\drivers\cbbwruiz.sys [X]
S1 cdzybjnb; \??\C:\Windows\system32\drivers\cdzybjnb.sys [X]
S1 cexumkgy; \??\C:\Windows\system32\drivers\cexumkgy.sys [X]
S1 cinejrdw; \??\C:\Windows\system32\drivers\cinejrdw.sys [X]
S1 cpukylya; \??\C:\Windows\system32\drivers\cpukylya.sys [X]
S1 cqfltzci; \??\C:\Windows\system32\drivers\cqfltzci.sys [X]
S1 cvsxuaax; \??\C:\Windows\system32\drivers\cvsxuaax.sys [X]
S1 cvvtympc; \??\C:\Windows\system32\drivers\cvvtympc.sys [X]
S1 dblulvra; \??\C:\Windows\system32\drivers\dblulvra.sys [X]
S1 ddnfdgcj; \??\C:\Windows\system32\drivers\ddnfdgcj.sys [X]
S1 dilwugwb; \??\C:\Windows\system32\drivers\dilwugwb.sys [X]
S1 dnjydtuc; \??\C:\Windows\system32\drivers\dnjydtuc.sys [X]
S1 dsjpolbm; \??\C:\Windows\system32\drivers\dsjpolbm.sys [X]
S1 dyddxwbv; \??\C:\Windows\system32\drivers\dyddxwbv.sys [X]
S1 ecoflcej; \??\C:\Windows\system32\drivers\ecoflcej.sys [X]
S1 efbzbfeq; \??\C:\Windows\system32\drivers\efbzbfeq.sys [X]
S1 egilhdvm; \??\C:\Windows\system32\drivers\egilhdvm.sys [X]
S1 ehutpshg; \??\C:\Windows\system32\drivers\ehutpshg.sys [X]
S1 ekbujxgc; \??\C:\Windows\system32\drivers\ekbujxgc.sys [X]
S1 eqpmedod; \??\C:\Windows\system32\drivers\eqpmedod.sys [X]
S1 ermkaaos; \??\C:\Windows\system32\drivers\ermkaaos.sys [X]
S1 etoujigi; \??\C:\Windows\system32\drivers\etoujigi.sys [X]
S1 etuwpylf; \??\C:\Windows\system32\drivers\etuwpylf.sys [X]
S1 evoqbzcs; \??\C:\Windows\system32\drivers\evoqbzcs.sys [X]
S1 ewbfdsru; \??\C:\Windows\system32\drivers\ewbfdsru.sys [X]
S1 fawtebtz; \??\C:\Windows\system32\drivers\fawtebtz.sys [X]
S1 fcgoqgdo; \??\C:\Windows\system32\drivers\fcgoqgdo.sys [X]
S1 fddnoyzt; \??\C:\Windows\system32\drivers\fddnoyzt.sys [X]
S1 firlnysf; \??\C:\Windows\system32\drivers\firlnysf.sys [X]
S1 fkcxuqtp; \??\C:\Windows\system32\drivers\fkcxuqtp.sys [X]
S1 fkdtibnk; \??\C:\Windows\system32\drivers\fkdtibnk.sys [X]
S1 fsvaycod; \??\C:\Windows\system32\drivers\fsvaycod.sys [X]
S1 fsyqifps; \??\C:\Windows\system32\drivers\fsyqifps.sys [X]
S1 ftfotbxm; \??\C:\Windows\system32\drivers\ftfotbxm.sys [X]
S1 fxyzblua; \??\C:\Windows\system32\drivers\fxyzblua.sys [X]
S1 gacblglp; \??\C:\Windows\system32\drivers\gacblglp.sys [X]
S1 gcipvgay; \??\C:\Windows\system32\drivers\gcipvgay.sys [X]
S1 gffgthcf; \??\C:\Windows\system32\drivers\gffgthcf.sys [X]
S1 ggppxkxg; \??\C:\Windows\system32\drivers\ggppxkxg.sys [X]
S1 glaqvjea; \??\C:\Windows\system32\drivers\glaqvjea.sys [X]
S1 glsgofda; \??\C:\Windows\system32\drivers\glsgofda.sys [X]
S1 gmbiudqf; \??\C:\Windows\system32\drivers\gmbiudqf.sys [X]
S1 gontfaex; \??\C:\Windows\system32\drivers\gontfaex.sys [X]
S1 gotequfu; \??\C:\Windows\system32\drivers\gotequfu.sys [X]
S1 gvmnlber; \??\C:\Windows\system32\drivers\gvmnlber.sys [X]
S1 hclbpntl; \??\C:\Windows\system32\drivers\hclbpntl.sys [X]
S1 heqdcyao; \??\C:\Windows\system32\drivers\heqdcyao.sys [X]
S1 hgyrodla; \??\C:\Windows\system32\drivers\hgyrodla.sys [X]
S1 hipclvam; \??\C:\Windows\system32\drivers\hipclvam.sys [X]
S1 hliiukeu; \??\C:\Windows\system32\drivers\hliiukeu.sys [X]
S1 hmbmrylk; \??\C:\Windows\system32\drivers\hmbmrylk.sys [X]
S1 hmedypzb; \??\C:\Windows\system32\drivers\hmedypzb.sys [X]
S1 hnkfutke; \??\C:\Windows\system32\drivers\hnkfutke.sys [X]
S1 hqkmbxul; \??\C:\Windows\system32\drivers\hqkmbxul.sys [X]
S1 hxyysjcs; \??\C:\Windows\system32\drivers\hxyysjcs.sys [X]
S1 iaympqqc; \??\C:\Windows\system32\drivers\iaympqqc.sys [X]
S1 icbcxqum; \??\C:\Windows\system32\drivers\icbcxqum.sys [X]
S1 ideyltuq; \??\C:\Windows\system32\drivers\ideyltuq.sys [X]
S1 iqawgcwd; \??\C:\Windows\system32\drivers\iqawgcwd.sys [X]
S1 iyzovzvo; \??\C:\Windows\system32\drivers\iyzovzvo.sys [X]
S1 jfnawxzx; \??\C:\Windows\system32\drivers\jfnawxzx.sys [X]
S1 jkllgbzy; \??\C:\Windows\system32\drivers\jkllgbzy.sys [X]
S1 jlphqbpu; \??\C:\Windows\system32\drivers\jlphqbpu.sys [X]
S1 juedjrtu; \??\C:\Windows\system32\drivers\juedjrtu.sys [X]
S1 jypnjkaq; \??\C:\Windows\system32\drivers\jypnjkaq.sys [X]
S1 kffriqwj; \??\C:\Windows\system32\drivers\kffriqwj.sys [X]
S1 kfqexohq; \??\C:\Windows\system32\drivers\kfqexohq.sys [X]
S1 khzcxmqj; \??\C:\Windows\system32\drivers\khzcxmqj.sys [X]
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

2.- Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Please open Malwarebytes Anti-Malware
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Please update the database by clicking on the Update Now button as shown below.
Capture1_zps47821576.jpg
  • Following the update, Click Settings > Detection and Protection and make sure Scan for Rootkits it checked.
MBAM%20rootkit%20setting.jpg
  • Click on Dashboard, then click on the large green Scan Now button to begin the Threat Scan.If Malware or Potentially Unwanted Programs are found you will receive a Prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.
  • A window with an option to view the detailed log will appear. Click on View Detailed Log.
MBAMThreatScan_zpsc6c6daeb.jpg
  • After viewing the results, please click on the Copy to Clipboard button > OK.
    MBAMScanLog_zps21b494ad.jpg
  • Return to our forum. Paste your log into your next reply.
  • Note: If you lose the Clipboard copy and need to retrieve the log again it can be found by opening Malwarebytes and clicking on History> Application Logs with the date of the scan. Simply double-click on that in order to see the options for Copying to Clipboard or to Export to a .txt file (Notepad). etc.. The .txt file can be saved and posted when you are ready.
3.- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes and if it finds anything, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


#9 Flipster8

Flipster8
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 11 November 2014 - 08:08 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Flip at 2014-11-10 20:48:46 Run:2
Running from C:\Users\Flip\Desktop
Loaded Profile: Flip (Available profiles: User & Flip)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S1 aaiaqeya;
\??\C:\Windows\system32\drivers\aaiaqeya.sys [X]
S1 abrujbdw; \??\C:\Windows\system32\drivers\abrujbdw.sys [X]
S1 acnswagp; \??\C:\Windows\system32\drivers\acnswagp.sys [X]
S1 aisnspcf; \??\C:\Windows\system32\drivers\aisnspcf.sys [X]
S1 ajoyocwk; \??\C:\Windows\system32\drivers\ajoyocwk.sys [X]
S1 alhttosl; \??\C:\Windows\system32\drivers\alhttosl.sys [X]
S1 aodsynxy; \??\C:\Windows\system32\drivers\aodsynxy.sys [X]
S1 asjarlrl; \??\C:\Windows\system32\drivers\asjarlrl.sys [X]
S1 awqypcyt; \??\C:\Windows\system32\drivers\awqypcyt.sys [X]
S1 bhsmwzvj; \??\C:\Windows\system32\drivers\bhsmwzvj.sys [X]
S1 biaozwoe; \??\C:\Windows\system32\drivers\biaozwoe.sys [X]
S1 bjusfvrp; \??\C:\Windows\system32\drivers\bjusfvrp.sys [X]
S1 blumcrjz; \??\C:\Windows\system32\drivers\blumcrjz.sys [X]
S1 bpyvgvnr; \??\C:\Windows\system32\drivers\bpyvgvnr.sys [X]
S1 calgdhlt; \??\C:\Windows\system32\drivers\calgdhlt.sys [X]
S1 cayrbtmj; \??\C:\Windows\system32\drivers\cayrbtmj.sys [X]
S1
cbbwruiz; \??\C:\Windows\system32\drivers\cbbwruiz.sys [X]
S1 cdzybjnb; \??\C:\Windows\system32\drivers\cdzybjnb.sys [X]
S1 cexumkgy; \??\C:\Windows\system32\drivers\cexumkgy.sys [X]
S1 cinejrdw; \??\C:\Windows\system32\drivers\cinejrdw.sys [X]
S1 cpukylya; \??\C:\Windows\system32\drivers\cpukylya.sys [X]
S1 cqfltzci; \??\C:\Windows\system32\drivers\cqfltzci.sys [X]
S1 cvsxuaax; \??\C:\Windows\system32\drivers\cvsxuaax.sys [X]
S1 cvvtympc; \??\C:\Windows\system32\drivers\cvvtympc.sys [X]
S1 dblulvra; \??\C:\Windows\system32\drivers\dblulvra.sys [X]
S1 ddnfdgcj; \??\C:\Windows\system32\drivers\ddnfdgcj.sys [X]
S1 dilwugwb; \??\C:\Windows\system32\drivers\dilwugwb.sys [X]
S1 dnjydtuc; \??\C:\Windows\system32\drivers\dnjydtuc.sys [X]
S1 dsjpolbm; \??\C:\Windows\system32\drivers\dsjpolbm.sys [X]
S1 dyddxwbv; \??\C:\Windows\system32\drivers\dyddxwbv.sys [X]
S1 ecoflcej; \??\C:\Windows\system32\drivers\ecoflcej.sys [X]
S1 efbzbfeq; \??\C:\Windows\system32\drivers\efbzbfeq.sys
[X]
S1 egilhdvm; \??\C:\Windows\system32\drivers\egilhdvm.sys [X]
S1 ehutpshg; \??\C:\Windows\system32\drivers\ehutpshg.sys [X]
S1 ekbujxgc; \??\C:\Windows\system32\drivers\ekbujxgc.sys [X]
S1 eqpmedod; \??\C:\Windows\system32\drivers\eqpmedod.sys [X]
S1 ermkaaos; \??\C:\Windows\system32\drivers\ermkaaos.sys [X]
S1 etoujigi; \??\C:\Windows\system32\drivers\etoujigi.sys [X]
S1 etuwpylf; \??\C:\Windows\system32\drivers\etuwpylf.sys [X]
S1 evoqbzcs; \??\C:\Windows\system32\drivers\evoqbzcs.sys [X]
S1 ewbfdsru; \??\C:\Windows\system32\drivers\ewbfdsru.sys [X]
S1 fawtebtz; \??\C:\Windows\system32\drivers\fawtebtz.sys [X]
S1 fcgoqgdo; \??\C:\Windows\system32\drivers\fcgoqgdo.sys [X]
S1 fddnoyzt; \??\C:\Windows\system32\drivers\fddnoyzt.sys [X]
S1 firlnysf; \??\C:\Windows\system32\drivers\firlnysf.sys [X]
S1 fkcxuqtp; \??\C:\Windows\system32\drivers\fkcxuqtp.sys [X]
S1 fkdtibnk; \??\C:\Windows\system32\drivers\fkdtibnk.sys [X]
S1 fsvaycod;
\??\C:\Windows\system32\drivers\fsvaycod.sys [X]
S1 fsyqifps; \??\C:\Windows\system32\drivers\fsyqifps.sys [X]
S1 ftfotbxm; \??\C:\Windows\system32\drivers\ftfotbxm.sys [X]
S1 fxyzblua; \??\C:\Windows\system32\drivers\fxyzblua.sys [X]
S1 gacblglp; \??\C:\Windows\system32\drivers\gacblglp.sys [X]
S1 gcipvgay; \??\C:\Windows\system32\drivers\gcipvgay.sys [X]
S1 gffgthcf; \??\C:\Windows\system32\drivers\gffgthcf.sys [X]
S1 ggppxkxg; \??\C:\Windows\system32\drivers\ggppxkxg.sys [X]
S1 glaqvjea; \??\C:\Windows\system32\drivers\glaqvjea.sys [X]
S1 glsgofda; \??\C:\Windows\system32\drivers\glsgofda.sys [X]
S1 gmbiudqf; \??\C:\Windows\system32\drivers\gmbiudqf.sys [X]
S1 gontfaex; \??\C:\Windows\system32\drivers\gontfaex.sys [X]
S1 gotequfu; \??\C:\Windows\system32\drivers\gotequfu.sys [X]
S1 gvmnlber; \??\C:\Windows\system32\drivers\gvmnlber.sys [X]
S1 hclbpntl; \??\C:\Windows\system32\drivers\hclbpntl.sys [X]
S1 heqdcyao; \??\C:\Windows\system32\drivers\heqdcyao.sys [X]
S1
hgyrodla; \??\C:\Windows\system32\drivers\hgyrodla.sys [X]
S1 hipclvam; \??\C:\Windows\system32\drivers\hipclvam.sys [X]
S1 hliiukeu; \??\C:\Windows\system32\drivers\hliiukeu.sys [X]
S1 hmbmrylk; \??\C:\Windows\system32\drivers\hmbmrylk.sys [X]
S1 hmedypzb; \??\C:\Windows\system32\drivers\hmedypzb.sys [X]
S1 hnkfutke; \??\C:\Windows\system32\drivers\hnkfutke.sys [X]
S1 hqkmbxul; \??\C:\Windows\system32\drivers\hqkmbxul.sys [X]
S1 hxyysjcs; \??\C:\Windows\system32\drivers\hxyysjcs.sys [X]
S1 iaympqqc; \??\C:\Windows\system32\drivers\iaympqqc.sys [X]
S1 icbcxqum; \??\C:\Windows\system32\drivers\icbcxqum.sys [X]
S1 ideyltuq; \??\C:\Windows\system32\drivers\ideyltuq.sys [X]
S1 iqawgcwd; \??\C:\Windows\system32\drivers\iqawgcwd.sys [X]
S1 iyzovzvo; \??\C:\Windows\system32\drivers\iyzovzvo.sys [X]
S1 jfnawxzx; \??\C:\Windows\system32\drivers\jfnawxzx.sys [X]
S1 jkllgbzy; \??\C:\Windows\system32\drivers\jkllgbzy.sys [X]
S1 jlphqbpu; \??\C:\Windows\system32\drivers\jlphqbpu.sys
[X]
S1 juedjrtu; \??\C:\Windows\system32\drivers\juedjrtu.sys [X]
S1 jypnjkaq; \??\C:\Windows\system32\drivers\jypnjkaq.sys [X]
S1 kffriqwj; \??\C:\Windows\system32\drivers\kffriqwj.sys [X]
S1 kfqexohq; \??\C:\Windows\system32\drivers\kfqexohq.sys [X]
S1 khzcxmqj; \??\C:\Windows\system32\drivers\khzcxmqj.sys [X]
*****************

aaiaqeya => Service deleted successfully.
\??\C:\Windows\system32\drivers\aaiaqeya.sys [X] => Error: No automatic fix found for this entry.
abrujbdw => Service deleted successfully.
acnswagp => Service deleted successfully.
aisnspcf => Service deleted successfully.
ajoyocwk => Service deleted successfully.
alhttosl => Service deleted successfully.
aodsynxy => Service deleted successfully.
asjarlrl => Service deleted successfully.
awqypcyt => Service deleted successfully.
bhsmwzvj => Service deleted successfully.
biaozwoe => Service deleted successfully.
bjusfvrp => Service deleted successfully.
blumcrjz => Service deleted successfully.
bpyvgvnr => Service deleted successfully.
calgdhlt => Service deleted successfully.
cayrbtmj => Service deleted successfully.
S1 => Error: No automatic fix found for this entry.
cbbwruiz; \??\C:\Windows\system32\drivers\cbbwruiz.sys [X] => Error: No automatic fix found for this entry.
cdzybjnb => Service deleted successfully.
cexumkgy => Service deleted successfully.
cinejrdw => Service deleted successfully.
cpukylya => Service deleted successfully.
cqfltzci => Service deleted successfully.
cvsxuaax => Service deleted successfully.
cvvtympc => Service deleted successfully.
dblulvra => Service deleted successfully.
ddnfdgcj => Service deleted successfully.
dilwugwb => Service deleted successfully.
dnjydtuc => Service deleted successfully.
dsjpolbm => Service deleted successfully.
dyddxwbv => Service deleted successfully.
ecoflcej => Service deleted successfully.
efbzbfeq => Service deleted successfully.
[X] => Error: No automatic fix found for this entry.
egilhdvm => Service deleted successfully.
ehutpshg => Service deleted successfully.
ekbujxgc => Service deleted successfully.
eqpmedod => Service deleted successfully.
ermkaaos => Service deleted successfully.
etoujigi => Service deleted successfully.
etuwpylf => Service deleted successfully.
evoqbzcs => Service deleted successfully.
ewbfdsru => Service deleted successfully.
fawtebtz => Service deleted successfully.
fcgoqgdo => Service deleted successfully.
fddnoyzt => Service deleted successfully.
firlnysf => Service deleted successfully.
fkcxuqtp => Service deleted successfully.
fkdtibnk => Service deleted successfully.
fsvaycod => Service deleted successfully.
\??\C:\Windows\system32\drivers\fsvaycod.sys [X] => Error: No automatic fix found for this entry.
fsyqifps => Service deleted successfully.
ftfotbxm => Service deleted successfully.
fxyzblua => Service deleted successfully.
gacblglp => Service deleted successfully.
gcipvgay => Service deleted successfully.
gffgthcf => Service deleted successfully.
ggppxkxg => Service deleted successfully.
glaqvjea => Service deleted successfully.
glsgofda => Service deleted successfully.
gmbiudqf => Service deleted successfully.
gontfaex => Service deleted successfully.
gotequfu => Service deleted successfully.
gvmnlber => Service deleted successfully.
hclbpntl => Service deleted successfully.
heqdcyao => Service deleted successfully.
S1 => Error: No automatic fix found for this entry.
hgyrodla; \??\C:\Windows\system32\drivers\hgyrodla.sys [X] => Error: No automatic fix found for this entry.
hipclvam => Service deleted successfully.
hliiukeu => Service deleted successfully.
hmbmrylk => Service deleted successfully.
hmedypzb => Service deleted successfully.
hnkfutke => Service deleted successfully.
hqkmbxul => Service deleted successfully.
hxyysjcs => Service deleted successfully.
iaympqqc => Service deleted successfully.
icbcxqum => Service deleted successfully.
ideyltuq => Service deleted successfully.
iqawgcwd => Service deleted successfully.
iyzovzvo => Service deleted successfully.
jfnawxzx => Service deleted successfully.
jkllgbzy => Service deleted successfully.
jlphqbpu => Service deleted successfully.
[X] => Error: No automatic fix found for this entry.
juedjrtu => Service deleted successfully.
jypnjkaq => Service deleted successfully.
kffriqwj => Service deleted successfully.
kfqexohq => Service deleted successfully.
khzcxmqj => Service deleted successfully.

==== End of Fixlog ====

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/11/2014
Scan Time: 2:44:00 AM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.11.03
Rootkit Database: v2014.11.10.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Flip

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366317
Time Elapsed: 6 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

eset found no threats. I saw no log to export



#10 Rootk

Rootk

  • Malware Response Team
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easter Island, Chile.
  • Local time:02:55 AM

Posted 11 November 2014 - 10:33 PM

Do the following:

Open notepad. Please copy the contents of the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it to your Desktop as fixlist.txt
 
S1 cbbwruiz; \??\C:\Windows\system32\drivers\cbbwruiz.sys [X]
S1 fsvaycod; \??\C:\Windows\system32\drivers\fsvaycod.sys [X]
S1 hgyrodla; \??\C:\Windows\system32\drivers\hgyrodla.sys [X]
NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST and press the Fix button just once and wait.
The tool will make a log on your desktop (Fixlog.txt) please post it to your reply.

Once you have done that. Reboot the computer and let me know how things are now.

#11 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:01:55 AM

Posted 26 January 2015 - 11:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users