Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SVCHOST.EXE issues.


  • This topic is locked This topic is locked
7 replies to this topic

#1 twitterfon231

twitterfon231

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 05 December 2014 - 07:12 PM

I keep experiencing slowness due to the overloading of the memory caused by svchost.exe. Please help



BC AdBot (Login to Remove)

 


#2 twitterfon231

twitterfon231
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 05 December 2014 - 07:14 PM

Title was: rundll32 host infected. ~ OB

 

Moderator note:  Previously abandoned topic on this issue here: http://www.bleepingcomputer.com/forums/t/556864/svchostexe-and-dllhostexe-eating-up-my-resources/ ~ OB
 
my screen keeps showing that the rundll32 host crashed. and malwarebytes catches suspicious communication with a site from this file as well. Please advise.


Edited by Orange Blossom, 06 December 2014 - 09:43 PM.
Merged topics.


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:05 AM

Posted 08 December 2014 - 01:10 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 twitterfon231

twitterfon231
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 08 December 2014 - 10:05 AM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by deepcreek (administrator) on DEEPCREEKMAIN on 08-12-2014 09:47:49
Running from C:\Users\deepcreek\Downloads
Loaded Profile: deepcreek (Available profiles: deepcreek & tom & frontdesk1 & innkeeper & Administrator & Classic .NET AppPool)
Platform: Microsoft Windows 7 Professional  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Seiko Epson Corporation) C:\Program Files\EPSON\TMCOMUSB\Service\EpsonPE.exe
(Seagate Technology LLC) C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
(Shift4 Corporation) C:\Shift4\UTG2\utg2svc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
( ) C:\Windows\System32\lxeecoms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
() C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
(Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
() C:\Program Files\Lexmark Pro700 Series\ezprint.exe
(Dell Inc.) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
(Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(iAnywhere Solutions, Inc.) D:\Program Files\SQL Anywhere 12\BIN32\dbsrv12.exe
(Dell Inc.) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Seagate) C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acronis) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Spotify Ltd) C:\Users\deepcreek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(InnQuest Software) D:\roomMaster\rw5msg.exe
(InnQuest Software) D:\roomMaster\rw5iqlnk.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(iAnywhere Solutions, Inc.) D:\Program Files\SQL Anywhere 12\BIN32\dbsrv12.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(LogMeIn, Inc.) C:\Users\deepcreek\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\lmi_rescue.exe
(LogMeIn, Inc.) C:\Users\deepcreek\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue_srv.exe
(LogMeIn, Inc.) C:\Users\deepcreek\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue_srv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [lxeemon.exe] => C:\Program Files\Lexmark Pro700 Series\lxeemon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark Pro700 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2691072 2009-08-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-26] (AVAST Software)
HKLM\...\Run: [DellNetExtender] => C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1293824 2014-02-14] (Dell Inc.)
HKLM\...\Run: [DiscWizardMonitor.exe] => C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [400376 2013-10-30] (Seagate)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1055952 2014-09-29] (Carbonite, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Run: [Lare] => C:\Users\deepcreek\AppData\Roaming\Refy\lare.exe
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-28] (Google Inc.)
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Run: [Google Update**.d<*>] => "C:\Users\deepcreek\AppData\Local\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}\d'x"Ù"\", &h#\. ùû[\{4eee7f79-e6bd-af44-0692-41c89600c397}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Run: [Spotify] => C:\Users\deepcreek\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-11-04] (Spotify Ltd)
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Run: [Spotify Web Helper] => C:\Users\deepcreek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-04] (Spotify Ltd)
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\RunOnce: [124_11376291238118] => C:\Users\deepcreek\AppData\Local\LMIR0002.tmp_r.bat [347 2014-12-04] ()
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Policies\system: [Wallpaper] C:
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Policies\system: [WallpaperStyle] 4
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\MountPoints2: {528ca553-2e8b-11e2-a037-bc305bb1f113} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\MountPoints2: {f712f7a8-67b4-11e1-97b4-bc305bb1f113} - G:\setup.exe -a
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iQ-Messenger.lnk
ShortcutTarget: iQ-Messenger.lnk -> D:\roomMaster\rw5msg.exe (InnQuest Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iQ-WorldLink.lnk
ShortcutTarget: iQ-WorldLink.lnk -> D:\roomMaster\rw5iqlnk.exe (InnQuest Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2404773979-1006670029-983905438-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2404773979-1006670029-983905438-1000] => :0
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {BBAC1BB2-246F-4CFA-8507-DCD1C4ED4CCC} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2404773979-1006670029-983905438-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2404773979-1006670029-983905438-1000 -> {46CC5E43-15A1-4A45-82AD-C9824287DE34} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-2404773979-1006670029-983905438-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-2404773979-1006670029-983905438-1000 -> No Name - {C4D78C72-08DB-4A3F-9175-B265157283F3} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\..\Interfaces\{CA555A9A-4D40-42B6-ACE6-D1B842E64C21}: [NameServer] 10.10.3.57,10.10.3.21
 
FireFox:
========
FF ProfilePath: C:\Users\deepcreek\AppData\Roaming\Mozilla\Firefox\Profiles\uoq5p2fp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2404773979-1006670029-983905438-1000: @citrixonline.com/appdetectorplugin -> C:\Users\deepcreek\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-26]
 
Chrome: 
=======
CHR Profile: C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17]
CHR Extension: (Google Drive) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17]
CHR Extension: (YouTube) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-17]
CHR Extension: (Google Search) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-17]
CHR Extension: (Avast Online Security) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-17]
CHR Extension: (Gmail) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-26]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-26] (AVAST Software)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [6017744 2014-09-29] (Carbonite, Inc. (www.carbonite.com))
R2 EpsonPEService; C:\Program Files\EPSON\TMCOMUSB\Service\EpsonPE.exe [913400 2011-04-04] (Seiko Epson Corporation)
R2 frmUtg2Service; C:\Shift4\UTG2\UTG2Svc.exe [5474320 2013-09-12] (Shift4 Corporation)
R2 LMIRescue_c8125c61-52dc-4387-85de-a7036c2aca7a; C:\Users\deepcreek\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\LMI_Rescue_srv.exe [3087664 2014-12-08] (LogMeIn, Inc.)
S2 lxeeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\Windows\system32\lxeecoms.exe [598696 2010-04-14] ( )
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
S2 ServOMatic: Forecasted Revenue; C:\Program Files\Kwakkelflap\Service\ServOM.exe [122880 2008-03-19] () [File not signed]
R2 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [801888 2013-10-30] (Seagate)
R2 SONICWALL_NetExtender; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [364032 2014-02-14] (Dell Inc.)
R2 SQLANYs_rmtraining; D:\Program Files\SQL Anywhere 12\Bin32\dbsrv12.exe [141176 2011-05-31] (iAnywhere Solutions, Inc.)
R2 SQLANYs_roommaster; D:\Program Files\SQL Anywhere 12\Bin32\dbsrv12.exe [141176 2011-05-31] (iAnywhere Solutions, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-26] ()
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [84992 2009-05-11] (Broadcom Corporation)
S3 DFUBTUSB; C:\Windows\System32\Drivers\frmupgr.sys [27536 2007-01-03] (Broadcom Corporation.)
R2 EpsCe; C:\Windows\system32\Drivers\EpsCe.sys [71680 2011-06-20] (Seiko Epson Corporation) [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2748064 2009-11-16] (Realtek Semiconductor Corp.)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [22600 2009-10-21] (SonicWALL Inc.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [888640 2014-10-22] (Acronis International GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2014-10-22] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [130488 2014-10-22] (Acronis)
S3 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [48384 2011-06-20] (SEIKO EPSON CORPORATION) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2014-10-22] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2014-10-22] (Acronis International GmbH)
S3 catchme; \??\C:\Users\tom\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\tom\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 09:47 - 2014-12-08 09:48 - 00022265 _____ () C:\Users\deepcreek\Downloads\FRST.txt
2014-12-08 09:47 - 2014-12-08 09:47 - 00000000 ____D () C:\FRST
2014-12-08 09:46 - 2014-12-08 09:47 - 01111040 _____ (Farbar) C:\Users\deepcreek\Downloads\FRST.exe
2014-12-08 09:43 - 2014-12-08 09:43 - 01528640 _____ (LogMeIn, Inc.) C:\Users\deepcreek\Downloads\Support-LogMeInRescue (1).exe
2014-12-08 09:35 - 2014-12-08 09:35 - 00002626 _____ () C:\Users\deepcreek\Downloads\legitcheck (1).hta
2014-12-08 03:02 - 2014-12-08 03:02 - 00000000 ____D () C:\Windows\system32\SPReview
2014-12-06 16:15 - 2014-12-06 16:15 - 00011535 _____ () C:\Users\deepcreek\Desktop\Weekly E-mails 11282014.xlsx
2014-12-05 14:45 - 2014-12-05 14:45 - 00002405 _____ () C:\Users\deepcreek\Downloads\december-business-after-hours-2014-2070.ics
2014-12-04 11:38 - 2014-12-04 11:38 - 00000347 _____ () C:\Users\deepcreek\AppData\Local\LMIR0002.tmp_r.bat
2014-12-04 11:35 - 2014-12-04 11:35 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-12-04 11:34 - 2014-12-04 11:35 - 00002626 _____ () C:\Users\deepcreek\Downloads\legitcheck.hta
2014-12-01 08:58 - 2014-12-01 08:58 - 00000000 ____D () C:\Users\deepcreek\Desktop\New Hire Training
2014-11-25 03:01 - 2014-11-25 03:05 - 00000000 ____D () C:\0a5b002e0ebefc8732ef0f
2014-11-17 14:34 - 2014-11-17 14:34 - 00157495 _____ () C:\Users\deepcreek\Desktop\2014 10 IDC PL - New.xlsx
2014-11-15 14:58 - 2014-11-15 14:58 - 00011151 _____ () C:\Users\deepcreek\Desktop\BeachtreeIDC2015 (3).xlsx
2014-11-15 14:25 - 2014-11-15 14:25 - 00000000 ____D () C:\Users\deepcreek\AppData\Local\{2C30ECCF-63DB-4DD1-8A7D-E533C3E4A198}
2014-11-14 10:05 - 2014-11-14 10:05 - 01532224 _____ (LogMeIn, Inc.) C:\Users\deepcreek\Downloads\Support-LogMeInRescue (2).exe
2014-11-13 14:49 - 2014-11-13 14:49 - 00410396 _____ () C:\Users\deepcreek\Desktop\2015 IDC Budget Template.xlsx
2014-11-11 12:29 - 2014-11-11 12:29 - 00029696 _____ () C:\Users\deepcreek\Desktop\Beachtree Arrivals11111231.xls
2014-11-11 11:53 - 2014-11-11 17:59 - 00130560 _____ () C:\Users\deepcreek\Desktop\2015TanInventory111114.xls
2014-11-11 10:36 - 2014-11-11 10:37 - 02140160 _____ () C:\Users\deepcreek\Downloads\AdwCleaner.exe
2014-11-11 10:20 - 2014-11-11 10:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-11 10:17 - 2014-11-11 10:17 - 00002104 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2014-11-11 10:17 - 2014-11-11 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2014-11-11 10:16 - 2014-11-11 10:16 - 00000000 ____D () C:\ProgramData\Carbonite
2014-11-11 10:16 - 2014-11-11 10:16 - 00000000 ____D () C:\Program Files\Carbonite
2014-11-11 09:55 - 2014-11-11 09:55 - 00001932 _____ () C:\Users\deepcreek\Downloads\november-business-after-hours-2014-2069.ics
2014-11-10 16:10 - 2014-11-10 16:10 - 00018704 _____ () C:\Users\deepcreek\Desktop\TAN Phone List_July 2014.xlsx
2014-11-10 16:10 - 2014-11-10 16:10 - 00015803 _____ () C:\Users\deepcreek\Desktop\PeerGroup.xlsx
2014-11-10 16:09 - 2014-11-10 16:09 - 00038154 _____ () C:\Users\deepcreek\Desktop\BTP Hotel Address  Phone List.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 09:44 - 2011-12-15 14:39 - 00000000 ____D () C:\Users\deepcreek\AppData\Local\LogMeIn Rescue Applet
2014-12-08 09:14 - 2009-07-13 23:55 - 01676098 _____ () C:\Windows\WindowsUpdate.log
2014-12-08 09:12 - 2012-06-02 14:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 09:01 - 2012-06-11 10:44 - 00000264 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-12-08 08:56 - 2011-03-28 09:50 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 08:51 - 2014-09-08 14:05 - 00000522 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2404773979-1006670029-983905438-1000.job
2014-12-07 19:53 - 2012-10-10 14:53 - 00000438 _____ () C:\Windows\Tasks\roomMaster.net Update.job
2014-12-07 16:56 - 2011-03-28 09:50 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-06 20:53 - 2014-10-20 11:22 - 00051676 _____ () C:\Users\deepcreek\Desktop\2014 Schedule Workbook.xlsx
2014-12-06 03:09 - 2009-07-13 23:34 - 00014256 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-06 03:09 - 2009-07-13 23:34 - 00014256 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 15:10 - 2013-07-16 11:54 - 00000000 ____D () C:\Users\deepcreek\Desktop\Employee Guidelines
2014-12-04 14:08 - 2014-10-22 08:10 - 00000000 ____D () C:\Users\deepcreek\Desktop\Manager Report
2014-12-04 11:36 - 2012-06-11 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-04 11:36 - 2012-06-11 10:40 - 00000000 ____D () C:\Program Files\HP
2014-12-04 11:35 - 2012-06-11 10:43 - 00000000 ____D () C:\Users\deepcreek\AppData\Roaming\HpUpdate
2014-12-02 15:22 - 2014-11-04 16:28 - 00000000 ____D () C:\Users\deepcreek\AppData\Roaming\Spotify
2014-12-02 11:16 - 2014-04-03 09:25 - 00011032 _____ () C:\Users\deepcreek\Desktop\Linen Inventory April04.xlsx
2014-12-02 11:09 - 2014-03-23 13:46 - 00000000 ____D () C:\Users\deepcreek\Documents\Maintenance
2014-12-02 11:08 - 2014-10-30 07:47 - 00000000 ____D () C:\Users\deepcreek\Desktop\Carla
2014-12-02 11:07 - 2014-01-28 11:12 - 00000000 ____D () C:\Users\deepcreek\Documents\GM
2014-12-02 10:42 - 2014-01-28 11:14 - 00000000 ____D () C:\Users\deepcreek\Documents\IDC info
2014-12-02 10:23 - 2014-11-04 16:28 - 00000000 ____D () C:\Users\deepcreek\AppData\Local\Spotify
2014-11-30 13:22 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-30 13:08 - 2011-04-27 12:12 - 00000000 ____D () C:\Shift4
2014-11-30 13:07 - 2011-12-06 19:31 - 00029056 _____ () C:\ProgramData\lxeescan.log
2014-11-30 13:05 - 2014-08-26 15:45 - 00002082 _____ () C:\Windows\setupact.log
2014-11-30 13:05 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-27 17:58 - 2011-03-18 04:38 - 00855980 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 19:12 - 2012-06-02 14:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-25 19:12 - 2011-06-16 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-25 18:01 - 2014-10-17 07:47 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-22 20:16 - 2014-10-22 08:06 - 00000000 ____D () C:\Users\deepcreek\Desktop\Beachtree
2014-11-21 15:27 - 2014-08-26 15:55 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-20 08:55 - 2011-03-25 10:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-16 16:16 - 2011-03-18 06:27 - 00687244 _____ () C:\Windows\PFRO.log
2014-11-12 11:44 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-12 11:37 - 2011-06-17 15:16 - 00000776 __RSH () C:\Users\tom\ntuser.pol
2014-11-12 11:37 - 2011-04-15 11:06 - 00108824 _____ () C:\Users\tom\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 11:37 - 2011-04-14 13:51 - 00000000 ____D () C:\Users\tom
2014-11-12 11:06 - 2011-03-28 11:01 - 00108824 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 11:05 - 2013-07-08 15:58 - 00000776 __RSH () C:\Users\Administrator\ntuser.pol
2014-11-12 11:05 - 2011-03-28 11:00 - 00000000 ____D () C:\Users\Administrator
2014-11-12 03:08 - 2014-08-28 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:00 - 2011-04-29 11:35 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 10:47 - 2014-10-30 09:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-11 10:47 - 2014-07-17 11:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-11 10:44 - 2014-08-21 08:02 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 10:41 - 2014-08-26 22:17 - 00000000 ____D () C:\AdwCleaner
2014-11-11 10:41 - 2014-08-18 12:40 - 00001060 _____ () C:\Users\deepcreek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-11 10:41 - 2011-03-25 08:18 - 00001122 _____ () C:\Users\deepcreek\Desktop\Internet Explorer.lnk
2014-11-11 10:31 - 2014-08-26 13:24 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-11 10:31 - 2014-07-17 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-10 17:21 - 2014-10-22 08:00 - 00000000 ____D () C:\Users\deepcreek\Desktop\Tan Inventory
ZeroAccess:
C:\Users\deepcreek\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
 
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
 
Files to move or delete:
====================
C:\Users\deepcreek\g2ax_customer_downloadhelper_win32_x86.exe
 
 
Some content of TEMP:
====================
C:\Users\deepcreek\AppData\Local\temp\BackupSetup.exe
C:\Users\deepcreek\AppData\Local\temp\nsqEB8A.tmp.exe
C:\Users\deepcreek\AppData\Local\temp\Quarantine.exe
C:\Users\deepcreek\AppData\Local\temp\RdpUtils.dll
C:\Users\deepcreek\AppData\Local\temp\sqlite3.dll
C:\Users\deepcreek\AppData\Local\temp\vcredist_x86.exe
C:\Users\tom\AppData\Local\temp\Quarantine.exe
C:\Users\tom\AppData\Local\temp\ReimagePackage.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 00:41
 
==================== End Of Log ============================
 
Additional.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2014 01
Ran by deepcreek at 2014-12-08 09:49:12
Running from C:\Users\deepcreek\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}) (Version: 12.25.02 - Broadcom Corporation)
Carbonite (HKLM\...\Carbonite Backup) (Version: 5.7.0 build 4390 (Sep-29-2014) - Carbonite)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{3D5F07C3-1B93-47F8-9F8A-DE8E47BF1669}) (Version: 1.0.209 - Citrix)
Citrix Online Launcher (HKLM\...\{75B8A55E-0762-4676-AAC0-6FDF025B034B}) (Version: 1.0.220 - Citrix)
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{4688EB75-28E2-4731-9BCB-55E624F7CD45}) (Version: 1.3 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.154 - Dell Inc.)
Dell Data Protection | Access (Version: 01.00.00.154 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell SonicWALL NetExtender (HKLM\...\Dell SonicWALL NetExtender) (Version: 7.5.216 - Dell)
DellAccess (Version: 01.00.00.078 - Wave Systems Corp.) Hidden
EMBASSY Security Center (Version: 04.02.00.072 - Wave Systems Corp.) Hidden
EPSON TM Virtual Port Driver Ver.7.00a (HKLM\...\{3D7277B3-B0BE-497C-A626-55F063254B5B}) (Version: 7.00.0000 - Seiko Epson Corporation)
erLT (Version: 1.20.0137 - Logitech, Inc.) Hidden
Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToMeeting 7.0.4.2033 (HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\GoToMeeting) (Version: 7.0.4.2033 - CitrixOnline)
HP ENVY 110 series Help (HKLM\...\{D4444B31-E9E9-4389-B35D-41B5BCA5E9FB}) (Version: 140.0.2.2 - Hewlett Packard)
HP ENVY 110 series Product Improvement Study (HKLM\...\{189DEBDC-0394-4322-80BD-5C9D4B230160}) (Version: 25.0.622.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{669B49D6-BCA8-4F7C-9248-CE5677750285}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
InnQuest Software OEM (HKLM\...\{A3C3CCDD-5CD4-4A04-8271-1B57941F7DEA}) (Version:  - iAnywhere Solutions)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2182 - Intel Corporation)
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.90 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 2.00.0000 - Logitech) Hidden
Lexmark Pro700 Series (HKLM\...\Lexmark Pro700 Series) (Version:  - Lexmark International, Inc.)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.80 - Logitech)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Professional 2007 (HKLM\...\PRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-US) (HKLM\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
Preboot Manager (Version: 03.02.00.066 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.00.00.026 - Wave Systems Corp.) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5876 - Realtek Semiconductor Corp.)
roomMaster.net Core Components (8.54) (HKLM\...\{87365530-96B8-11DB-6784-06CA205318BE}) (Version: 8.54 - InnQuest Software)
roomMaster.net Web Components (8.54) (HKLM\...\{2FAAECD0-1929-11DA-6784-006853A418BE}) (Version: 8.54 - InnQuest Software)
Seagate DiscWizard (HKLM\...\{AC5BFE42-B72A-467C-B9B2-8BF77C6D4D70}) (Version: 16.0.5840 - Seagate)
Seagate Drive Settings Installer (HKLM\...\InstallShield_{91DDF870-EE18-44D8-9D93-F4C122B80908}) (Version: 1.00.0000 - Seagate Technologies LLC)
Seagate Drive Settings Installer (Version: 1.00.0000 - Seagate Technologies LLC) Hidden
SeaTools for Windows (HKLM\...\SeaTools for Windows) (Version:  - Seagate Technology)
Service - O - Matic 3.00 Build 1050 Trial (HKLM\...\Service - O - Matic_is1) (Version: 3.0 - Kwakkelflap)
Shift4 Universal Transaction Gateway (Version: 4.5.1.2205 - Shift4 Corporation) Hidden
SonicWALL SSL-VPN NetExtender (HKLM\...\{EF06A6A8-6B81-4A09-8223-789953972FFF}) (Version: 4.0.138 - SonicWALL Inc.)
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Spotify (HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
SQL Anywhere Studio 9, Software (HKLM\...\{F653AB56-DB37-415B-8DDD-EF5BC1982150}) (Version: 9.0.2.3951 - iAnywhere Solutions, Inc.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.8.8 - Tweaking.com)
Universal Transaction Gateway™ (HKLM\...\Universal Transaction Gateway™) (Version:  - Shift4 Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0014-0000-0000-0000000FF1CE}_PRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
Wave Infrastructure Installer (Version: 07.02.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.12.00.012 - Wave Systems Corp) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2404773979-1006670029-983905438-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\1865\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2404773979-1006670029-983905438-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\457\G2MOutlookAddin.dll No File
 
==================== Restore Points  =========================
 
08-12-2014 08:01:54 Windows 7 Service Pack 1
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:04 - 2013-08-29 16:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1B7F7B25-A6A6-427C-9C18-DAD90F66BC81} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-26] (AVAST Software)
Task: {27B14D46-521F-437E-A19E-3277C7C51C91} - System32\Tasks\InnQuest_Training => C:\Windows\system32\rmconfig.exe [2014-06-04] (InnQuest Software)
Task: {37B07FBA-E6B0-4026-9EC0-C52CBEC1DBE3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {44A66D0D-0EF7-44C3-83BE-52840E61EE0F} - System32\Tasks\HPCustParticipation HP ENVY 110 series => C:\Program Files\HP\HP ENVY 110 series\Bin\HPCustPartic.exe [2011-09-19] (Hewlett-Packard Co.)
Task: {65C58B9F-1D51-45E6-9DF1-A018B53F0D03} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {7D2363B9-6BC0-41F2-B1C8-0225AFEA4763} - System32\Tasks\G2MUpdateTask-S-1-5-21-2404773979-1006670029-983905438-1000 => C:\Program Files\Citrix\GoToMeeting\2033\g2mupdate.exe [2014-12-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {7DEF30DA-B3E3-4E98-A2B0-4EA8F550772F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {92576E2A-0FED-4AD7-86B9-03C05EE8DCEB} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {9A49365E-B5A6-4E39-92AA-498ABF0DAAAE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-17] (Google Inc.)
Task: {DE4F86E8-A8F9-40A1-89CB-0FF693BFC5DC} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2404773979-1006670029-983905438-1000.job => C:\Program Files\Citrix\GoToMeeting\2033\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\roomMaster.net Update.job => c:\inetpub\wwwroot\IQReservations\update\rmupdate.exe1Program=rmnet8_web_v15.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-26 15:55 - 2014-08-26 15:55 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-11-30 05:55 - 2014-11-30 05:55 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14113000\algo.dll
2014-11-30 13:28 - 2014-11-30 13:28 - 02904064 _____ () C:\Program Files\AVAST Software\Avast\defs\14113001\algo.dll
2014-12-08 06:27 - 2014-12-08 06:27 - 02905088 _____ () C:\Program Files\AVAST Software\Avast\defs\14120800\algo.dll
2011-12-06 19:33 - 2009-11-04 13:14 - 00157696 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxeedrpp.dll
2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-02-06 14:03 - 2011-01-23 19:37 - 00770728 _____ () C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
2012-02-06 14:03 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files\Lexmark Pro700 Series\lxeescw.dll
2009-05-27 12:16 - 2009-05-27 12:16 - 00192512 _____ () C:\Windows\system32\spool\drivers\w32x86\3\lxeedatr.dll
2009-05-27 12:13 - 2009-05-27 12:13 - 00081920 _____ () C:\Windows\system32\spool\drivers\w32x86\3\lxeecats.dll
2012-02-06 14:03 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files\Lexmark Pro700 Series\lxeeDRS.dll
2012-02-06 14:03 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files\Lexmark Pro700 Series\lxeecaps.dll
2009-02-20 08:48 - 2009-02-20 08:48 - 00299008 _____ () C:\Windows\system32\lxeesm.dll
2009-02-20 08:48 - 2009-02-20 08:48 - 00023552 _____ () C:\Windows\system32\lxeesmr.dll
2012-02-06 14:03 - 2011-01-23 19:37 - 00148280 _____ () C:\Program Files\Lexmark Pro700 Series\ezprint.exe
2012-02-06 14:03 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files\Lexmark Pro700 Series\Epwizard.DLL
2012-02-06 14:03 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files\Lexmark Pro700 Series\customui.dll
2012-02-06 14:03 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files\Lexmark Pro700 Series\Eputil.DLL
2012-02-06 14:03 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files\Lexmark Pro700 Series\Imagutil.DLL
2012-02-06 14:03 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files\Lexmark Pro700 Series\Epfunct.DLL
2012-02-06 14:03 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files\Lexmark Pro700 Series\EPWizRes.dll
2012-02-06 14:03 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files\Lexmark Pro700 Series\epstring.dll
2012-02-06 14:03 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files\Lexmark Pro700 Series\EPOEMDll.dll
2012-02-06 14:03 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files\Lexmark Pro700 Series\iptk.dll
2012-02-06 14:03 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files\Lexmark Pro700 Series\lxeeptp.dll
2014-08-26 15:55 - 2014-08-26 15:55 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-13 14:18 - 2011-06-15 19:11 - 00251392 _____ () D:\roomMaster\CLAJHTM.dll
2014-03-13 14:18 - 2010-05-08 11:54 - 00024576 _____ () D:\roomMaster\rw5task.dll
2014-03-13 14:18 - 2014-04-12 14:57 - 00330240 _____ () D:\roomMaster\IQGRAPH80.dll
2011-08-12 07:13 - 2009-07-20 11:27 - 00017936 _____ () C:\Program Files\Logitech\SetPoint\khalwrapper.dll
2014-11-25 18:00 - 2014-11-25 01:39 - 01077064 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-25 18:00 - 2014-11-25 01:39 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\libegl.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-11-25 18:00 - 2014-11-25 01:39 - 09009480 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-25 18:00 - 2014-11-25 01:39 - 01677128 _____ () C:\Program Files\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\10777353.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\10777353.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LMIRescue_c8125c61-52dc-4387-85de-a7036c2aca7a => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2404773979-1006670029-983905438-500 - Administrator - Enabled) => C:\Users\Administrator
deepcreek (S-1-5-21-2404773979-1006670029-983905438-1000 - Administrator - Enabled) => C:\Users\deepcreek
frontdesk1 (S-1-5-21-2404773979-1006670029-983905438-1003 - Limited - Enabled) => C:\Users\frontdesk1
Guest (S-1-5-21-2404773979-1006670029-983905438-501 - Limited - Disabled)
innkeeper (S-1-5-21-2404773979-1006670029-983905438-1004 - Administrator - Enabled) => C:\Users\innkeeper
tom (S-1-5-21-2404773979-1006670029-983905438-1002 - Administrator - Enabled) => C:\Users\tom
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft 6to4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/08/2014 02:54:34 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/08/2014 02:18:38 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/07/2014 09:45:56 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/07/2014 02:46:48 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/06/2014 00:55:06 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/06/2014 09:45:36 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/06/2014 05:04:42 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/05/2014 05:15:34 PM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/03/2014 05:05:40 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
Error: (12/03/2014 02:00:33 AM) (Source: Winlogon) (EventID: 4005) (User: )
Description: The Windows logon process has unexpectedly terminated.
 
 
System errors:
=============
Error: (12/08/2014 03:04:50 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows 7 Service Pack 1 (KB976932).
 
Error: (12/07/2014 03:54:29 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.
 
Error: (12/07/2014 03:54:21 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.
 
Error: (12/07/2014 03:37:24 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.
 
Error: (12/07/2014 03:37:14 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.
 
Error: (12/07/2014 03:37:04 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.
 
Error: (12/07/2014 03:36:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 1203.
 
Error: (12/07/2014 01:37:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 20. The internal error state is 960.
 
Error: (12/07/2014 01:37:01 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 20. The internal error state is 960.
 
Error: (12/07/2014 03:04:59 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070490: Windows 7 Service Pack 1 (KB976932).
 
 
Microsoft Office Sessions:
=========================
Error: (06/22/2014 11:46:10 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 15 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (05/05/2014 07:40:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/14/2014 06:06:17 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 370 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error: (11/18/2013 03:17:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 473 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error: (04/19/2013 07:16:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 682034 seconds with 3300 seconds of active time.  This session ended with a crash.
 
Error: (01/03/2013 10:03:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 116504 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error: (11/09/2012 09:40:53 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1393 seconds with 240 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-12 11:38:03.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-12 11:38:02.889
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-12 11:12:32.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-12 11:12:32.040
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-12 11:06:01.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-11-12 11:06:01.232
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-27 13:58:01.354
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-27 13:58:01.307
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-27 13:48:30.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\sirenacm.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-08-27 13:48:30.629
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 70%
Total physical RAM: 2011.65 MB
Available physical RAM: 593.44 MB
Total Pagefile: 5357.07 MB
Available Pagefile: 2761.66 MB
Total Virtual: 2047.88 MB
Available Virtual: 1865.05 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:127.17 GB) (Free:51.58 GB) NTFS
Drive d: (Data) (Fixed) (Total:94.86 GB) (Free:89.38 GB) NTFS
Drive e: (Expansion Drive) (Fixed) (Total:931.51 GB) (Free:776.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 232.8 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=127.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=94.9 GB) - (Type=OF Extended)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 017A0272)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:05 AM

Posted 08 December 2014 - 11:06 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 twitterfon231

twitterfon231
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 08 December 2014 - 02:01 PM

ADW Cleaner log.

 

# AdwCleaner v4.104 - Report created 08/12/2014 at 11:31:10
# Updated 05/12/2014 by Xplode
# Database : 2014-12-08.1 [Live]
# Operating System : Windows 7 Professional  (32 bits)
# Username : deepcreek - DEEPCREEKMAIN
# Running from : C:\Users\deepcreek\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QZGE4615\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Deleted : C:\Users\tom\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\ividi
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
 
-\\ Mozilla Firefox v33.1 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.71
 
 
-\\ Comodo Dragon v
 
 
*************************
 
AdwCleaner[R0].txt - [18219 octets] - [26/08/2014 22:17:32]
AdwCleaner[R1].txt - [3623 octets] - [11/11/2014 10:37:38]
AdwCleaner[R2].txt - [1417 octets] - [08/12/2014 11:12:20]
AdwCleaner[S0].txt - [18658 octets] - [26/08/2014 22:21:56]
AdwCleaner[S1].txt - [4298 octets] - [11/11/2014 10:41:20]
AdwCleaner[S2].txt - [1344 octets] - [08/12/2014 11:31:10]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1404 octets] ##########
 
 
Malware Bytes
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/8/2014
Scan Time: 12:38:37 PM
Logfile: log mwb.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.08.06
Rootkit Database: v2014.12.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x86
File System: NTFS
User: deepcreek
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 535281
Time Elapsed: 32 min, 27 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [e67f2f31126aa294d50b3d86e81c8c74], 
 
Registry Values: 1
Trojan.Zaccess, HKU\S-1-5-21-2404773979-1006670029-983905438-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^â?®â¤, , [5114c997a6d61a1c96cd10f252ae1ae6], 
 
Registry Data: 2
PUM.Hijack.Desktop, HKU\S-1-5-21-2404773979-1006670029-983905438-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[0f567be58eeeab8ba3c2d68ac540ed13]
PUM.Hijack.Desktop, HKU\S-1-5-21-2404773979-1006670029-983905438-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|ForceActiveDesktopOn, 1, Good: (0), Bad: (1),,[4223df81b7c5c86ecb9ad888dd28af51]
 
Folders: 14
Trojan.0Access, C:\Users\deepcreek\AppData\Local\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}\â¤â?¸â??, , [7ee7fb659ce013236fef40c2db25aa56], 
Trojan.0Access, C:\Users\deepcreek\AppData\Local\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}\â¤â?¸â??\â°¢â? â¨, , [7ee7fb659ce013236fef40c2db25aa56], 
Trojan.0Access, C:\Users\deepcreek\AppData\Local\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}\â¤â?¸â??\â°¢â? â¨\â?®ï¯¹à¹?, , [7ee7fb659ce013236fef40c2db25aa56], 
Trojan.0Access, C:\Users\deepcreek\AppData\Local\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}\â¤â?¸â??\â°¢â? â¨\â?®ï¯¹à¹?\{4eee7f79-e6bd-af44-0692-41c89600c397}, , [7ee7fb659ce013236fef40c2db25aa56], 
Trojan.0Access, C:\Users\deepcreek\AppData\Local\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}\â¤â?¸â??\â°¢â? â¨\â?®ï¯¹à¹?\{4eee7f79-e6bd-af44-0692-41c89600c397}\L, , [7ee7fb659ce013236fef40c2db25aa56], 
Trojan.0Access, C:\Users\deepcreek\AppData\Local\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}\â¤â?¸â??\â°¢â? â¨\â?®ï¯¹à¹?\{4eee7f79-e6bd-af44-0692-41c89600c397}\U, , [7ee7fb659ce013236fef40c2db25aa56], 
Trojan.0Access, C:\Users\deepcreek\AppData\Local\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}, , [a6bfacb4423a7fb72d32b052d42ce818], 
Trojan.0Access, c:\program files\google\desktop\install\{4eee7f79-e6bd-af44-0692-41c89600c397}\   , , [79ec67f9d2aabb7b035d9072b34d19e7], 
Trojan.0Access, c:\program files\google\desktop\install\{4eee7f79-e6bd-af44-0692-41c89600c397}\   \..., , [79ec67f9d2aabb7b035d9072b34d19e7], 
Trojan.0Access, c:\program files\google\desktop\install\{4eee7f79-e6bd-af44-0692-41c89600c397}\   \...\â?®ï¯¹à¹?, , [79ec67f9d2aabb7b035d9072b34d19e7], 
Trojan.0Access, c:\program files\google\desktop\install\{4eee7f79-e6bd-af44-0692-41c89600c397}\   \...\â?®ï¯¹à¹?\{4eee7f79-e6bd-af44-0692-41c89600c397}, , [79ec67f9d2aabb7b035d9072b34d19e7], 
Trojan.0Access, c:\program files\google\desktop\install\{4eee7f79-e6bd-af44-0692-41c89600c397}\   \...\â?®ï¯¹à¹?\{4eee7f79-e6bd-af44-0692-41c89600c397}\l, , [79ec67f9d2aabb7b035d9072b34d19e7], 
Trojan.0Access, c:\program files\google\desktop\install\{4eee7f79-e6bd-af44-0692-41c89600c397}\   \...\â?®ï¯¹à¹?\{4eee7f79-e6bd-af44-0692-41c89600c397}\u, , [79ec67f9d2aabb7b035d9072b34d19e7], 
Trojan.0Access, C:\Program Files\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}, , [cd986af655272016cb96ba48a25ee020], 
 
Files: 6
PUP.Optional.MyPCBackup.A, C:\Users\deepcreek\AppData\Local\temp\BackupSetup.exe, , [85e0035d93e9e3530bb627ba966b6799], 
Trojan.0Access, C:\Users\deepcreek\AppData\Local\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}\â¤â?¸â??\â°¢â? â¨\â?®ï¯¹à¹?\{4eee7f79-e6bd-af44-0692-41c89600c397}\@, , [7ee7fb659ce013236fef40c2db25aa56], 
Trojan.0Access, c:\Program Files\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}\   \...\â?®ï¯¹à¹?\{4eee7f79-e6bd-af44-0692-41c89600c397}\@, , [79ec67f9d2aabb7b035d9072b34d19e7], 
Trojan.0Access, c:\Program Files\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}\   \...\â?®ï¯¹à¹?\{4eee7f79-e6bd-af44-0692-41c89600c397}\L\00000004.@, , [79ec67f9d2aabb7b035d9072b34d19e7], 
Trojan.0Access, c:\Program Files\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}\   \...\â?®ï¯¹à¹?\{4eee7f79-e6bd-af44-0692-41c89600c397}\L\201d3dde, , [79ec67f9d2aabb7b035d9072b34d19e7], 
Trojan.0Access, c:\Program Files\Google\Desktop\Install\{4eee7f79-e6bd-af44-0692-41c89600c397}\   \...\â?®ï¯¹à¹?\{4eee7f79-e6bd-af44-0692-41c89600c397}\L\76603ac3, , [79ec67f9d2aabb7b035d9072b34d19e7], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Professional x86
Ran by deepcreek on Mon 12/08/2014 at 13:40:56.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files\005"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reimage repair"
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{00DD74F2-3676-4313-AF6C-523774FD9EAB}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{128B973A-E5A7-4798-9D63-630C4D3C908B}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{1B7BD3EB-2366-4961-A1B9-C51BC8265A90}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{24F757D9-7854-479A-906B-27A160D6EFD7}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{2C30ECCF-63DB-4DD1-8A7D-E533C3E4A198}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{3E26F0CD-184A-41D1-BF57-72B9530C0D2B}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{457FFCB4-D06E-4683-879D-85DEC0D3F2BA}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{5954A395-DD7C-4BB4-8C37-1C11B5E37D17}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{6D91EB90-3742-4FBA-B115-180D295B647A}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{6DD0008A-1D6F-4A76-A84C-19D02C173E61}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{794FF9D9-395F-40A1-8BFB-15B84FC016EA}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{798B3A08-9DD6-467A-A825-0463EEE66F8D}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{80D74075-5564-4FDC-B38E-AD992324EC83}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{81D1CE7C-7362-46AF-BC8B-B090B4794B17}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{8CE87C5F-1372-448A-B8C2-B898587D6C44}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{9E7EAED7-1AEB-4D0C-B3DB-A732855928F8}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{A1A3AD39-F26C-4701-8A39-D3558C082D19}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{A6C8FE11-5757-4B10-8D2D-2796952F0474}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{B9B95D84-2C78-4EEF-93E6-AA4EDD8E4049}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{D5A17A6E-D335-4BE5-B9C7-917319D91D6F}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{D8BD6CFD-DC54-4CBF-8267-80CC2915B506}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{DAF3B55E-6BEE-4A1C-832D-AD85057E59A6}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{E7908CD4-19DA-4E99-A486-7743DC0CF7A5}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{EA2916A1-97F0-45AC-A872-B805FDF18DCC}
Successfully deleted: [Empty Folder] C:\Users\deepcreek\appdata\local\{F47832D0-FDD6-404A-8FB6-33BFFAE1A026}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/08/2014 at 13:46:19.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2014 01
Ran by deepcreek (administrator) on DEEPCREEKMAIN on 08-12-2014 13:59:12
Running from C:\Users\deepcreek\Downloads
Loaded Profile: deepcreek (Available profiles: deepcreek & tom & frontdesk1 & innkeeper & Administrator & Classic .NET AppPool)
Platform: Microsoft Windows 7 Professional  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech Inc.) C:\Program Files\Common Files\Logishrd\LVMVFM\UMVPFSrv.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Seiko Epson Corporation) C:\Program Files\EPSON\TMCOMUSB\Service\EpsonPE.exe
(Seagate Technology LLC) C:\Program Files\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe
(Shift4 Corporation) C:\Shift4\UTG2\utg2svc.exe
(LogMeIn, Inc.) C:\Users\deepcreek\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe
( ) C:\Windows\System32\lxeecoms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(Dell Inc.) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
(iAnywhere Solutions, Inc.) D:\Program Files\SQL Anywhere 12\BIN32\dbsrv12.exe
(iAnywhere Solutions, Inc.) D:\Program Files\SQL Anywhere 12\BIN32\dbsrv12.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\Lexmark Pro700 Series\lxeemon.exe
() C:\Program Files\Lexmark Pro700 Series\ezprint.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(LogMeIn, Inc.) C:\Users\deepcreek\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\lmi_rescue.exe
(Dell Inc.) C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
(Seagate) C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Spotify Ltd) C:\Users\deepcreek\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\deepcreek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(InnQuest Software) D:\roomMaster\rw5msg.exe
(InnQuest Software) D:\roomMaster\rw5iqlnk.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Users\deepcreek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\deepcreek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\deepcreek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\deepcreek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\deepcreek\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(LogMeIn, Inc.) C:\Users\deepcreek\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Farbar) C:\Users\deepcreek\Downloads\FRST(1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [206336 2010-05-20] (Microsoft)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [55824 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [lxeemon.exe] => C:\Program Files\Lexmark Pro700 Series\lxeemon.exe [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files\Lexmark Pro700 Series\ezprint.exe [148280 2011-01-23] ()
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2691072 2009-08-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-26] (AVAST Software)
HKLM\...\Run: [DellNetExtender] => C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [1293824 2014-02-14] (Dell Inc.)
HKLM\...\Run: [DiscWizardMonitor.exe] => C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [6382504 2013-10-30] (Seagate)
HKLM\...\Run: [AcronisTibMounterMonitor] => C:\Program Files\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [400376 2013-10-30] (Seagate)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1055952 2014-09-29] (Carbonite, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Run: [Lare] => C:\Users\deepcreek\AppData\Roaming\Refy\lare.exe
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-03-28] (Google Inc.)
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Run: [Spotify] => C:\Users\deepcreek\AppData\Roaming\Spotify\Spotify.exe [6553144 2014-11-04] (Spotify Ltd)
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Run: [Spotify Web Helper] => C:\Users\deepcreek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-04] (Spotify Ltd)
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Policies\system: [Wallpaper] C:
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\Policies\system: [WallpaperStyle] 4
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\MountPoints2: G - G:\LaunchU3.exe -a
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\MountPoints2: {528ca553-2e8b-11e2-a037-bc305bb1f113} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\...\MountPoints2: {f712f7a8-67b4-11e1-97b4-bc305bb1f113} - G:\setup.exe -a
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iQ-Messenger.lnk
ShortcutTarget: iQ-Messenger.lnk -> D:\roomMaster\rw5msg.exe (InnQuest Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iQ-WorldLink.lnk
ShortcutTarget: iQ-WorldLink.lnk -> D:\roomMaster\rw5iqlnk.exe (InnQuest Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2404773979-1006670029-983905438-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2404773979-1006670029-983905438-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyServer: [S-1-5-21-2404773979-1006670029-983905438-1000] => :0
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {BBAC1BB2-246F-4CFA-8507-DCD1C4ED4CCC} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2404773979-1006670029-983905438-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2404773979-1006670029-983905438-1000 -> {46CC5E43-15A1-4A45-82AD-C9824287DE34} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-2404773979-1006670029-983905438-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-2404773979-1006670029-983905438-1000 -> No Name - {C4D78C72-08DB-4A3F-9175-B265157283F3} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\..\Interfaces\{CA555A9A-4D40-42B6-ACE6-D1B842E64C21}: [NameServer] 10.10.3.57,10.10.3.21
 
FireFox:
========
FF ProfilePath: C:\Users\deepcreek\AppData\Roaming\Mozilla\Firefox\Profiles\uoq5p2fp.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2404773979-1006670029-983905438-1000: @citrixonline.com/appdetectorplugin -> C:\Users\deepcreek\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-26]
 
Chrome: 
=======
CHR Profile: C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-17]
CHR Extension: (Google Drive) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-17]
CHR Extension: (YouTube) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-17]
CHR Extension: (Google Search) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-17]
CHR Extension: (Avast Online Security) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-10-17]
CHR Extension: (Google Wallet) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-17]
CHR Extension: (Gmail) - C:\Users\deepcreek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-17]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-26]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-26] (AVAST Software)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [6017744 2014-09-29] (Carbonite, Inc. (www.carbonite.com))
R2 EpsonPEService; C:\Program Files\EPSON\TMCOMUSB\Service\EpsonPE.exe [913400 2011-04-04] (Seiko Epson Corporation)
R2 frmUtg2Service; C:\Shift4\UTG2\UTG2Svc.exe [5474320 2013-09-12] (Shift4 Corporation)
R2 LMIRescue_81733b1a-d294-45b5-b055-cdbc8faefd93; C:\Users\deepcreek\AppData\Local\LogMeIn Rescue Applet\LMIR0004.tmp\LMI_Rescue_srv.exe [3087664 2014-12-08] (LogMeIn, Inc.)
S2 lxeeCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxeeserv.exe [193192 2010-04-14] (Lexmark International, Inc.)
R2 lxee_device; C:\Windows\system32\lxeecoms.exe [598696 2010-04-14] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1477632 2010-11-03] (Wave Systems Corp.) [File not signed]
S2 ServOMatic: Forecasted Revenue; C:\Program Files\Kwakkelflap\Service\ServOM.exe [122880 2008-03-19] () [File not signed]
R2 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [801888 2013-10-30] (Seagate)
R2 SONICWALL_NetExtender; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [364032 2014-02-14] (Dell Inc.)
R2 SQLANYs_rmtraining; D:\Program Files\SQL Anywhere 12\Bin32\dbsrv12.exe [141176 2011-05-31] (iAnywhere Solutions, Inc.)
R2 SQLANYs_roommaster; D:\Program Files\SQL Anywhere 12\Bin32\dbsrv12.exe [141176 2011-05-31] (iAnywhere Solutions, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1629696 2010-07-13] () [File not signed]
R2 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2336104 2010-10-16] (Wave Systems Corp.)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-26] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-26] ()
S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [84992 2009-05-11] (Broadcom Corporation)
S3 DFUBTUSB; C:\Windows\System32\Drivers\frmupgr.sys [27536 2007-01-03] (Broadcom Corporation.)
R2 EpsCe; C:\Windows\system32\Drivers\EpsCe.sys [71680 2011-06-20] (Seiko Epson Corporation) [File not signed]
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2748064 2009-11-16] (Realtek Semiconductor Corp.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [114904 2014-12-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 NxDrv; C:\Windows\System32\DRIVERS\NxDrv.sys [22600 2009-10-21] (SonicWALL Inc.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
S3 tdrpman; C:\Windows\System32\DRIVERS\tdrpman.sys [888640 2014-10-22] (Acronis International GmbH)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [736192 2014-10-22] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [130488 2014-10-22] (Acronis)
S3 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [48384 2011-06-20] (SEIKO EPSON CORPORATION) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R0 vididr; C:\Windows\System32\DRIVERS\vididr.sys [116000 2014-10-22] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [85280 2014-10-22] (Acronis International GmbH)
U0 wbdh; C:\Windows\System32\drivers\uesuhgbc.sys [52440 2014-12-08] (Malwarebytes Corporation)
S3 catchme; \??\C:\Users\tom\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\tom\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 13:58 - 2014-12-08 13:58 - 01111040 _____ (Farbar) C:\Users\deepcreek\Downloads\FRST(1).exe
2014-12-08 13:46 - 2014-12-08 13:46 - 00003766 _____ () C:\Users\deepcreek\Desktop\JRT.txt
2014-12-08 13:40 - 2014-12-08 13:40 - 01707646 _____ (Thisisu) C:\Users\deepcreek\Desktop\JRT.exe
2014-12-08 13:11 - 2014-12-08 13:11 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\uesuhgbc.sys
2014-12-08 11:12 - 2014-12-08 11:12 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-08 11:09 - 2014-12-08 11:09 - 02153472 _____ () C:\Users\deepcreek\Downloads\Unconfirmed 67953.crdownload
2014-12-08 11:09 - 2014-12-08 11:09 - 02153472 _____ () C:\Users\deepcreek\Downloads\Unconfirmed 216383.crdownload
2014-12-08 09:49 - 2014-12-08 10:07 - 00032066 _____ () C:\Users\deepcreek\Downloads\Addition.txt
2014-12-08 09:47 - 2014-12-08 13:59 - 00000000 ____D () C:\FRST
2014-12-08 09:47 - 2014-12-08 13:59 - 00000000 _____ () C:\Users\deepcreek\Downloads\FRST.txt
2014-12-08 09:46 - 2014-12-08 09:47 - 01111040 _____ (Farbar) C:\Users\deepcreek\Downloads\FRST.exe
2014-12-08 09:35 - 2014-12-08 09:35 - 00002626 _____ () C:\Users\deepcreek\Downloads\legitcheck (1).hta
2014-12-08 03:02 - 2014-12-08 03:02 - 00000000 ____D () C:\Windows\system32\SPReview
2014-12-06 16:15 - 2014-12-06 16:15 - 00011535 _____ () C:\Users\deepcreek\Desktop\Weekly E-mails 11282014.xlsx
2014-12-05 14:45 - 2014-12-05 14:45 - 00002405 _____ () C:\Users\deepcreek\Downloads\december-business-after-hours-2014-2070.ics
2014-12-04 11:35 - 2014-12-04 11:35 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-12-04 11:34 - 2014-12-04 11:35 - 00002626 _____ () C:\Users\deepcreek\Downloads\legitcheck.hta
2014-12-01 08:58 - 2014-12-01 08:58 - 00000000 ____D () C:\Users\deepcreek\Desktop\New Hire Training
2014-11-25 03:01 - 2014-11-25 03:05 - 00000000 ____D () C:\0a5b002e0ebefc8732ef0f
2014-11-17 14:34 - 2014-11-17 14:34 - 00157495 _____ () C:\Users\deepcreek\Desktop\2014 10 IDC PL - New.xlsx
2014-11-15 14:58 - 2014-11-15 14:58 - 00011151 _____ () C:\Users\deepcreek\Desktop\BeachtreeIDC2015 (3).xlsx
2014-11-14 10:05 - 2014-11-14 10:05 - 01532224 _____ (LogMeIn, Inc.) C:\Users\deepcreek\Downloads\Support-LogMeInRescue (2).exe
2014-11-13 14:49 - 2014-11-13 14:49 - 00410396 _____ () C:\Users\deepcreek\Desktop\2015 IDC Budget Template.xlsx
2014-11-11 12:29 - 2014-11-11 12:29 - 00029696 _____ () C:\Users\deepcreek\Desktop\Beachtree Arrivals11111231.xls
2014-11-11 11:53 - 2014-11-11 17:59 - 00130560 _____ () C:\Users\deepcreek\Desktop\2015TanInventory111114.xls
2014-11-11 10:36 - 2014-11-11 10:37 - 02140160 _____ () C:\Users\deepcreek\Downloads\AdwCleaner.exe
2014-11-11 10:20 - 2014-11-11 10:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-11 10:17 - 2014-11-11 10:17 - 00002104 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2014-11-11 10:17 - 2014-11-11 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2014-11-11 10:16 - 2014-11-11 10:16 - 00000000 ____D () C:\ProgramData\Carbonite
2014-11-11 10:16 - 2014-11-11 10:16 - 00000000 ____D () C:\Program Files\Carbonite
2014-11-11 09:55 - 2014-11-11 09:55 - 00001932 _____ () C:\Users\deepcreek\Downloads\november-business-after-hours-2014-2069.ics
2014-11-10 16:10 - 2014-11-10 16:10 - 00018704 _____ () C:\Users\deepcreek\Desktop\TAN Phone List_July 2014.xlsx
2014-11-10 16:10 - 2014-11-10 16:10 - 00015803 _____ () C:\Users\deepcreek\Desktop\PeerGroup.xlsx
2014-11-10 16:09 - 2014-11-10 16:09 - 00038154 _____ () C:\Users\deepcreek\Desktop\BTP Hotel Address  Phone List.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-08 13:59 - 2014-08-21 08:02 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 13:56 - 2011-03-28 09:50 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 13:51 - 2014-09-08 14:05 - 00000522 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-2404773979-1006670029-983905438-1000.job
2014-12-08 13:37 - 2014-11-04 16:28 - 00000000 ____D () C:\Users\deepcreek\AppData\Roaming\Spotify
2014-12-08 13:12 - 2014-07-17 11:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-08 13:12 - 2012-06-02 14:06 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 13:01 - 2012-06-11 10:44 - 00000264 _____ () C:\Windows\Tasks\HP Photo Creations Messager.job
2014-12-08 12:09 - 2014-08-26 13:24 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 12:09 - 2014-07-17 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-08 11:41 - 2009-07-13 23:34 - 00014256 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-08 11:41 - 2009-07-13 23:34 - 00014256 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-08 11:40 - 2009-07-13 23:55 - 01698086 _____ () C:\Windows\WindowsUpdate.log
2014-12-08 11:38 - 2014-11-04 16:28 - 00000000 ____D () C:\Users\deepcreek\AppData\Local\Spotify
2014-12-08 11:36 - 2011-12-06 19:31 - 00029166 _____ () C:\ProgramData\lxeescan.log
2014-12-08 11:36 - 2011-04-27 12:12 - 00000000 ____D () C:\Shift4
2014-12-08 11:36 - 2011-03-28 09:50 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 11:35 - 2014-08-26 15:45 - 00002138 _____ () C:\Windows\setupact.log
2014-12-08 11:35 - 2011-03-18 06:27 - 00689686 _____ () C:\Windows\PFRO.log
2014-12-08 11:35 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-08 11:31 - 2014-08-26 22:17 - 00000000 ____D () C:\AdwCleaner
2014-12-08 11:31 - 2011-12-15 14:39 - 00000000 ____D () C:\Users\deepcreek\AppData\Local\LogMeIn Rescue Applet
2014-12-07 19:53 - 2012-10-10 14:53 - 00000438 _____ () C:\Windows\Tasks\roomMaster.net Update.job
2014-12-06 20:53 - 2014-10-20 11:22 - 00051676 _____ () C:\Users\deepcreek\Desktop\2014 Schedule Workbook.xlsx
2014-12-04 15:10 - 2013-07-16 11:54 - 00000000 ____D () C:\Users\deepcreek\Desktop\Employee Guidelines
2014-12-04 14:08 - 2014-10-22 08:10 - 00000000 ____D () C:\Users\deepcreek\Desktop\Manager Report
2014-12-04 11:36 - 2012-06-11 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-04 11:36 - 2012-06-11 10:40 - 00000000 ____D () C:\Program Files\HP
2014-12-04 11:35 - 2012-06-11 10:43 - 00000000 ____D () C:\Users\deepcreek\AppData\Roaming\HpUpdate
2014-12-02 11:16 - 2014-04-03 09:25 - 00011032 _____ () C:\Users\deepcreek\Desktop\Linen Inventory April04.xlsx
2014-12-02 11:09 - 2014-03-23 13:46 - 00000000 ____D () C:\Users\deepcreek\Documents\Maintenance
2014-12-02 11:08 - 2014-10-30 07:47 - 00000000 ____D () C:\Users\deepcreek\Desktop\Carla
2014-12-02 11:07 - 2014-01-28 11:12 - 00000000 ____D () C:\Users\deepcreek\Documents\GM
2014-12-02 10:42 - 2014-01-28 11:14 - 00000000 ____D () C:\Users\deepcreek\Documents\IDC info
2014-11-30 13:22 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-27 17:58 - 2011-03-18 04:38 - 00855980 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-25 19:12 - 2012-06-02 14:06 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-25 19:12 - 2011-06-16 06:57 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-25 18:01 - 2014-10-17 07:47 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-22 20:16 - 2014-10-22 08:06 - 00000000 ____D () C:\Users\deepcreek\Desktop\Beachtree
2014-11-21 15:27 - 2014-08-26 15:55 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-21 06:14 - 2014-07-17 11:26 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-07-17 11:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2013-08-29 12:40 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-20 08:55 - 2011-03-25 10:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-12 11:44 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-12 11:37 - 2011-06-17 15:16 - 00000776 __RSH () C:\Users\tom\ntuser.pol
2014-11-12 11:37 - 2011-04-15 11:06 - 00108824 _____ () C:\Users\tom\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 11:37 - 2011-04-14 13:51 - 00000000 ____D () C:\Users\tom
2014-11-12 11:06 - 2011-03-28 11:01 - 00108824 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 11:05 - 2013-07-08 15:58 - 00000776 __RSH () C:\Users\Administrator\ntuser.pol
2014-11-12 11:05 - 2011-03-28 11:00 - 00000000 ____D () C:\Users\Administrator
2014-11-12 03:08 - 2014-08-28 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 03:00 - 2011-04-29 11:35 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 10:47 - 2014-10-30 09:23 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-11 10:41 - 2014-08-18 12:40 - 00001060 _____ () C:\Users\deepcreek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-11-11 10:41 - 2011-03-25 08:18 - 00001122 _____ () C:\Users\deepcreek\Desktop\Internet Explorer.lnk
2014-11-10 17:21 - 2014-10-22 08:00 - 00000000 ____D () C:\Users\deepcreek\Desktop\Tan Inventory
ZeroAccess:
C:\Users\deepcreek\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
 
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
 
Files to move or delete:
====================
C:\Users\deepcreek\g2ax_customer_downloadhelper_win32_x86.exe
 
 
Some content of TEMP:
====================
C:\Users\deepcreek\AppData\Local\temp\nsqEB8A.tmp.exe
C:\Users\deepcreek\AppData\Local\temp\Quarantine.exe
C:\Users\deepcreek\AppData\Local\temp\RdpUtils.dll
C:\Users\deepcreek\AppData\Local\temp\sqlite3.dll
C:\Users\deepcreek\AppData\Local\temp\vcredist_x86.exe
C:\Users\tom\AppData\Local\temp\Quarantine.exe
C:\Users\tom\AppData\Local\temp\ReimagePackage.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-05 00:41
 
==================== End Of Log ============================


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:05 AM

Posted 08 December 2014 - 04:47 PM

In your logs I see a Backdoor. That means that your machine is infected with some nasty files which can steal some information. It is difficult to tell whether or not any data has been stolen and finding out which is true instead of doing countermeasures is unproductive. In this light, for your safety, assume that your log-in details and other information have been accessed by another source.
Below are the steps that you should administer:
  • Please disconnect from the Internet! Also don't use it while we are cleaning the infected machine. This is especially true when you are using the computer in question for online banking and other sites that require sensitive and personal information.
  • It is strongly advised that you change your passwords on a clean PC and notify the bank immediately to watch out for suspicious transactions.
I can try to clean the infection but I have to say your computer is very likely compromised and that there is no way to be sure your computer can ever again be trusted.Experts in the security community believe that a reformat and re-installation of the operating system is the best solution. Please peruse the following if you would like to know more:Now - you decide if you want to reformat the PC or to cleaning the PC. Think of it and choose the best solution for you! Let me know of your decision. If you decide to go through the proceed, please let me know

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,976 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:05 AM

Posted 12 December 2014 - 08:25 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users