Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Child Downloaded virus on Home Office CPU (ComboFix Help)


  • This topic is locked This topic is locked
28 replies to this topic

#1 joe_black

joe_black

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 01 December 2014 - 12:45 AM

Hello,

 

I will apologize for my ignorance up front in hopes that you all forgive me after reading my post.

 

Recently my child was fooling around on the home office cpu after being told not to and downloaded a nasty virus affecting Google Chrome that my wife uses for school. The browser would lock up and load warnings that the cpu was under attack, that we were infected, and needed to call an "855- Number." I promptly ran all my tools I had in hand and found that it was worse than I expected especially after I rebooted my computer after running AdwCleaner, MalwareBytes,Trend House-Call and MS Security Essentials. I recently ran RKill and found even more. I then got desparate and before reading about ComboFix and ran the scan. I accidentally closed the word pad doc before I read the notes, but did find the quarantine log in the "Qoobox" file. I also remember reading the in the notes that Windows/SysWOW64 was infected. 

 

I have posted the information I could find below from ComboFix from tonight and MB from 11/11 below that:

 

Combofix

2014-12-01 04:44:20 . 2014-12-01 04:44:20              171 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892}.reg.dat
2014-12-01 04:43:47 . 2014-12-01 04:43:47              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2014-12-01 04:42:36 . 2014-12-01 04:42:36              166 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKCU-Run-HLBackupScheduler.reg.dat
2014-12-01 04:16:01 . 2014-12-01 04:16:01            6,647 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-12-01 04:09:55 . 2014-12-01 04:09:55               51 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2012-03-21 04:02:32 . 2013-01-25 22:22:39              258 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\ntuser.pol.vir
2011-03-19 06:16:23 . 2011-03-19 06:16:23        1,056,768 ----a-w-  C:\Qoobox\Quarantine\C\Windows\security\database\tmp.edb.vir
2011-02-03 15:01:49 . 2011-02-03 15:01:49           72,080 ----a-w-  C:\Qoobox\Quarantine\C\Users\Office\g2mdlhlpx.exe.vir
2007-11-07 15:03:18 . 2007-11-07 15:03:18          562,688 ----a-w-  C:\Qoobox\Quarantine\C\install.exe.vir
1997-12-23 17:14:16 . 1997-12-23 17:14:16           91,648 ----a-w-  C:\Qoobox\Quarantine\C\Program Files (x86)\intellidownload\gunzip.exe.vir

 

Malwarebytes

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/11/2014
Scan Time: 2:42:27 PM
Logfile: Malwarebytes Text.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.11.09
Rootkit Database: v2014.11.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Office

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342330
Time Elapsed: 20 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 2
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Client.exe, 640, Delete-on-Reboot, [6a1b0139cfadb48234d57832f21230d0]
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe, 6204, Delete-on-Reboot, [2a5b2e0c48348ea8b443ba48946ffb05]

Modules: 1
PUP.Optional.Conduit.A, C:\Program Files (x86)\ORBTR\orbiter.dll, Delete-on-Reboot, [3253d06a90ec75c1c2b08d2e7b8648b8],

Registry Keys: 115
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, Quarantined, [81040238621ae84ea8dc9114e71abd43],
PUP.Optional.ConsumerInput.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\consumerinput_update, Quarantined, [493c2a10daa24aec5436b1cccb361ce4],
PUP.Optional.ConsumerInput.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\consumerinput_updatem, Quarantined, [493c2a10daa24aec5436b1cccb361ce4],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CONSUMERINPUTUPDATE.EXE, Quarantined, [493c2a10daa24aec5436b1cccb361ce4],
PUP.Optional.ConsumerInput.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CONSUMERINPUTUPDATE.EXE, Quarantined, [493c2a10daa24aec5436b1cccb361ce4],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{06f98d07-504d-4d90-9532-e6615fc1a434}, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{06F98D07-504D-4D90-9532-E6615FC1A434}, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{06F98D07-504D-4D90-9532-E6615FC1A434}, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\SaverAddon.SaverAddon, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\SaverAddon.SaverAddon.9, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaverAddon.SaverAddon, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SaverAddon.SaverAddon.9, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{06F98D07-504D-4D90-9532-E6615FC1A434}, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, HKU\S-1-5-21-1703729140-4153912327-3462029305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{06F98D07-504D-4D90-9532-E6615FC1A434}, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, HKU\S-1-5-21-1703729140-4153912327-3462029305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{06F98D07-504D-4D90-9532-E6615FC1A434}, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{06F98D07-504D-4D90-9532-E6615FC1A434}, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{06F98D07-504D-4D90-9532-E6615FC1A434}, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\CLASSES\CLSID\{06F98D07-504D-4D90-9532-E6615FC1A434}\INPROCSERVER32, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\dcabho.Dca.1, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\dcabho.Dca, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\dcabho.Dca, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\dcabho.Dca.1, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.Consumer.Input.A, HKU\S-1-5-21-1703729140-4153912327-3462029305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.Consumer.Input.A, HKU\S-1-5-21-1703729140-4153912327-3462029305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1703729140-4153912327-3462029305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [5b2af9414f2da78fb9ab4e6659a9d32d],
PUP.Optional.VOPackage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPackage, Quarantined, [4540e2585f1df6409342d560c43fd729],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchExtensions.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\RocketTab, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [434276c47efed066ba83630be61d3fc1],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [8cf97fbbb4c892a4c37a5618da29c838],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [e99c6bcf27554ee8bb82b5b9679c50b0],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [11741327f488de581429ed811fe40bf5],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [aadb9f9babd1e84e033a9cd219eac937],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [d7aef4466f0ddc5a211c4d2110f3c040],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [97eefc3e83f993a3e05d541a72913fc1],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [f68f9d9d314b89adcc71e18dc93a54ac],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [96efa694c7b5c86e55e81a54e320a15f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [bec7c773225a3ff70736303e2ad95ba5],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [9ce955e5ff7da88ed16c3b33a95a30d0],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [d3b2a991dca04fe70f2e48267093758b],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [5c29db5fbdbf91a5cd70e98510f3847c],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [6d181228037947ef7dc0105e17ec9c64],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [295cb3870d6f1f1741fc78f6ec17c13f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [9de8df5b5923cd69d86574face3558a8],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [a5e0cd6d53290d290a332f3f1ce78b75],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [483d63d7354750e6b08d531b14efea16],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [a8dd9c9ed4a823136ad39dd18a795ba5],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [fa8b0f2bee8e12241e1f0d6124df58a8],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [89fc56e494e870c6ef4e7ef0b3501ee2],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [f293083289f30c2add60b4ba3fc4de22],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [daabe95197e52e08a499036b60a35ca4],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [3253300a1963fb3b380574fae22123dd],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, Quarantined, [dca92f0b7ffd7db9160685224fb5d22e],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, Quarantined, [345183b714683ef84ecdc6e10103f30d],
PUP.Optional.RocketTab.A, HKLM\SOFTWARE\WOW6432NODE\RocketTab, Quarantined, [b2d339012953330304b0b4868281639d],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync, Quarantined, [30551d1d5626d264af8ec5a9ba498b75],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoCreateAsync.1.0, Quarantined, [e4a1ad8d4a327eb8cc715c12020121df],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass, Quarantined, [22635edca0dcd85ed667b7b78182ba46],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreClass.1, Quarantined, [4c39b5853b41e74fb08d0866ab58cd33],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass, Quarantined, [c4c1d4664d2fb2848fae81ed8182be42],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CoreMachineClass.1, Quarantined, [6b1a48f24c30b086b78628463bc8f907],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine, Quarantined, [a5e097a36715fa3c142992dc798ace32],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.CredentialDialogMachine.1.0, Quarantined, [3a4bc476e894c472ad90ed8141c225db],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine, Quarantined, [711475c537457abcef4e96d8aa5953ad],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [612447f3611bcb6be954ef7f867ddf21],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback, Quarantined, [a3e209317606b38376c7b9b5cc376997],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [b6cfcb6fd7a531052c11224cb152ff01],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc, Quarantined, [8005211903791c1ab984521c788b13ed],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.OnDemandCOMClassSvc.1.0, Quarantined, [3a4b6ad05f1d24129f9e65090ff4c13f],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher, Quarantined, [41441d1dc9b366d06bd27df112f111ef],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.ProcessLauncher.1.0, Quarantined, [6b1a2c0e0478e056f647224cfb087e82],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService, Quarantined, [55303703abd161d5f7465f0ffe05ad53],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3COMClassService.1.0, Quarantined, [bcc9db5f06762d0994a9ff6f23e047b9],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine, Quarantined, [99ece7534933dd599aa30d61bd466d93],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachine.1.0, Quarantined, [790c57e3a3d9c274e954551960a34db3],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback, Quarantined, [850079c1324a1f176ecf3c321de643bd],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebMachineFallback.1.0, Quarantined, [186d91a9dba11125172699d5cc37db25],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc, Quarantined, [13724feb2557d85ef44998d6cf34ce32],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConsumerInputUpdate.Update3WebSvc.1.0, Quarantined, [493cec4ef4889d99da6376f8d42f39c7],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [d9ac2e0c8bf1a294f49aaf9ac34023dd],
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, Quarantined, [dea7b9813a42b581e7fdec563dc6f709],
PUP.Optional.RocketTab.A, HKU\S-1-5-21-1703729140-4153912327-3462029305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, Quarantined, [6b1a2c0e89f39e9820957cbe39ca649c],
PUP.Optional.RocketTab.A, HKU\S-1-5-21-1703729140-4153912327-3462029305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS, Quarantined, [7d088bafdaa2f046b656d6d429db5ca4],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Consumer Input Installer, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{15527BF5-9729-49DC-889C-9F956983154C}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C015D269-0F4E-4B52-A91F-721F6DAC9437}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{15527BF5-9729-49DC-889C-9F956983154C}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C015D269-0F4E-4B52-A91F-721F6DAC9437}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\CptUrlPassthru.HttpMonitor.1, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\CptUrlPassthru.HttpMonitor, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CptUrlPassthru.HttpMonitor, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CptUrlPassthru.HttpMonitor.1, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{82025773-B1B0-497b-B942-0171A2E42C3C}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\CptUrlPassthru.HttpHeaders.1, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\CptUrlPassthru.HttpHeaders, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CptUrlPassthru.HttpHeaders, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CptUrlPassthru.HttpHeaders.1, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{294BC5A4-7157-4131-AB81-1DEC393D0F0A}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{06306AA5-80A1-4260-A9A3-A8E10F6AA8B7}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E98F6ADA-0655-45F4-9141-9F7A18C5B46B}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{06306AA5-80A1-4260-A9A3-A8E10F6AA8B7}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E98F6ADA-0655-45F4-9141-9F7A18C5B46B}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{294BC5A4-7157-4131-AB81-1DEC393D0F0A}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{95C8DE84-989C-4235-A5B1-84E8B6A4384A}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D8F06F2A-FDCE-4F12-8D2A-7A97A752CF1A}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.BestDiscountApp.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, Quarantined, [711465d5e696a78fb57b53d2dc27e41c],

Registry Values: 5
PUP.Optional.VOPackage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VOPACKAGE|UninstallString, "C:\Users\Office\AppData\Roaming\VOPackage\uninstall.exe", Quarantined, [04810535d6a6af87ca172420ac5753ad]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [d9ac2e0c8bf1a294f49aaf9ac34023dd]
PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, Quarantined, [dea7b9813a42b581e7fdec563dc6f709]
PUP.Optional.ConsumerInput.A, HKU\S-1-5-21-1703729140-4153912327-3462029305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ConsumerInput@Compete, C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi, Quarantined, [dca9be7cb3c9fa3c4fb764cf21e24db3]
PUP.Optional.RocketTab.A, HKU\S-1-5-21-1703729140-4153912327-3462029305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, Quarantined, [7d088bafdaa2f046b656d6d429db5ca4]

Registry Data: 3
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll),Replaced,[e89d34069ce0072f760efda85da43bc5]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll),Replaced,[ee9764d61f5dd56140442a7b6d947789]
PUP.Optional.Trovi.A, HKU\S-1-5-21-1703729140-4153912327-3462029305-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3328385&octid=EB_ORIGINAL_CTID&ISID=MC8026191-7CC2-41DB-A613-B7745BEB9662&SearchSource=55&CUI=&UM=6&UP=SPFFCBA6E9-2E98-4E41-8D6F-A8563B1DF1A6&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT3328385&octid=EB_ORIGINAL_CTID&ISID=MC8026191-7CC2-41DB-A613-B7745BEB9662&SearchSource=55&CUI=&UM=6&UP=SPFFCBA6E9-2E98-4E41-8D6F-A8563B1DF1A6&SSPV=),Replaced,[780d73c7c7b50432643e0930848139c7]

Folders: 52
PUP.Optional.VOPackage.A, C:\Users\Office\AppData\Roaming\VOPackage, Quarantined, [4540e2585f1df6409342d560c43fd729],
PUP.Optional.VOPackage, C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage, Quarantined, [bcc9291180fc3ff7f7ebad97fd0645bb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Delete-on-Reboot, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Delete-on-Reboot, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Delete-on-Reboot, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Delete-on-Reboot, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Delete-on-Reboot, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Delete-on-Reboot, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Delete-on-Reboot, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.Orbtr, C:\Program Files (x86)\ORBTR, Quarantined, [374e65d5fd7f5ed876376d3a51b323dd],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions, Delete-on-Reboot, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.Consumer.Input.A, C:\Users\Office\AppData\Local\Consumer Input, Quarantined, [7213fd3d9be1ff378f67f80a03006898],
PUP.Optional.Consumer.Input.A, C:\Users\Office\AppData\Local\Consumer Input\CrashReports, Quarantined, [7213fd3d9be1ff378f67f80a03006898],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input, Delete-on-Reboot, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\CrashReports, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Firefox, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring, Delete-on-Reboot, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}\0.0.0.0, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{C7B061F6-380E-4545-86E3-400E3156FD28}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{C7B061F6-380E-4545-86E3-400E3156FD28}\0.0.0.0, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Install, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Offline, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Offline\{F16E0B0C-A8CF-4848-B5C0-7C139860E9A7}, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.SearchProtect.A, C:\Users\Office\AppData\Local\SearchProtect, Delete-on-Reboot, [fe8735057dff043267729b7b8380847c],
PUP.Optional.SearchProtect.A, C:\Users\Office\AppData\Local\SearchProtect\Logs, Quarantined, [fe8735057dff043267729b7b8380847c],
PUP.Optional.SearchProtect.A, C:\Users\Office\AppData\Local\SearchProtect\SearchProtect, Delete-on-Reboot, [fe8735057dff043267729b7b8380847c],
PUP.Optional.SearchProtect.A, C:\Users\Office\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [fe8735057dff043267729b7b8380847c],
PUP.Optional.SearchProtect.A, C:\Users\Office\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [fe8735057dff043267729b7b8380847c],
PUP.Optional.SearchProtect.A, C:\Users\Office\AppData\Local\SearchProtect\UI, Quarantined, [fe8735057dff043267729b7b8380847c],
PUP.Optional.SearchProtect.A, C:\Users\Office\AppData\Local\SearchProtect\UI\rep, Quarantined, [fe8735057dff043267729b7b8380847c],
PUP.Optional.Extutil.A, C:\Users\Office\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [bcc9b8822557a49216159a7f07fccd33],
PUP.Optional.Managera.A, C:\Users\Office\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [91f4d565b6c6fc3a8ba19d7cae5554ac],
PUP.Optional.BestDiscountApp.A, C:\ProgramData\BestDiscountApp, Quarantined, [711465d5e696a78fb57b53d2dc27e41c],

Files: 169
PUP.Optional.Conduit.A, C:\Program Files (x86)\ORBTR\orbiter.dll, Delete-on-Reboot, [3253d06a90ec75c1c2b08d2e7b8648b8],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Delete-on-Reboot, [81040238621ae84ea8dc9114e71abd43],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Delete-on-Reboot, [bfc6eb4ffe7edf571b693c6913eed62a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Delete-on-Reboot, [fa8b77c33f3d0d297a0af3b2748d40c0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, Quarantined, [e89d34069ce0072f760efda85da43bc5],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Quarantined, [ee9764d61f5dd56140442a7b6d947789],
PUP.Optional.ConsumerInput.A, C:\Program Files (x86)\Consumer Input\Update\ConsumerInputUpdate.exe, Quarantined, [493c2a10daa24aec5436b1cccb361ce4],
PUP.Optional.MultiPlug, C:\ProgramData\SaverAddon\74JSouU5r0GGYK.x64.dll, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.MultiPlug, C:\ProgramData\SaverAddon\74JSouU5r0GGYK.dll, Quarantined, [473e43f72d4f50e61e55843a926f3ac6],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-bho.dll, Quarantined, [5233b58591eb63d3f8e0e1d835cdb050],
PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptProSchedule.exe, Quarantined, [0b7a1d1d6d0f2e0817ba340c08f98a76],
PUP.Optional.OptimizerPro, C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe, Quarantined, [c6bf0a3038442b0b0ac8241cc04109f7],
PUP.Optional.Conduit.A, C:\Users\Office\AppData\Local\Temp\nsd99F0.exe, Quarantined, [661f85b50775dc5af274f0ab23de03fd],
PUP.Optional.Conduit.A, C:\Users\Office\AppData\Local\Temp\nsi4779.exe, Quarantined, [335281b94b31d95d3135c4d7f40db749],
PUP.Optional.Conduit.A, C:\Users\Office\AppData\Local\Temp\nss4066.exe, Quarantined, [d0b580ba2c5094a246208f0cc041a55b],
PUP.Optional.Conduit.A, C:\Users\Office\AppData\Local\Temp\nss90DA.exe, Quarantined, [a0e5291184f84fe7b8aefd9e0df4e51b],
PUP.Optional.SearchProtect.A, C:\Users\Office\AppData\Local\Temp\6048315901, Quarantined, [bcc96ad03349c17509470991e51cd62a],
PUP.Optional.Conduit.A, C:\Users\Office\AppData\Local\Temp\2176780871, Quarantined, [6e171e1c25573600359c306ce0219f61],
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, Quarantined, [c4c1e753bdbfd363b2d2faab10f121df],
PUP.Optional.VOPackage.A, C:\Users\Office\AppData\Roaming\VOPackage\Uninstall.exe, Quarantined, [4540e2585f1df6409342d560c43fd729],
PUP.Optional.VOPackage.A, C:\Users\Office\AppData\Roaming\VOPackage\VOPackage.exe, Quarantined, [4540e2585f1df6409342d560c43fd729],
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab, Quarantined, [6c19c6747606f93dc4f306345fa405fb],
PUP.Optional.RocketTab.A, C:\Windows\System32\Tasks\RocketTab Update Task, Quarantined, [34515fdb66163501694eb5852bd815eb],
PUP.Optional.VOPackage, C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage\Configure.lnk, Quarantined, [bcc9291180fc3ff7f7ebad97fd0645bb],
PUP.Optional.Consumer.Input.A, C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineCore, Quarantined, [c7be9f9b562681b5f73e1d2d50b3b34d],
PUP.Optional.Consumer.Input.A, C:\Windows\System32\Tasks\ConsumerInputUpdateTaskMachineUA, Quarantined, [5e27b585e19b77bf1c199cae33d01ce4],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll, Delete-on-Reboot, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Icon.ico, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Quarantined, [0382fa408def7cba5b981a7260a44fb1],
PUP.Optional.Consumer.Input.A, C:\Windows\Tasks\ConsumerInputUpdateTaskMachineCore.job, Quarantined, [e4a167d381fb0531d8eda1fa5ca8b749],
PUP.Optional.Consumer.Input.A, C:\Windows\Tasks\ConsumerInputUpdateTaskMachineUA.job, Quarantined, [a9dc50ea5824a78fd2f32a71a16345bb],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, Quarantined, [dca9cf6bcdafcb6b21fe5a4d57ade020],
PUP.Optional.Orbtr, C:\Program Files (x86)\ORBTR\Orbt.ext, Quarantined, [374e65d5fd7f5ed876376d3a51b323dd],
PUP.Optional.Orbtr, C:\Program Files (x86)\ORBTR\uninstall.exe, Delete-on-Reboot, [374e65d5fd7f5ed876376d3a51b323dd],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\TrustedRoot.cer, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\certmanager.exe, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Client.exe, Delete-on-Reboot, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\config.dat, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\makecert.exe, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\uninstall.exe, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\certutil.exe, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libnspr4.dll, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libplc4.dll, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\libplds4.dll, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\nss3.dll, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\smime3.dll, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.SearchExtensions.A, C:\Program Files (x86)\Search Extensions\Resources\softokn3.dll, Quarantined, [6a1b0139cfadb48234d57832f21230d0],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\CIuninstall.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\CIuninstall.ico, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Firefox\ciff-3.2.0-12039.xpi, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Firefox\uninstall.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Firefox\uninstall.ico, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\cookie-retriever.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\cpturlpassthru.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\dca-host.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\dca.js, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\logger.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\mozjs185-1.0.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.ico, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\InternetExplorer\uninstall.log, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\cinm-host.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\cookie-retriever.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe, Delete-on-Reboot, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\manifest.json, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\uninstall.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Monitoring\uninstall.ico, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputCrashHandler.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputUpdate.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputUpdateBroker.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputUpdateHelper.msi, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\ConsumerInputUpdateOnDemand.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdate.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_de.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_en.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_es-419.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_es.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_fr.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_ja.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\goopdateres_zh-CN.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\psmachine.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\1.3.25.149\psuser.dll, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{1138A907-2253-45D6-99C1-843A0AC58730}\0.0.0.0\ciie-3.2.0-12258.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{B3F80DB8-951F-4A2A-BE2F-ED6F4FF63B98}\0.0.0.0\cimt-3.2.1-1007.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.Consumer.Input.A, C:\Program Files (x86)\Consumer Input\Update\Download\{C7B061F6-380E-4545-86E3-400E3156FD28}\0.0.0.0\ciff-3.2.0-12039.exe, Quarantined, [2a5b2e0c48348ea8b443ba48946ffb05],
PUP.Optional.SearchProtect.A, C:\Users\Office\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, Quarantined, [fe8735057dff043267729b7b8380847c],
PUP.Optional.SearchProtect.A, C:\Users\Office\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [fe8735057dff043267729b7b8380847c],
PUP.Optional.SearchProtect.A, C:\Users\Office\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [fe8735057dff043267729b7b8380847c],
PUP.Optional.SearchProtect.A, C:\Users\Office\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [fe8735057dff043267729b7b8380847c],
PUP.Optional.Extutil.A, C:\Users\Office\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [bcc9b8822557a49216159a7f07fccd33],
PUP.Optional.Extutil.A, C:\Users\Office\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [bcc9b8822557a49216159a7f07fccd33],
PUP.Optional.Extutil.A, C:\Users\Office\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [bcc9b8822557a49216159a7f07fccd33],
PUP.Optional.Managera.A, C:\Users\Office\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [91f4d565b6c6fc3a8ba19d7cae5554ac],
PUP.Optional.Managera.A, C:\Users\Office\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [91f4d565b6c6fc3a8ba19d7cae5554ac],
PUP.Optional.BestDiscountApp.A, C:\ProgramData\BestDiscountApp\BestDiscountApp.exe, Quarantined, [711465d5e696a78fb57b53d2dc27e41c],
PUP.Optional.Trovi.A, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www.trovi.com/?gd=&ctid=CT3328385&octid=EB_ORIGINAL_CTID&ISID=MC8026191-7CC2-41DB-A613-B7745BEB9662&SearchSource=55&CUI=&UM=6&UP=SPFFCBA6E9-2E98-4E41-8D6F-A8563B1DF1A6&SSPV=" ],), Replaced,[b6cf201a47351422c18fb3c77a8b8a76]
PUP.Optional.Trovi.A, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://www.trovi.com/?gd=&ctid=CT3328385&octid=EB_ORIGINAL_CTID&ISID=MC8026191-7CC2-41DB-A613-B7745BEB9662&SearchSource=55&CUI=&UM=6&UP=SPFFCBA6E9-2E98-4E41-8D6F-A8563B1DF1A6&SSPV=",), Replaced,[04817cbeb8c4f1451b36f2888a7be31d]
PUP.Optional.Trovi.A, C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (         "new_tab_url": "https://www.trovi.com/?gd=&ctid=CT3328385&octid=EB_ORIGINAL_CTID&ISID=MC8026191-7CC2-41DB-A613-B7745BEB9662&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=6&UP=SPFFCBA6E9-2E98-4E41-8D6F-A8563B1DF1A6&SAT=CNTS",), Replaced,[572ec179027a43f3fda985f60cf954ac]

Physical Sectors: 0
(No malicious items detected)

(end)

 


Edited by joe_black, 01 December 2014 - 12:52 AM.


BC AdBot (Login to Remove)

 


m

#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:02 PM

Posted 01 December 2014 - 12:23 PM

Hello joe_black,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

Farbar Recovery Scan Tool (FRST)

  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply

==========================================================================

Current Symptoms

Lastly, I know you have done so briefly already but please list all the symptoms you are currently experiencing.

==========================================================================

What I'd like to see in your next post: :thumbup2:

  • FRST.txt.
  • Addition.txt.
  • Current symptoms.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 joe_black

joe_black
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 02 December 2014 - 01:25 AM

Thanks for your help Cody! :)

 

Below you will find the logs you requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Office (administrator) on OFFICE-PC on 01-12-2014 23:05:27
Running from C:\Users\Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVAA2NRH
Loaded Profile: Office (Available profiles: Office)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MBCameraMonitor.lnk
ShortcutTarget: MBCameraMonitor.lnk -> C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x482605801F0CD001
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {77BF8E8A-75FC-4E30-A5AA-079BCC6E0655} URL = http://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {77BF8E8A-75FC-4E30-A5AA-079BCC6E0655} URL = http://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001 -> No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0BCC6235-2443-41C5-9AE2-9068E35ACFD9} https://www.officemd.net/officemd/CONTROLS/Runtime/CWA_Runtime.CAB
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {19943309-CCF5-4FAB-85AB-54D851959888} https://www.officemd.net/officemd/CONTROLS/Runtime/CWAImageMan.CAB
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://webdeposit.ensenta.com/eztwainx.cab
DPF: HKLM-x32 {B9BFB8C0-E198-4CEF-8F43-47176DC528A6} https://www.officemd.net/officemd/CONTROLS/Imaging/CWAExamImage.CAB
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nvsvc; C:\Windows\SysWOW64\nvvsvc.exe [0 2013-07-29] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-07-29] () [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2013-02-23] (Nicomsoft Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany) [File not signed]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 23:04 - 2014-12-01 23:05 - 00000000 ____D () C:\FRST
2014-11-30 22:48 - 2014-11-30 22:48 - 00055133 _____ () C:\Users\Office\Desktop\Malwarebytes Text.txt
2014-11-30 21:46 - 2014-11-30 21:46 - 00020234 _____ () C:\ComboFix.txt
2014-11-30 21:09 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-30 21:09 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-30 21:09 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-30 21:08 - 2014-11-30 21:47 - 00000000 ____D () C:\Qoobox
2014-11-30 21:07 - 2014-11-30 21:41 - 00000000 ____D () C:\Windows\erdnt
2014-11-29 13:58 - 2014-11-29 13:58 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-29 13:58 - 2014-11-29 13:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-25 16:54 - 2014-11-30 20:37 - 00000000 ____D () C:\AdwCleaner
2014-11-18 16:54 - 2014-11-10 20:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 16:54 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 16:54 - 2014-11-10 19:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 16:54 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 00:30 - 2013-09-02 00:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-11-16 17:30 - 2014-11-16 17:30 - 00013460 _____ () C:\Users\Office\Downloads\Statistics correlation due 11-16 (2).xlsx
2014-11-16 12:34 - 2014-11-16 12:34 - 00013460 _____ () C:\Users\Office\Downloads\Statistics correlation due 11-16.xlsx
2014-11-16 12:34 - 2014-11-16 12:34 - 00013460 _____ () C:\Users\Office\Downloads\Statistics correlation due 11-16 (1).xlsx
2014-11-12 11:30 - 2014-11-12 11:30 - 00180415 _____ () C:\Users\Office\Downloads\Statistics excel assigment due 10-26 (5).xlsx
2014-11-12 11:29 - 2014-11-12 11:29 - 00013623 _____ () C:\Users\Office\Downloads\mean, variance, and standard deviation (4).xlsx
2014-11-12 06:59 - 2014-11-12 06:59 - 00007607 _____ () C:\Users\Office\AppData\Local\Resmon.ResmonCfg
2014-11-11 23:00 - 2014-11-20 13:36 - 00000004 _____ () C:\Users\Office\AppData\Roaming\appdataFr2.bin
2014-11-11 22:51 - 2014-12-01 22:51 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 22:51 - 2014-11-25 12:07 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 22:51 - 2014-11-25 12:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 22:51 - 2014-11-25 12:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 22:13 - 2014-11-11 22:13 - 00000000 __SHD () C:\Users\Office\AppData\Local\EmieBrowserModeList
2014-11-11 21:05 - 2014-11-07 12:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 21:05 - 2014-11-05 21:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 21:05 - 2014-11-05 20:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 21:05 - 2014-11-05 20:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 21:05 - 2014-11-05 20:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 21:05 - 2014-11-05 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 21:05 - 2014-11-05 20:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 21:05 - 2014-11-05 20:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 21:05 - 2014-11-05 20:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 21:05 - 2014-11-05 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 21:05 - 2014-11-05 19:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 21:05 - 2014-11-05 19:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 21:05 - 2014-11-05 19:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 21:05 - 2014-11-05 19:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 21:05 - 2014-11-05 19:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 21:05 - 2014-11-05 18:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 21:05 - 2014-11-05 10:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 21:05 - 2014-11-05 10:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 21:05 - 2014-11-05 10:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 21:05 - 2014-10-13 19:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 21:05 - 2014-10-13 19:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 21:05 - 2014-10-13 19:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 21:05 - 2014-10-13 19:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 21:05 - 2014-10-13 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 21:05 - 2014-10-13 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 21:05 - 2014-10-13 18:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 21:05 - 2014-10-13 18:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 21:05 - 2014-10-13 18:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 21:04 - 2014-11-07 12:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 21:04 - 2014-11-05 21:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 21:04 - 2014-11-05 21:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 21:04 - 2014-11-05 20:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 21:04 - 2014-11-05 20:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 21:04 - 2014-11-05 20:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 21:04 - 2014-11-05 20:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 21:04 - 2014-11-05 20:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 21:04 - 2014-11-05 20:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 21:04 - 2014-11-05 20:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 21:04 - 2014-11-05 20:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 21:04 - 2014-11-05 20:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 21:04 - 2014-11-05 20:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 21:04 - 2014-11-05 20:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 21:04 - 2014-11-05 20:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 21:04 - 2014-11-05 20:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 21:04 - 2014-11-05 20:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 21:04 - 2014-11-05 20:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 21:04 - 2014-11-05 20:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 21:04 - 2014-11-05 20:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 21:04 - 2014-11-05 20:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 21:04 - 2014-11-05 20:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 21:04 - 2014-11-05 19:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 21:04 - 2014-11-05 19:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 21:04 - 2014-11-05 19:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 21:04 - 2014-11-05 19:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 21:04 - 2014-11-05 19:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 21:04 - 2014-11-05 19:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 21:04 - 2014-11-05 19:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 21:04 - 2014-11-05 19:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 21:04 - 2014-11-05 19:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 21:04 - 2014-11-05 19:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 21:04 - 2014-11-05 19:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 21:04 - 2014-11-05 19:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 21:04 - 2014-11-05 19:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 21:04 - 2014-11-05 19:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 21:04 - 2014-11-05 19:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 21:04 - 2014-11-05 18:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 21:04 - 2014-11-05 18:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 21:04 - 2014-11-05 18:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 21:03 - 2014-10-02 19:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 21:03 - 2014-10-02 19:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 21:03 - 2014-10-02 19:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 21:03 - 2014-10-02 19:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 21:03 - 2014-10-02 19:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 21:03 - 2014-10-02 18:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 21:03 - 2014-10-02 18:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 21:03 - 2014-10-02 18:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 21:03 - 2014-09-19 02:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 21:03 - 2014-09-19 02:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 21:03 - 2014-09-19 02:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 21:03 - 2014-08-20 23:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 21:03 - 2014-08-20 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 21:03 - 2014-08-20 23:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 21:03 - 2014-08-20 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 21:03 - 2014-08-11 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 21:03 - 2014-08-11 18:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 21:02 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 21:02 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 21:02 - 2014-10-17 19:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 21:02 - 2014-10-17 18:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 21:02 - 2014-10-13 19:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 21:02 - 2014-10-13 18:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 21:02 - 2014-10-09 17:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 21:02 - 2014-09-19 02:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 21:02 - 2014-09-19 02:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 21:02 - 2014-09-19 02:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 21:02 - 2014-09-19 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-09 17:59 - 2014-11-09 17:59 - 00013150 _____ () C:\Users\Office\Downloads\HLT362.M5.CorrelationRegressionChiSquare_Student_12-2-13.xlsx
2014-11-09 13:14 - 2014-11-09 13:14 - 00219211 _____ () C:\Users\Office\Downloads\Statistics ANOVA excel (2).xlsx
2014-11-09 13:14 - 2014-11-09 13:14 - 00219211 _____ () C:\Users\Office\Downloads\Statistics ANOVA excel (1).xlsx
2014-11-09 13:13 - 2014-11-09 13:13 - 00219211 _____ () C:\Users\Office\Downloads\Statistics ANOVA excel.xlsx
2014-11-09 12:59 - 2014-11-09 12:59 - 00219225 _____ () C:\Users\Office\Downloads\HLT362.M4.ANOVA_Student_12-2-13 (3).xlsx
2014-11-08 19:29 - 2014-11-08 19:29 - 00219225 _____ () C:\Users\Office\Downloads\HLT362.M4.ANOVA_Student_12-2-13 (2).xlsx
2014-11-08 19:28 - 2014-11-08 19:28 - 00252416 _____ () C:\Users\Office\Downloads\ANOVA EXCEL WORKSHEET.xls
2014-11-06 20:19 - 2014-11-06 20:19 - 00219225 _____ () C:\Users\Office\Downloads\HLT362.M4.ANOVA_Student_12-2-13 (1).xlsx
2014-11-03 10:13 - 2014-11-03 10:13 - 00219225 _____ () C:\Users\Office\Downloads\HLT362.M4.ANOVA_Student_12-2-13.xlsx
2014-11-02 21:40 - 2014-11-02 21:40 - 00017807 _____ () C:\Users\Office\Downloads\Statistics excel assignment due 11-2 (1) (3).xlsx
2014-11-02 21:39 - 2014-11-02 21:39 - 00017807 _____ () C:\Users\Office\Downloads\Statistics excel assignment due 11-2 (1) (2).xlsx
2014-11-02 21:38 - 2014-11-02 21:38 - 00017807 _____ () C:\Users\Office\Downloads\Statistics excel assignment due 11-2 (1) (1).xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-01 23:03 - 2011-03-18 22:33 - 01314126 _____ () C:\Windows\WindowsUpdate.log
2014-12-01 22:51 - 2012-04-10 22:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-01 22:51 - 2012-04-10 22:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 22:47 - 2014-07-05 15:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 21:47 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-11-30 21:31 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-30 21:19 - 2012-07-15 13:47 - 00000000 ____D () C:\Program Files (x86)\intellidownload
2014-11-30 21:19 - 2011-01-16 18:57 - 00000000 ____D () C:\Users\Office
2014-11-30 20:46 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 20:46 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 20:38 - 2013-04-02 23:26 - 01258540 _____ () C:\Windows\PFRO.log
2014-11-30 20:38 - 2013-03-11 20:42 - 00031660 _____ () C:\Windows\setupact.log
2014-11-30 20:38 - 2011-05-07 14:54 - 00000000 ____D () C:\Temp
2014-11-30 20:38 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 20:24 - 2011-01-16 19:06 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-11-29 12:27 - 2014-07-21 21:02 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOffice
2014-11-29 12:27 - 2014-07-21 21:02 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForOffice.job
2014-11-26 19:18 - 2009-07-13 22:13 - 00875966 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 15:50 - 2012-04-10 22:05 - 00000000 ____D () C:\Users\Office\AppData\Local\Google
2014-11-25 12:23 - 2011-10-31 12:06 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-25 12:23 - 2011-01-17 08:42 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-19 07:09 - 2011-03-26 18:31 - 00000000 ____D () C:\Users\Office\AppData\Local\CrashDumps
2014-11-18 08:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-18 07:56 - 2013-07-13 22:48 - 16069061 _____ () C:\Users\Office\AppData\Local\census.cache
2014-11-18 07:55 - 2013-07-13 22:44 - 00116506 _____ () C:\Users\Office\AppData\Local\ars.cache
2014-11-17 08:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-16 17:26 - 2013-08-04 11:05 - 00000000 ____D () C:\Users\Office\Downloads\Lauren's School (GCU)
2014-11-16 10:38 - 2013-04-07 09:03 - 00000000 ____D () C:\Windows\Minidump
2014-11-12 15:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-11-11 22:58 - 2009-08-21 10:31 - 00000000 ____D () C:\ProgramData\Norton
2014-11-11 22:52 - 2011-12-30 10:37 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-11-11 22:51 - 2014-08-22 16:36 - 00000000 ____D () C:\Users\Office\AppData\Local\Adobe
2014-11-11 22:10 - 2013-03-11 20:42 - 00496664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 22:08 - 2014-04-28 13:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-11 22:02 - 2011-05-07 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2014-11-11 21:58 - 2011-06-26 13:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 21:54 - 2013-08-12 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 21:49 - 2011-01-17 03:07 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 15:06 - 2014-07-05 15:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-11 14:42 - 2014-07-05 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-11 14:42 - 2013-06-26 17:30 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-02 21:37 - 2014-10-30 20:38 - 00017807 _____ () C:\Users\Office\Downloads\Statistics excel assignment due 11-2 (1).xlsx

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-25 17:19

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
Ran by Office at 2014-12-01 23:06:45
Running from C:\Users\Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVAA2NRH
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{49977584-B20E-46AB-818F-845815378904}) (Version: 7.3.117.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX520 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX520_series) (Version: 1.00 - Canon Inc.)
Canon MX520 series On-screen Manual (HKLM-x32\...\Canon MX520 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX520 series User Registration (HKLM-x32\...\Canon MX520 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.1.0 - Canon Inc.)
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.3.0 - Canon Inc.)
Citrix online plug-in (Web) (HKLM-x32\...\{B124E6D3-91B4-4E3C-AD03-BA959B223537}) (Version: 12.0.3.6 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Elsevier Pageburst (HKLM-x32\...\{769721AA-95B8-4FA7-9E11-53EC9EAF8B9E}) (Version: 6.01.0018 - Ingram Content Group)
Everio MediaBrowser (HKLM-x32\...\{5CA03ECF-B4A6-464B-9F5D-64D8B61B083F}) (Version: 1.00.013 - PIXELA)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5205.31 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Homepage Protection (HKLM-x32\...\Homepage Protection) (Version:  - AOL Products)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.8946.3086 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.0.71 - WildTangent)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Remote Solution (HKLM-x32\...\HP Remote Solution) (Version: 1.1.9.0 - TopSeed)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1901 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1901 - CyberLink Corp.) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 6.0.19.19317 - LeapFrog)
LeapFrog Connect (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 6.0.19.19317 - LeapFrog) Hidden
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MotoHelper 2.1.32 Driver 5.4.0 (HKLM-x32\...\MotoHelper) (Version: 2.1.32 - Motorola)
MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.4.0 (Version: 5.4.0 - Motorola Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyScribe (HKLM-x32\...\MyScribe) (Version: 20101118 - Fourteen40 Inc., a Follett Corporation Company.)
NETGEAR Live Parental Controls Management Utility 2.1.5 (HKLM-x32\...\NETGEAR Live Parental Controls Management Utility) (Version: 2.1.5 - )
NETGEAR Powerline Utility (HKLM-x32\...\InstallShield_{2753B568-6F85-4E31-A114-A7F8D8606DDD}) (Version: 3.1.0.4 - NETGEAR Powerline)
NETGEAR Powerline Utility (x32 Version: 3.1.0.4 - NETGEAR Powerline) Hidden
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9739 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.58.36 - NVIDIA Corporation)
PictureMover (HKLM-x32\...\{1896E712-2B3D-45eb-BCE9-542742A51032}) (Version: 3.3.1.19 - Hewlett-Packard Company)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Shutterfly Express Uploader (HKLM-x32\...\com.Shutterfly.ExpressUploader) (Version: 1.1.0.0 - Shutterfly, Inc.)
Shutterfly Express Uploader (x32 Version: 1.1.0 - Shutterfly, Inc.) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Office\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Office\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Office\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

19-11-2014 05:51:38 Windows Update
22-11-2014 17:12:58 Windows Update
25-11-2014 19:18:33 Windows Update
29-11-2014 00:04:07 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-11-30 21:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0FAF1EBC-3284-4B09-A32C-F96F3FE92B70} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {153B16C2-CC90-4816-B5AD-21EBDD3F1CAA} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {52DD94B7-C5A8-4FBE-BCCE-0523885E1EF2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10] (Google Inc.)
Task: {600A6691-C3F3-4C69-B6F6-9C5A4F8292DD} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-07-02] (PC-Doctor, Inc.)
Task: {9F0EE43E-E0FE-4A64-9C0B-745F4064F6D4} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {AA50CE02-7804-42FD-A3BA-2AE68529BF9F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {ACFEB45C-1C41-4A91-B5F6-F96791587B90} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06] ()
Task: {B35D6401-AB27-4ED2-AAF9-C42D85211D38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B387B3E6-5792-4400-A3C0-B53C7CA8FD61} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10] (Google Inc.)
Task: {D7A51AF3-B500-49FF-82BF-67C99E7EDC75} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D947B07D-35F5-4001-97BB-FDF1A373309A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {EE4F2B3A-D6D2-4546-A079-C2B5AE533022} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {F1E748EF-D4E5-473F-86F5-44E8521E2826} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FC9AA024-6B71-423B-BD59-53AB38F818E3} - System32\Tasks\HPCeeScheduleForOffice => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForOffice.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2013-06-15 19:41 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2011-12-06 14:00 - 2011-12-06 14:00 - 00214896 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
2011-12-06 14:00 - 2011-12-06 14:00 - 00784240 _____ () C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-02-01 13:30 - 2014-02-01 13:30 - 00861184 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:EA029835

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1703729140-4153912327-3462029305-500 - Administrator - Disabled)
Guest (S-1-5-21-1703729140-4153912327-3462029305-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1703729140-4153912327-3462029305-1002 - Limited - Enabled)
Office (S-1-5-21-1703729140-4153912327-3462029305-1001 - Administrator - Enabled) => C:\Users\Office

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2014 08:25:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e2c

Start Time: 01d0091495b8ab80

Termination Time: 62

Application Path: C:\Windows\Explorer.EXE

Report Id: b894e9d9-7909-11e4-9b9d-90e6ba31d098

Error: (11/22/2014 02:17:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9500

Error: (11/22/2014 02:17:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9500

Error: (11/22/2014 02:17:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/22/2014 01:54:02 PM) (Source: Microsoft Office 12) (EventID: 2001) (User: )
Description: Rejected Safe Mode action : Microsoft Office Outlook.

Error: (11/20/2014 09:37:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hpsa_service.exe, version: 7.2.45.3, time stamp: 0x5277e819
Faulting module name: mscorwks.dll, version: 2.0.50727.5485, time stamp: 0x53a11d6c
Exception code: 0xc0000005
Fault offset: 0x000000000019597f
Faulting process id: 0x%9
Faulting application start time: 0xhpsa_service.exe0
Faulting application path: hpsa_service.exe1
Faulting module path: hpsa_service.exe2
Report Id: hpsa_service.exe3

Error: (11/20/2014 09:37:34 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: .NET Runtime version 2.0.50727.5485 - Fatal Execution Engine Error (000007FEF0C7600A) (80131506)

Error: (11/20/2014 08:30:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22726117

Error: (11/20/2014 08:30:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22726117

Error: (11/20/2014 08:30:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (11/30/2014 10:55:15 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (11/30/2014 09:31:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/30/2014 09:18:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (11/30/2014 09:15:14 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/30/2014 08:26:45 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Time service terminated with the following error:
%%1115

Error: (11/25/2014 05:23:44 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (11/20/2014 11:42:45 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (11/20/2014 09:37:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/20/2014 09:21:26 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (11/20/2014 10:42:33 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-30 21:18:53.428
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-30 21:18:52.617
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-02-19 18:21:02.138
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\dsiarhwprog_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-02-19 18:21:02.079
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\dsiarhwprog_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-02-19 18:18:32.023
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\dsiarhwprog_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-02-19 18:18:31.923
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\dsiarhwprog_x64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 215 Processor
Percentage of memory in use: 61%
Total physical RAM: 2942.49 MB
Available physical RAM: 1129.55 MB
Total Pagefile: 5883.16 MB
Available Pagefile: 3435.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (COMPAQ) (Fixed) (Total:454.76 GB) (Free:341.11 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.9 GB) (Free:2.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

The problems I am currently having are  popups while using Google Chrome (which I have removed) stating that my cpu was under attack and that we needed to contact an 855 number for help. I even received a message spoofing my ISP requesting me to call in to a 888 number and clean my computer. I also found shortcuts for office, my computer and my documents on the desktop in which I never made nor have ever had. Basically every time we opened up chrome it would launch a new browser and every add or link was hijacked wit this garbage. Then every so often I would get a malware warning from MB and or windows defender.

 

I am wondering if it just makes sense to back up just the files I want and to reformat? I am tired of feeling uneasy and having to limit all activity on this computer.


Edited by joe_black, 02 December 2014 - 01:28 AM.


#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:02 PM

Posted 02 December 2014 - 01:03 PM

Hello joe_black,

Thanks for your help Cody!   :)

You're welcome.  :)

The problems I am currently having are  popups while using Google Chrome (which I have removed) stating that my cpu was under attack and that we needed to contact an 855 number for help. I even received a message spoofing my ISP requesting me to call in to a 888 number and clean my computer.

Now that you have uninstalled Google Chrome, do these pop-ups still occur?
 
If so, what browser? And do they appear when you access any particular sites?

I am wondering if it just makes sense to back up just the files I want and to reformat? I am tired of feeling uneasy and having to limit all activity on this computer.

This is an option if you would like to do so, but this does not seem to be an infection that requires that. I can help clean your computer if you still want to pursue that route, just let me know what you would like to do.
 
Assuming you want to continue with the cleaning process, please do the following in order.
 
=====================================================

 

Move FRST to Desktop

 

Your logs show you are currently running FRST from: C:\Users\Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DVAA2NRH

 

In order for the following directions to work, you need to move FRST to your Desktop (C:\Users\Office\Desktop).

 

=====================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
    HKLM-x32\...\Run: [] => [X]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    CustomCLSID: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Office\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Office\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Office\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    AlternateDataStreams: C:\ProgramData\Temp:EA029835
    HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
    HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
    HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

=====================================================

ESET Online Scanner

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif 

=====================================================

Fresh FRST Scan

  • Launch FRST again and click the Scan button.
  • FRST.txt will be generated - include the contents of this file in your next post.

=====================================================

Changes in Symptoms?

How are things running now? Any changes?

=====================================================

What I'd like to see in your next post:   :thumbsup2:

  • Fixlist.txt
  • ESET log
  • FRST.txt
  • How are things running now?

Edited by TheShooter93, 02 December 2014 - 01:04 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 joe_black

joe_black
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 05 December 2014 - 01:08 AM

Cody,

 

Sorry for the delay. Below you will find all the files in the requested order. ESET did find 2 infected files. I am not having issues with "pop-ups" Chrome any longer, because I removed it. I went back to IE and I am not experiencing any issues with IE. I am not sure why I still have hits on Java, I thought I got it all removed months ago.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-12-2014
Ran by Office at 2014-12-02 22:01:31 Run:1
Running from C:\Users\Office\Desktop
Loaded Profile: Office (Available profiles: Office)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CustomCLSID: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Office\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Office\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Office\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
AlternateDataStreams: C:\ProgramData\Temp:EA029835
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1703729140-4153912327-3462029305-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1703729140-4153912327-3462029305-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => Key deleted successfully.
"HKU\S-1-5-21-1703729140-4153912327-3462029305-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\ProgramData\Temp => ":EA029835" ADS removed successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\exefile" => Key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\exefile" => Key not found.

==== End of Fixlog ====

 

ESET Log

 

C:\Users\Office\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2712eb19-61a1f9ec multiple threats
C:\Users\Office\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\2ff9072a-3f604048 multiple threats

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Office (administrator) on OFFICE-PC on 04-12-2014 22:59:13
Running from C:\Users\Office\Desktop
Loaded Profile: Office (Available profiles: Office)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\dinotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MBCameraMonitor.lnk
ShortcutTarget: MBCameraMonitor.lnk -> C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x482605801F0CD001
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {77BF8E8A-75FC-4E30-A5AA-079BCC6E0655} URL = http://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {77BF8E8A-75FC-4E30-A5AA-079BCC6E0655} URL = http://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001 -> No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0BCC6235-2443-41C5-9AE2-9068E35ACFD9} https://www.officemd.net/officemd/CONTROLS/Runtime/CWA_Runtime.CAB
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {19943309-CCF5-4FAB-85AB-54D851959888} https://www.officemd.net/officemd/CONTROLS/Runtime/CWAImageMan.CAB
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://webdeposit.ensenta.com/eztwainx.cab
DPF: HKLM-x32 {B9BFB8C0-E198-4CEF-8F43-47176DC528A6} https://www.officemd.net/officemd/CONTROLS/Imaging/CWAExamImage.CAB
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 nvsvc; C:\Windows\SysWOW64\nvvsvc.exe [0 2013-07-29] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-07-29] () [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2013-02-23] (Nicomsoft Ltd.)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany) [File not signed]
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 22:59 - 2014-12-04 22:59 - 00022192 _____ () C:\Users\Office\Desktop\FRST.txt
2014-12-04 22:59 - 2014-12-04 22:59 - 00000000 ____D () C:\Users\Office\Desktop\FRST-OlderVersion
2014-12-04 22:52 - 2014-12-04 22:52 - 00000204 _____ () C:\Users\Office\Desktop\virus.txt
2014-12-02 22:05 - 2014-12-02 22:05 - 02347384 _____ (ESET) C:\Users\Office\Desktop\esetsmartinstaller_enu.exe
2014-12-02 22:05 - 2014-12-02 22:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-12-02 21:46 - 2014-12-04 22:59 - 02117632 _____ (Farbar) C:\Users\Office\Desktop\FRST64.exe
2014-12-01 23:04 - 2014-12-04 22:59 - 00000000 ____D () C:\FRST
2014-11-30 22:48 - 2014-11-30 22:48 - 00055133 _____ () C:\Users\Office\Desktop\Malwarebytes Text.txt
2014-11-30 21:46 - 2014-11-30 21:46 - 00020234 _____ () C:\ComboFix.txt
2014-11-30 21:09 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-30 21:09 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-30 21:09 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-30 21:08 - 2014-11-30 21:47 - 00000000 ____D () C:\Qoobox
2014-11-30 21:07 - 2014-11-30 21:41 - 00000000 ____D () C:\Windows\erdnt
2014-11-29 13:58 - 2014-11-29 13:58 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-29 13:58 - 2014-11-29 13:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-25 16:54 - 2014-11-30 20:37 - 00000000 ____D () C:\AdwCleaner
2014-11-18 16:54 - 2014-11-10 20:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 16:54 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 16:54 - 2014-11-10 19:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 16:54 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 00:30 - 2013-09-02 00:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-11-16 17:30 - 2014-11-16 17:30 - 00013460 _____ () C:\Users\Office\Downloads\Statistics correlation due 11-16 (2).xlsx
2014-11-16 12:34 - 2014-11-16 12:34 - 00013460 _____ () C:\Users\Office\Downloads\Statistics correlation due 11-16.xlsx
2014-11-16 12:34 - 2014-11-16 12:34 - 00013460 _____ () C:\Users\Office\Downloads\Statistics correlation due 11-16 (1).xlsx
2014-11-12 11:30 - 2014-11-12 11:30 - 00180415 _____ () C:\Users\Office\Downloads\Statistics excel assigment due 10-26 (5).xlsx
2014-11-12 11:29 - 2014-11-12 11:29 - 00013623 _____ () C:\Users\Office\Downloads\mean, variance, and standard deviation (4).xlsx
2014-11-12 06:59 - 2014-11-12 06:59 - 00007607 _____ () C:\Users\Office\AppData\Local\Resmon.ResmonCfg
2014-11-11 23:00 - 2014-11-20 13:36 - 00000004 _____ () C:\Users\Office\AppData\Roaming\appdataFr2.bin
2014-11-11 22:13 - 2014-11-11 22:13 - 00000000 __SHD () C:\Users\Office\AppData\Local\EmieBrowserModeList
2014-11-11 21:05 - 2014-11-07 12:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 21:05 - 2014-11-05 21:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 21:05 - 2014-11-05 20:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 21:05 - 2014-11-05 20:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 21:05 - 2014-11-05 20:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 21:05 - 2014-11-05 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 21:05 - 2014-11-05 20:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 21:05 - 2014-11-05 20:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 21:05 - 2014-11-05 20:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 21:05 - 2014-11-05 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 21:05 - 2014-11-05 19:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 21:05 - 2014-11-05 19:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 21:05 - 2014-11-05 19:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 21:05 - 2014-11-05 19:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 21:05 - 2014-11-05 19:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 21:05 - 2014-11-05 18:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 21:05 - 2014-11-05 10:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 21:05 - 2014-11-05 10:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 21:05 - 2014-11-05 10:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 21:05 - 2014-10-13 19:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 21:05 - 2014-10-13 19:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 21:05 - 2014-10-13 19:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 21:05 - 2014-10-13 19:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 21:05 - 2014-10-13 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 21:05 - 2014-10-13 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 21:05 - 2014-10-13 18:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 21:05 - 2014-10-13 18:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 21:05 - 2014-10-13 18:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 21:04 - 2014-11-07 12:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 21:04 - 2014-11-05 21:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 21:04 - 2014-11-05 21:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 21:04 - 2014-11-05 20:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 21:04 - 2014-11-05 20:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 21:04 - 2014-11-05 20:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 21:04 - 2014-11-05 20:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 21:04 - 2014-11-05 20:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 21:04 - 2014-11-05 20:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 21:04 - 2014-11-05 20:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 21:04 - 2014-11-05 20:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 21:04 - 2014-11-05 20:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 21:04 - 2014-11-05 20:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 21:04 - 2014-11-05 20:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 21:04 - 2014-11-05 20:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 21:04 - 2014-11-05 20:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 21:04 - 2014-11-05 20:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 21:04 - 2014-11-05 20:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 21:04 - 2014-11-05 20:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 21:04 - 2014-11-05 20:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 21:04 - 2014-11-05 20:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 21:04 - 2014-11-05 20:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 21:04 - 2014-11-05 19:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 21:04 - 2014-11-05 19:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 21:04 - 2014-11-05 19:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 21:04 - 2014-11-05 19:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 21:04 - 2014-11-05 19:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 21:04 - 2014-11-05 19:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 21:04 - 2014-11-05 19:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 21:04 - 2014-11-05 19:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 21:04 - 2014-11-05 19:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 21:04 - 2014-11-05 19:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 21:04 - 2014-11-05 19:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 21:04 - 2014-11-05 19:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 21:04 - 2014-11-05 19:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 21:04 - 2014-11-05 19:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 21:04 - 2014-11-05 19:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 21:04 - 2014-11-05 18:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 21:04 - 2014-11-05 18:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 21:04 - 2014-11-05 18:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 21:03 - 2014-10-02 19:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 21:03 - 2014-10-02 19:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 21:03 - 2014-10-02 19:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 21:03 - 2014-10-02 19:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 21:03 - 2014-10-02 19:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 21:03 - 2014-10-02 18:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 21:03 - 2014-10-02 18:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 21:03 - 2014-10-02 18:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 21:03 - 2014-09-19 02:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 21:03 - 2014-09-19 02:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 21:03 - 2014-09-19 02:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 21:03 - 2014-08-20 23:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 21:03 - 2014-08-20 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 21:03 - 2014-08-20 23:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 21:03 - 2014-08-20 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 21:03 - 2014-08-11 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 21:03 - 2014-08-11 18:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 21:02 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 21:02 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 21:02 - 2014-10-17 19:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 21:02 - 2014-10-17 18:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 21:02 - 2014-10-13 19:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 21:02 - 2014-10-13 18:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 21:02 - 2014-10-09 17:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 21:02 - 2014-09-19 02:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 21:02 - 2014-09-19 02:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 21:02 - 2014-09-19 02:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 21:02 - 2014-09-19 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-09 17:59 - 2014-11-09 17:59 - 00013150 _____ () C:\Users\Office\Downloads\HLT362.M5.CorrelationRegressionChiSquare_Student_12-2-13.xlsx
2014-11-09 13:14 - 2014-11-09 13:14 - 00219211 _____ () C:\Users\Office\Downloads\Statistics ANOVA excel (2).xlsx
2014-11-09 13:14 - 2014-11-09 13:14 - 00219211 _____ () C:\Users\Office\Downloads\Statistics ANOVA excel (1).xlsx
2014-11-09 13:13 - 2014-11-09 13:13 - 00219211 _____ () C:\Users\Office\Downloads\Statistics ANOVA excel.xlsx
2014-11-09 12:59 - 2014-11-09 12:59 - 00219225 _____ () C:\Users\Office\Downloads\HLT362.M4.ANOVA_Student_12-2-13 (3).xlsx
2014-11-08 19:29 - 2014-11-08 19:29 - 00219225 _____ () C:\Users\Office\Downloads\HLT362.M4.ANOVA_Student_12-2-13 (2).xlsx
2014-11-08 19:28 - 2014-11-08 19:28 - 00252416 _____ () C:\Users\Office\Downloads\ANOVA EXCEL WORKSHEET.xls
2014-11-06 20:19 - 2014-11-06 20:19 - 00219225 _____ () C:\Users\Office\Downloads\HLT362.M4.ANOVA_Student_12-2-13 (1).xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-04 22:18 - 2012-04-10 22:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-04 21:32 - 2011-03-18 22:33 - 01436355 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 19:29 - 2012-04-10 22:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-03 15:13 - 2012-04-10 22:05 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-03 15:13 - 2012-04-10 22:05 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-03 15:11 - 2014-07-21 21:02 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOffice
2014-12-03 15:11 - 2014-07-21 21:02 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForOffice.job
2014-12-02 22:00 - 2012-04-21 12:26 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-02 21:58 - 2011-01-16 19:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-02 07:51 - 2013-07-06 23:15 - 00000000 ____D () C:\Users\Office\Desktop\mbar
2014-12-02 07:51 - 2013-07-06 23:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-01 23:35 - 2014-07-05 15:12 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 23:35 - 2014-07-05 15:10 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-01 23:07 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-01 23:07 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 21:47 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-11-30 21:31 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-30 21:19 - 2012-07-15 13:47 - 00000000 ____D () C:\Program Files (x86)\intellidownload
2014-11-30 21:19 - 2011-01-16 18:57 - 00000000 ____D () C:\Users\Office
2014-11-30 20:38 - 2013-04-02 23:26 - 01258540 _____ () C:\Windows\PFRO.log
2014-11-30 20:38 - 2013-03-11 20:42 - 00031660 _____ () C:\Windows\setupact.log
2014-11-30 20:38 - 2011-05-07 14:54 - 00000000 ____D () C:\Temp
2014-11-30 20:38 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 20:24 - 2011-01-16 19:06 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-11-26 19:18 - 2009-07-13 22:13 - 00875966 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 15:50 - 2012-04-10 22:05 - 00000000 ____D () C:\Users\Office\AppData\Local\Google
2014-11-25 12:23 - 2011-10-31 12:06 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-25 12:23 - 2011-01-17 08:42 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-24 14:04 - 2011-03-18 09:23 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-19 07:09 - 2011-03-26 18:31 - 00000000 ____D () C:\Users\Office\AppData\Local\CrashDumps
2014-11-18 08:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-18 07:56 - 2013-07-13 22:48 - 16069061 _____ () C:\Users\Office\AppData\Local\census.cache
2014-11-18 07:55 - 2013-07-13 22:44 - 00116506 _____ () C:\Users\Office\AppData\Local\ars.cache
2014-11-17 08:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-16 17:26 - 2013-08-04 11:05 - 00000000 ____D () C:\Users\Office\Downloads\Lauren's School (GCU)
2014-11-16 10:38 - 2013-04-07 09:03 - 00000000 ____D () C:\Windows\Minidump
2014-11-12 15:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-11-11 22:58 - 2009-08-21 10:31 - 00000000 ____D () C:\ProgramData\Norton
2014-11-11 22:51 - 2014-08-22 16:36 - 00000000 ____D () C:\Users\Office\AppData\Local\Adobe
2014-11-11 22:10 - 2013-03-11 20:42 - 00496664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 22:08 - 2014-04-28 13:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-11 22:02 - 2011-05-07 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2014-11-11 21:58 - 2011-06-26 13:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 21:54 - 2013-08-12 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 21:49 - 2011-01-17 03:07 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 15:06 - 2014-07-05 15:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-11 14:42 - 2014-07-05 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-11 14:42 - 2013-06-26 17:30 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-25 17:19

==================== End Of Log ============================

 



#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:02 PM

Posted 05 December 2014 - 11:21 AM

Hi joe_black.
 
No problem about the delay.  :)
 
Please do the following.
 
==============================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
    Toolbar: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001 -> No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No File
    EmptyTemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

==============================================

ComboFix Log

I'd like to take a look at the full log ComboFix produced when you originally ran it.

Navigate to C:\ and locate the file ComboFix.txt.

Include the contents of this file in your next post.

==============================================

Fresh FRST Log

  • Launch FRST again and click the Scan button.
  • FRST.txt will be generated - include the contents of this file in your next post.

==============================================

I am not having issues with "pop-ups" Chrome any longer, because I removed it.

Try re-installing Google Chrome (assuming you still want to use it as your web browser) and use it to browse the web.

How are things with Google Chrome now?

==============================================

Changes in Symptoms?

How are things running now? Any remaining problems?

==============================================

What I'd like to see in your next post:   :thumbsup2:

  • Fixlist.txt
  • ComboFix.txt
  • Fresh FRST log
  • How is Google Chrome after re-installing?
  • How is your computer running in general?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 joe_black

joe_black
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 05 December 2014 - 12:25 PM

Cody,

 

 

I will reinstall Chrome and see how it behaves over the next couple of days. My overall computer performance seems ok, after running all of these scans and after running the fixes with FRST. I honestly haven't seen anything weird. I will cross my fingers and hope Chrome behaves the same way.

 

Attached you will find the data requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by Office at 2014-12-05 09:49:14 Run:2
Running from C:\Users\Office\Desktop
Loaded Profile: Office (Available profiles: Office)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Toolbar: HKU\S-1-5-21-1703729140-4153912327-3462029305-1001 -> No Name - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No File
EmptyTemp:
*****************

HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F897EB0E-A3A4-46C3-80EB-2729699D8892} => value deleted successfully.
"HKCR\CLSID\{F897EB0E-A3A4-46C3-80EB-2729699D8892}" => Key not found.
EmptyTemp: => Removed 395 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

Original ComboFix

 

ComboFix 14-11-25.01 - Office 11/30/2014  21:11:48.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2942.1643 [GMT -7:00]
Running from: c:\users\Office\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GK2NYUFU\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\intellidownload\gunzip.exe
c:\programdata\ntuser.pol
c:\users\Office\AppData\Local\assembly\tmp
c:\users\Office\g2mdlhlpx.exe
c:\windows\security\Database\tmp.edb
.
c:\windows\SysWow64\wuauclt.exe . . . is infected!!
.
.
(((((((((((((((((((((((((   Files Created from 2014-11-01 to 2014-12-01  )))))))))))))))))))))))))))))))
.
.
2014-12-01 04:30 . 2014-12-01 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-12-01 00:03 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F810FE73-E7A3-4927-9F50-9B351C06B84E}\mpengine.dll
2014-11-30 08:40 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-29 20:58 . 2014-11-29 20:58 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-29 20:58 . 2014-11-29 20:58 -------- d-----w- c:\programdata\RogueKiller
2014-11-25 23:54 . 2014-12-01 03:37 -------- d-----w- C:\AdwCleaner
2014-11-21 04:43 . 2014-09-27 23:09 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6A73A9A0-973E-499C-9017-6630B36CE2BA}\gapaengine.dll
2014-11-18 23:54 . 2014-11-11 03:08 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-18 23:54 . 2014-11-11 03:08 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-18 23:54 . 2014-11-11 02:44 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-18 23:54 . 2014-11-11 02:44 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-18 07:30 . 2013-09-02 07:58 175528 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2014-11-12 06:00 . 2014-11-20 20:36 4 ----a-w- c:\users\Office\AppData\Roaming\appdataFr2.bin
2014-11-12 05:51 . 2014-11-25 19:06 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-12 05:51 . 2014-11-25 19:06 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-12 05:13 . 2014-11-12 05:13 -------- d-sh--w- c:\users\Office\AppData\Local\EmieBrowserModeList
2014-11-12 04:04 . 2014-11-07 19:49 388272 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-12 04:03 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2014-11-12 04:02 . 2014-09-19 09:23 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-29 20:10 . 2014-07-05 22:12 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-12 05:06 . 2011-05-08 02:28 2480064 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2014-11-12 04:49 . 2011-01-17 10:07 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-10-30 11:25 . 2011-03-18 16:23 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-02 21:23 . 2014-10-02 21:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 21:23 . 2014-10-02 21:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2014-10-01 18:11 . 2014-07-05 22:10 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 18:11 . 2014-07-05 22:10 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 18:11 . 2013-06-27 00:30 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-27 23:09 . 2014-10-01 19:00 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-25 02:08 . 2014-09-30 18:37 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 18:37 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-15 09:08 . 2014-09-26 11:45 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F77CB971-6F80-4E94-901E-F54DDF200B7C}\mpengine.dll
2014-09-09 22:11 . 2014-09-23 17:30 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-23 17:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-05 02:11 . 2014-10-16 19:31 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-09-05 01:52 . 2014-10-16 19:31 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-09-04 05:23 . 2014-10-16 19:32 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-16 19:32 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-02-12 10:02 . 2014-02-12 10:02 49940480 ----a-w- c:\program files (x86)\GUTC2A9.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-13 300472]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2014-07-11 118272]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2014-06-03 2368736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-09-27 1279120]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MBCameraMonitor.lnk - c:\program files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe [2011-12-25 541976]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2009-6-3 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 mi2c;mi2c;c:\windows\system32\drivers\mi2c.sys;c:\windows\SYSNATIVE\drivers\mi2c.sys [x]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.117.0\SeaPort.exe [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12 19:06]
.
2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 05:05]
.
2014-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-11 05:05]
.
2014-11-29 c:\windows\Tasks\HPCeeScheduleForOffice.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
2014-12-01 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-11-12 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;192.168.*.*
TCP: DhcpNameServer = 192.168.1.1
DPF: {0BCC6235-2443-41C5-9AE2-9068E35ACFD9} - hxxps://www.officemd.net/officemd/CONTROLS/Runtime/CWA_Runtime.CAB
DPF: {19943309-CCF5-4FAB-85AB-54D851959888} - hxxps://www.officemd.net/officemd/CONTROLS/Runtime/CWAImageMan.CAB
DPF: {B9BFB8C0-E198-4CEF-8F43-47176DC528A6} - hxxps://www.officemd.net/officemd/CONTROLS/Imaging/CWAExamImage.CAB
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-HLBackupScheduler - c:\program files\Verizon Cloud\Verizon Cloud Service.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{F897EB0E-A3A4-46C3-80EB-2729699D8892} - (no file)
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_239_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_239.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-30  21:46:25
ComboFix-quarantined-files.txt  2014-12-01 04:46
.
Pre-Run: 365,386,493,952 bytes free
Post-Run: 366,662,844,416 bytes free
.
- - End Of File - - 412DCEF094D63CE36E464818035F05E6
7E1D3387E53690CA4C2D2535296BB5C1

 

New FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Office (administrator) on OFFICE-PC on 05-12-2014 09:54:28
Running from C:\Users\Office\Desktop
Loaded Profile: Office (Available profiles: Office)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BBSvc.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300472 2010-05-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [118272 2014-07-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1279120 2012-09-27] (CANON INC.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1668664 2009-07-15] (Hewlett-Packard)
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MBCameraMonitor.lnk
ShortcutTarget: MBCameraMonitor.lnk -> C:\Program Files (x86)\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe (PIXELA CORPORATION)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x482605801F0CD001
HKU\S-1-5-21-1703729140-4153912327-3462029305-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> {77BF8E8A-75FC-4E30-A5AA-079BCC6E0655} URL = http://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {77BF8E8A-75FC-4E30-A5AA-079BCC6E0655} URL = http://www.bing.com/search?q={searchTerms}&FORM=CPDTDF&pc=CPDTDF&src=IE-SearchBox
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: hpBHO Class -> {ABD3B5E1-B268-407B-A150-2641DAB8D898} -> C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.117.0\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {0BCC6235-2443-41C5-9AE2-9068E35ACFD9} https://www.officemd.net/officemd/CONTROLS/Runtime/CWA_Runtime.CAB
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: HKLM-x32 {19943309-CCF5-4FAB-85AB-54D851959888} https://www.officemd.net/officemd/CONTROLS/Runtime/CWAImageMan.CAB
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab
DPF: HKLM-x32 {74F4F118-91E6-4AFC-B8D2-04066781F239} https://webdeposit.ensenta.com/eztwainx.cab
DPF: HKLM-x32 {B9BFB8C0-E198-4CEF-8F43-47176DC528A6} https://www.officemd.net/officemd/CONTROLS/Imaging/CWAExamImage.CAB
DPF: HKLM-x32 {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 EFS; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7241728 2014-07-11] (LeapFrog Enterprises, Inc.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nvsvc; C:\Windows\SysWOW64\nvvsvc.exe [0 2013-07-29] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 ProtectedStorage; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-07-29] () [File not signed]
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
S3 VaultSvc; C:\Windows\SysWOW64\lsass.exe [0 2013-07-29] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2013-02-23] (Nicomsoft Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 PcaSp50; C:\Windows\System32\Drivers\PcaSp50.sys [45624 2009-08-24] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 usbio; C:\Windows\System32\Drivers\dsiarhwprog_x64.sys [51600 2007-02-08] (Thesycon GmbH, Germany) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
U2 TMAgent; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-05 09:54 - 2014-12-05 09:55 - 00022846 _____ () C:\Users\Office\Desktop\FRST.txt
2014-12-04 23:13 - 2014-12-04 23:13 - 00002123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-04 23:13 - 2014-12-04 23:13 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-04 23:13 - 2014-12-04 23:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-12-04 22:59 - 2014-12-04 22:59 - 00000000 ____D () C:\Users\Office\Desktop\FRST-OlderVersion
2014-12-02 22:05 - 2014-12-02 22:05 - 02347384 _____ (ESET) C:\Users\Office\Desktop\esetsmartinstaller_enu.exe
2014-12-02 21:46 - 2014-12-04 22:59 - 02117632 _____ (Farbar) C:\Users\Office\Desktop\FRST64.exe
2014-12-01 23:04 - 2014-12-05 09:54 - 00000000 ____D () C:\FRST
2014-11-30 22:48 - 2014-11-30 22:48 - 00055133 _____ () C:\Users\Office\Desktop\Malwarebytes Text.txt
2014-11-30 21:46 - 2014-11-30 21:46 - 00020234 _____ () C:\ComboFix.txt
2014-11-30 21:09 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-30 21:09 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-30 21:09 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-30 21:09 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-30 21:08 - 2014-11-30 21:47 - 00000000 ____D () C:\Qoobox
2014-11-30 21:07 - 2014-11-30 21:41 - 00000000 ____D () C:\Windows\erdnt
2014-11-29 13:58 - 2014-11-29 13:58 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-29 13:58 - 2014-11-29 13:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-25 16:54 - 2014-11-30 20:37 - 00000000 ____D () C:\AdwCleaner
2014-11-18 16:54 - 2014-11-10 20:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 16:54 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 16:54 - 2014-11-10 19:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 16:54 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 00:30 - 2013-09-02 00:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-11-16 17:30 - 2014-11-16 17:30 - 00013460 _____ () C:\Users\Office\Downloads\Statistics correlation due 11-16 (2).xlsx
2014-11-16 12:34 - 2014-11-16 12:34 - 00013460 _____ () C:\Users\Office\Downloads\Statistics correlation due 11-16.xlsx
2014-11-16 12:34 - 2014-11-16 12:34 - 00013460 _____ () C:\Users\Office\Downloads\Statistics correlation due 11-16 (1).xlsx
2014-11-12 11:30 - 2014-11-12 11:30 - 00180415 _____ () C:\Users\Office\Downloads\Statistics excel assigment due 10-26 (5).xlsx
2014-11-12 11:29 - 2014-11-12 11:29 - 00013623 _____ () C:\Users\Office\Downloads\mean, variance, and standard deviation (4).xlsx
2014-11-12 06:59 - 2014-11-12 06:59 - 00007607 _____ () C:\Users\Office\AppData\Local\Resmon.ResmonCfg
2014-11-11 23:00 - 2014-11-20 13:36 - 00000004 _____ () C:\Users\Office\AppData\Roaming\appdataFr2.bin
2014-11-11 22:13 - 2014-11-11 22:13 - 00000000 __SHD () C:\Users\Office\AppData\Local\EmieBrowserModeList
2014-11-11 21:05 - 2014-11-07 12:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 21:05 - 2014-11-05 21:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 21:05 - 2014-11-05 20:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 21:05 - 2014-11-05 20:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 21:05 - 2014-11-05 20:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 21:05 - 2014-11-05 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 21:05 - 2014-11-05 20:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 21:05 - 2014-11-05 20:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 21:05 - 2014-11-05 20:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 21:05 - 2014-11-05 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 21:05 - 2014-11-05 19:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 21:05 - 2014-11-05 19:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 21:05 - 2014-11-05 19:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 21:05 - 2014-11-05 19:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 21:05 - 2014-11-05 19:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 21:05 - 2014-11-05 18:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 21:05 - 2014-11-05 10:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 21:05 - 2014-11-05 10:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 21:05 - 2014-11-05 10:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 21:05 - 2014-10-13 19:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 21:05 - 2014-10-13 19:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 21:05 - 2014-10-13 19:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 21:05 - 2014-10-13 19:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 21:05 - 2014-10-13 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 21:05 - 2014-10-13 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 21:05 - 2014-10-13 18:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 21:05 - 2014-10-13 18:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 21:05 - 2014-10-13 18:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 21:04 - 2014-11-07 12:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 21:04 - 2014-11-05 21:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 21:04 - 2014-11-05 21:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 21:04 - 2014-11-05 20:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 21:04 - 2014-11-05 20:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 21:04 - 2014-11-05 20:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 21:04 - 2014-11-05 20:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 21:04 - 2014-11-05 20:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 21:04 - 2014-11-05 20:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 21:04 - 2014-11-05 20:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 21:04 - 2014-11-05 20:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 21:04 - 2014-11-05 20:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 21:04 - 2014-11-05 20:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 21:04 - 2014-11-05 20:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 21:04 - 2014-11-05 20:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 21:04 - 2014-11-05 20:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 21:04 - 2014-11-05 20:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 21:04 - 2014-11-05 20:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 21:04 - 2014-11-05 20:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 21:04 - 2014-11-05 20:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 21:04 - 2014-11-05 20:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 21:04 - 2014-11-05 20:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 21:04 - 2014-11-05 19:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 21:04 - 2014-11-05 19:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 21:04 - 2014-11-05 19:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 21:04 - 2014-11-05 19:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 21:04 - 2014-11-05 19:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 21:04 - 2014-11-05 19:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 21:04 - 2014-11-05 19:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 21:04 - 2014-11-05 19:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 21:04 - 2014-11-05 19:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 21:04 - 2014-11-05 19:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 21:04 - 2014-11-05 19:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 21:04 - 2014-11-05 19:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 21:04 - 2014-11-05 19:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 21:04 - 2014-11-05 19:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 21:04 - 2014-11-05 19:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 21:04 - 2014-11-05 18:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 21:04 - 2014-11-05 18:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 21:04 - 2014-11-05 18:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 21:03 - 2014-10-02 19:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 21:03 - 2014-10-02 19:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 21:03 - 2014-10-02 19:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 21:03 - 2014-10-02 19:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 21:03 - 2014-10-02 19:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 21:03 - 2014-10-02 18:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 21:03 - 2014-10-02 18:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 21:03 - 2014-10-02 18:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 21:03 - 2014-09-19 02:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 21:03 - 2014-09-19 02:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 21:03 - 2014-09-19 02:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 21:03 - 2014-08-20 23:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 21:03 - 2014-08-20 23:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 21:03 - 2014-08-20 23:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 21:03 - 2014-08-20 23:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 21:03 - 2014-08-11 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 21:03 - 2014-08-11 18:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-11 21:02 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 21:02 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 21:02 - 2014-10-17 19:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 21:02 - 2014-10-17 18:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 21:02 - 2014-10-13 19:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 21:02 - 2014-10-13 18:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 21:02 - 2014-10-09 17:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 21:02 - 2014-09-19 02:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 21:02 - 2014-09-19 02:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 21:02 - 2014-09-19 02:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 21:02 - 2014-09-19 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 21:02 - 2014-09-19 02:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-09 17:59 - 2014-11-09 17:59 - 00013150 _____ () C:\Users\Office\Downloads\HLT362.M5.CorrelationRegressionChiSquare_Student_12-2-13.xlsx
2014-11-09 13:14 - 2014-11-09 13:14 - 00219211 _____ () C:\Users\Office\Downloads\Statistics ANOVA excel (2).xlsx
2014-11-09 13:14 - 2014-11-09 13:14 - 00219211 _____ () C:\Users\Office\Downloads\Statistics ANOVA excel (1).xlsx
2014-11-09 13:13 - 2014-11-09 13:13 - 00219211 _____ () C:\Users\Office\Downloads\Statistics ANOVA excel.xlsx
2014-11-09 12:59 - 2014-11-09 12:59 - 00219225 _____ () C:\Users\Office\Downloads\HLT362.M4.ANOVA_Student_12-2-13 (3).xlsx
2014-11-08 19:29 - 2014-11-08 19:29 - 00219225 _____ () C:\Users\Office\Downloads\HLT362.M4.ANOVA_Student_12-2-13 (2).xlsx
2014-11-08 19:28 - 2014-11-08 19:28 - 00252416 _____ () C:\Users\Office\Downloads\ANOVA EXCEL WORKSHEET.xls
2014-11-06 20:19 - 2014-11-06 20:19 - 00219225 _____ () C:\Users\Office\Downloads\HLT362.M4.ANOVA_Student_12-2-13 (1).xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-05 09:55 - 2011-03-18 22:33 - 01532119 _____ () C:\Windows\WindowsUpdate.log
2014-12-05 09:51 - 2013-03-11 20:42 - 00031716 _____ () C:\Windows\setupact.log
2014-12-05 09:51 - 2012-04-10 22:05 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-05 09:51 - 2011-05-07 14:54 - 00000000 ____D () C:\Temp
2014-12-05 09:51 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-05 09:50 - 2013-04-02 23:26 - 01262936 _____ () C:\Windows\PFRO.log
2014-12-05 09:44 - 2012-04-10 22:05 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-05 08:17 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-05 08:17 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 23:13 - 2012-04-21 12:26 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-12-03 15:13 - 2012-04-10 22:05 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-03 15:13 - 2012-04-10 22:05 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-03 15:11 - 2014-07-21 21:02 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForOffice
2014-12-03 15:11 - 2014-07-21 21:02 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForOffice.job
2014-12-02 21:58 - 2011-01-16 19:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-02 07:51 - 2013-07-06 23:15 - 00000000 ____D () C:\Users\Office\Desktop\mbar
2014-12-02 07:51 - 2013-07-06 23:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-01 23:35 - 2014-07-05 15:12 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-01 23:35 - 2014-07-05 15:10 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-30 21:47 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-11-30 21:31 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-30 21:19 - 2012-07-15 13:47 - 00000000 ____D () C:\Program Files (x86)\intellidownload
2014-11-30 21:19 - 2011-01-16 18:57 - 00000000 ____D () C:\Users\Office
2014-11-30 20:24 - 2011-01-16 19:06 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-11-26 19:18 - 2009-07-13 22:13 - 00875966 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 15:50 - 2012-04-10 22:05 - 00000000 ____D () C:\Users\Office\AppData\Local\Google
2014-11-25 12:23 - 2011-10-31 12:06 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-25 12:23 - 2011-01-17 08:42 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-24 14:04 - 2011-03-18 09:23 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-19 07:09 - 2011-03-26 18:31 - 00000000 ____D () C:\Users\Office\AppData\Local\CrashDumps
2014-11-18 08:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-18 07:56 - 2013-07-13 22:48 - 16069061 _____ () C:\Users\Office\AppData\Local\census.cache
2014-11-18 07:55 - 2013-07-13 22:44 - 00116506 _____ () C:\Users\Office\AppData\Local\ars.cache
2014-11-17 08:27 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-11-16 17:26 - 2013-08-04 11:05 - 00000000 ____D () C:\Users\Office\Downloads\Lauren's School (GCU)
2014-11-16 10:38 - 2013-04-07 09:03 - 00000000 ____D () C:\Windows\Minidump
2014-11-12 15:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-11-11 22:58 - 2009-08-21 10:31 - 00000000 ____D () C:\ProgramData\Norton
2014-11-11 22:51 - 2014-08-22 16:36 - 00000000 ____D () C:\Users\Office\AppData\Local\Adobe
2014-11-11 22:10 - 2013-03-11 20:42 - 00496664 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 22:08 - 2014-04-28 13:54 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-11 22:02 - 2011-05-07 19:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2014-11-11 21:58 - 2011-06-26 13:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 21:54 - 2013-08-12 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 21:49 - 2011-01-17 03:07 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 15:06 - 2014-07-05 15:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-11 14:42 - 2014-07-05 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-11 14:42 - 2013-06-26 17:30 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-25 17:19

==================== End Of Log ============================

 



#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:02 PM

Posted 05 December 2014 - 01:44 PM

Hello joe_black,

Glad to hear your computer is doing better.  :)

We are on the homestretch, but there are a couple things left to take care of. Please do the following.

=============================================================

Upload to Virus Total

One of your logs showed evidence of malware altering/modifying a system file. This process will help me confirm if this has happened.

  • Connect to Virus Total
  • Ensure that the File tab is selected on the page (it should be by default).
  • Click Choose File.
  • Locate the file c:\windows\SysWow64\wuauclt.exe and click Scan it!
  • When the scan is complete, copy and paste the URL in your browser and include it in your next post.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 joe_black

joe_black
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 05 December 2014 - 02:45 PM

Cody,

 

Its saying:

 

 Warning! You submitted an empty file (0 bytes size), please make sure no software on your computer is preventing the upload (e.g. antivirus quarantine).

 

Could this be, because ComboFix has quarantined it?



#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:02 PM

Posted 05 December 2014 - 03:09 PM

Hi joe_black,

 

ComboFix hasn't quarantined the file, it has just informed me that it is potentially infected. There must be something else blocking the upload (could be a number of things, but I suspect it may be in use).

 

Let's see this:

  • Navigate to c:\windows\SysWow64\wuauclt.exe and right-click it.
  • Choose Properties.
  • Click the Details tab.
  • Please note the Size of the file and include it in your next post.

========================

 

I will be back soon with further instructions, I just need to get them approved by my instructor. :)


Edited by TheShooter93, 05 December 2014 - 03:20 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 joe_black

joe_black
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 05 December 2014 - 03:26 PM

There's nothing there bud for c:\windows\SysWow64\wuauclt.exe;

 Application
 Zero Bytes--
 Modified 8/21/13 @ 10:57 PM
 
I did however find that same file under c:\windows\System32\wuauclt.exe that appears to be a legit Windows Application that contains all the Microsoft Product Data 56.9 kb in size.


Edited by joe_black, 05 December 2014 - 03:40 PM.


#12 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:02 PM

Posted 05 December 2014 - 03:43 PM

Thanks for letting me know. I will get back to you as soon as possible. :)


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:02 PM

Posted 05 December 2014 - 04:11 PM

Hi joe_black,

I did however find that same file under c:\windows\System32\wuauclt.exe that appears to be a legit Windows Application that contains all the Microsoft Product Data 56.9 kb in size.

Thanks for this - it should help me figure out what is going on here.  :thumbup2:


Edited by TheShooter93, 05 December 2014 - 04:12 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#14 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:10:02 PM

Posted 06 December 2014 - 08:23 AM

Hi joe_black,
 
The following will give us some more information about what is going on and where to go from here.  :)

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) asfixlist.txt
    file: c:\windows\SysWow64\wuauclt.exe
    file: c:\windows\System32\wuauclt.exe
    
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

Edited by TheShooter93, 06 December 2014 - 08:23 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#15 joe_black

joe_black
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:02 PM

Posted 06 December 2014 - 12:40 PM

Cody,

 

Attached you will find the log

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-12-2014 02
Ran by Office at 2014-12-06 10:38:24 Run:3
Running from C:\Users\Office\Desktop
Loaded Profile: Office (Available profiles: Office)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
file: c:\windows\SysWow64\wuauclt.exe
file: c:\windows\System32\wuauclt.exe
*****************

========================= file: c:\windows\SysWow64\wuauclt.exe ========================

MD5:
Creation and modification date: 2013-08-21 22:57 - 2013-08-21 22:57
Size: 0000000
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

========================= file: c:\windows\System32\wuauclt.exe ========================

MD5: EAD9E413A6CEB9FD8E2AD9DC0716C061
Creation and modification date: 2014-08-27 19:38 - 2014-05-14 09:23
Size: 0058336
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: wuauclt.exe
Original Name: wuauclt.exe
Product Name: Microsoft® Windows® Operating System
Description: Windows Update
File Version: 7.6.7600.320 (winmain_wtr_wsus3sp2(oobla).140514-0916)
Product Version: 7.6.7600.320
Copyright: © Microsoft Corporation. All rights reserved.

====== End Of File: ======

==== End of Fixlog ====






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users