Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Re occurring trojan - different name each time from MSE scans


  • Please log in to reply
13 replies to this topic

#1 Nochte

Nochte

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 08 December 2014 - 01:05 AM

Good evening,

 

I have been fighting this problem for over a month now.  I run MSE and it will find something, and say it removes it, but it keeps coming back.  My IE temp folder is getting filled with cache from sites I am not visiting. I clean it out with CCleaner (700mb-1.2gb sometimes).  I try to run Malwarebytes, and it immediately goes to "Not responding" when I try to update the database.  I noticed in the DDS log, it says "Windows Defender *Disabled/Outdated*".  When I try to open it, it hangs up and never opens. Any help or suggestsions would be greatly appreciated. Thanks.

 

Here is my DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17148  BrowserJavaVersion: 10.51.2
Run by Transcription at 23:48:39 on 2014-12-07
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.4091 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
C:\windows\SysWOW64\NLSSRV32.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\explorer.exe
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://nuanceevents.webex.com/client/T27LD/nbr/ieatgpc1.cab
TCP: NameServer = 207.14.235.234 67.238.98.162 208.180.42.68
TCP: Interfaces\{B6635E1D-F40E-43D1-8A47-78959D470B95} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{B6635E1D-F40E-43D1-8A47-78959D470B95} : DHCPNameServer = 207.14.235.234 67.238.98.162 208.180.42.68
TCP: Interfaces\{BD264802-0807-4FF7-A9EF-AD7F798DACD8} : NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\957\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 158.58.173.194 www.google-analytics.com.
Hosts: 158.58.173.194 google-analytics.com.
Hosts: 158.58.173.194 connect.facebook.net.
Hosts: 198.100.156.140 www.google-analytics.com.
Hosts: 198.100.156.140 google-analytics.com.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Transcription\AppData\Roaming\Mozilla\Firefox\Profiles\bvqzl4mk.default-1415155178838\
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Career Step\Footpedal Plugin\nppedal.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Transcription\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-9-8 55280]
R0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;C:\windows\System32\drivers\ddcdrv.sys [2011-3-1 20832]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-4-30 202752]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-2-11 441344]
R2 MSSQL$DOCNET;SQL Server (DOCNET);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-3-21 341312]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-3-21 68928]
R2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [2012-5-3 628040]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-10-31 129752]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-3-1 242720]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-3-1 239616]
R3 SuperIO;Lenovo ASD HWM Driver;C:\windows\System32\drivers\spio.sys [2009-6-5 11848]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-3-1 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-22 79360]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-2-18 19456]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-18 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-7-22 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-12-08 05:01:43    --------    d-----w-    C:\windows\pss
2014-12-08 04:29:19    11632448    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FBC5C918-B5D8-4364-BB56-44C5A554349A}\mpengine.dll
2014-12-07 01:53:14    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FECE314-E69F-4741-B62B-4C9138053C28}\gapaengine.dll
2014-12-07 01:52:25    11632448    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-24 13:51:06    163504    ----a-w-    C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-11-23 14:58:11    --------    d-----w-    C:\ac791415d8f5895eea4affa19e
2014-11-19 13:55:30    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-11-19 13:55:30    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-11-19 13:55:29    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-11-19 13:55:26    155064    ----a-w-    C:\windows\System32\drivers\ksecpkg.sys
2014-11-19 13:55:23    241152    ----a-w-    C:\windows\System32\pku2u.dll
2014-11-19 13:55:22    186880    ----a-w-    C:\windows\SysWow64\pku2u.dll
2014-11-19 13:55:19    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-11-19 13:55:14    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-11-12 13:33:00    304640    ----a-w-    C:\windows\System32\generaltel.dll
2014-11-12 13:31:56    861696    ----a-w-    C:\windows\System32\oleaut32.dll
.
==================== Find3M  ====================
.
2014-12-08 05:40:28    129752    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-11-26 14:28:24    71344    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-26 14:28:24    701104    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-11-05 17:56:36    228864    ----a-w-    C:\windows\System32\aepdu.dll
2014-11-05 17:52:22    424448    ----a-w-    C:\windows\System32\aeinv.dll
2014-10-30 11:25:26    275080    ------w-    C:\windows\System32\MpSigStub.exe
2014-10-26 01:56:17    2237952    ----a-w-    C:\windows\System32\wininet.dll
2014-10-26 01:56:06    600064    ----a-w-    C:\windows\System32\vbscript.dll
2014-10-26 01:54:43    3959296    ----a-w-    C:\windows\System32\jscript9.dll
2014-10-26 01:54:36    67072    ----a-w-    C:\windows\System32\iesetup.dll
2014-10-26 01:54:36    136704    ----a-w-    C:\windows\System32\iesysprep.dll
2014-10-26 01:53:54    1509376    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-10-26 00:36:01    1762816    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-10-26 00:35:53    523776    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-10-26 00:34:48    2861568    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-10-26 00:34:43    61440    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-10-26 00:34:43    109056    ----a-w-    C:\windows\SysWow64\iesysprep.dll
2014-10-26 00:34:16    1441280    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-10-26 00:19:11    2706432    ----a-w-    C:\windows\System32\mshtml.tlb
2014-10-26 00:13:06    2706432    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-10-25 23:22:53    89600    ----a-w-    C:\windows\System32\RegisterIEPKEYs.exe
2014-10-25 23:17:32    71680    ----a-w-    C:\windows\SysWow64\RegisterIEPKEYs.exe
2014-10-25 01:57:59    77824    ----a-w-    C:\windows\System32\packager.dll
2014-10-25 01:32:37    67584    ----a-w-    C:\windows\SysWow64\packager.dll
2014-10-18 01:33:18    571904    ----a-w-    C:\windows\SysWow64\oleaut32.dll
2014-10-14 02:13:06    683520    ----a-w-    C:\windows\System32\termsrv.dll
2014-10-14 02:13:00    3241984    ----a-w-    C:\windows\System32\msi.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\windows\System32\adtschema.dll
2014-10-14 01:50:41    2363904    ----a-w-    C:\windows\SysWow64\msi.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\windows\SysWow64\adtschema.dll
2014-10-10 00:57:42    3198976    ----a-w-    C:\windows\System32\win32k.sys
2014-10-03 02:12:00    500224    ----a-w-    C:\windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\windows\SysWow64\AudioSes.dll
2014-10-01 16:11:26    63704    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-10-01 16:11:16    93400    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-10-01 16:11:12    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-09-25 02:08:38    371712    ----a-w-    C:\windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\windows\SysWow64\qdvd.dll
2014-09-19 09:42:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-09-19 09:42:51    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-09-19 09:42:49    342016    ----a-w-    C:\windows\System32\schannel.dll
2014-09-19 09:42:47    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-09-19 09:42:47    309760    ----a-w-    C:\windows\System32\ncrypt.dll
2014-09-19 09:42:41    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-09-19 09:23:55    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-09-19 09:23:52    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-09-19 09:23:49    248832    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-09-19 09:23:46    221184    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-09-19 09:23:45    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-09-19 09:23:36    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
.
============= FINISH: 23:52:16.68 ===============
 



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 08 December 2014 - 01:08 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Nochte

Nochte
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 08 December 2014 - 01:18 AM

Hey Machiavelli,

 

Thanks for helping me (and all of us.)

 

Here are my FRST logs:

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 02
Ran by Transcription (administrator) on PC on 08-12-2014 00:11:42
Running from C:\Users\Transcription\Downloads
Loaded Profile: Transcription (Available profiles: Chad & Carissa & Mcx1-PC & Transcription & Lilly and Violet)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\957\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\MountPoints2: {f7681827-7085-11e3-832c-1078d2ce8b6c} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\MountPoints2: {f7681831-7085-11e3-832c-1078d2ce8b6c} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
GroupPolicyUsers\S-1-5-21-2016598732-1189231270-1083687895-1011\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKU\S-1-5-21-2016598732-1189231270-1083687895-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2016598732-1189231270-1083687895-1007 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2016598732-1189231270-1083687895-1007 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nuanceevents.webex.com/client/T27LD/nbr/ieatgpc1.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 207.14.235.234 67.238.98.162 208.180.42.68
Tcpip\..\Interfaces\{B6635E1D-F40E-43D1-8A47-78959D470B95}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{BD264802-0807-4FF7-A9EF-AD7F798DACD8}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Transcription\AppData\Roaming\Mozilla\Firefox\Profiles\bvqzl4mk.default-1415155178838
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @careerstep.com/PedalPlugin,version=1.0.0.2 -> C:\Program Files (x86)\Career Step\Footpedal Plugin\nppedal.dll (Career Step LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2016598732-1189231270-1083687895-1007: @citrixonline.com/appdetectorplugin -> C:\Users\Transcription\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppedal.dll (Career Step LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PIEHid.dll (PI Engineering)

Chrome:
=======
CHR StartMenuInternet: Google Chrome - C:\Users\Chad\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-07-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 LWWLicenseService; C:\Program Files (x86)\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe [72704 2012-06-25] (WoltersKluwerLWW) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [361472 2011-06-13] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2011-06-13] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$DOCNET; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-03-21] (Nitro PDF Software)
R2 WINZIPSSDiskOptimizer; C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [628040 2011-11-10] (WinZip Computing, S.L. (WinZip Computing))

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-07] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11848 2009-06-05] ()
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 00:11 - 2014-12-08 00:14 - 00016239 _____ () C:\Users\Transcription\Downloads\FRST.txt
2014-12-08 00:11 - 2014-12-08 00:11 - 02119680 _____ (Farbar) C:\Users\Transcription\Downloads\FRST64.exe
2014-12-08 00:11 - 2014-12-08 00:11 - 00000000 ____D () C:\FRST
2014-12-07 23:53 - 2014-12-07 23:53 - 00000000 ____D () C:\Users\Transcription\Desktop\Chad
2014-12-07 23:52 - 2014-12-07 23:52 - 00019799 _____ () C:\Users\Transcription\Desktop\dds.txt
2014-12-07 23:52 - 2014-12-07 23:52 - 00015518 _____ () C:\Users\Transcription\Desktop\attach.txt
2014-12-07 23:47 - 2014-12-07 23:48 - 00688992 ____R (Swearware) C:\Users\Transcription\Downloads\dds.com
2014-12-07 23:35 - 2014-12-07 23:35 - 00000314 _____ () C:\windows\PFRO.log
2014-12-07 23:35 - 2014-12-07 23:35 - 00000056 _____ () C:\windows\setupact.log
2014-12-07 23:35 - 2014-12-07 23:35 - 00000000 _____ () C:\windows\setuperr.log
2014-12-07 23:27 - 2014-12-07 23:27 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-07 23:01 - 2014-12-07 23:01 - 00000000 ____D () C:\windows\pss
2014-12-07 22:51 - 2014-12-07 22:52 - 05162080 _____ (Piriform Ltd) C:\Users\Transcription\Downloads\ccsetup500.exe
2014-12-03 14:56 - 2014-12-03 14:57 - 00153826 _____ () C:\Users\Transcription\Desktop\pedalplugin-win.zip
2014-12-02 11:46 - 2014-12-02 11:46 - 00001272 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2014-12-02 11:46 - 2014-12-02 11:46 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate Digital Dictation Software.lnk
2014-12-02 11:46 - 2014-12-02 11:46 - 00001166 _____ () C:\Users\Public\Desktop\Express Dictate Digital Dictation Software.lnk
2014-12-02 11:45 - 2014-12-02 11:45 - 00001100 _____ () C:\Users\Public\Desktop\Express Scribe.lnk
2014-12-02 11:07 - 2014-12-02 11:07 - 00039450 _____ () C:\Users\Carissa\Downloads\1_Rad.wav
2014-12-02 10:51 - 2014-12-02 10:51 - 00039450 _____ () C:\Users\Transcription\Desktop\1_Rad.wav
2014-12-02 10:32 - 2014-12-02 10:35 - 00654246 _____ () C:\Users\Transcription\Documents\Attachments_2014122.zip
2014-12-02 10:32 - 2014-12-02 10:32 - 00039450 _____ () C:\Users\Transcription\Documents\1_Rad.wav
2014-11-23 19:25 - 2014-11-23 19:25 - 00000000 _____ () C:\windows\system32\config\SOFTWARE472cf58
2014-11-23 08:59 - 2014-11-23 08:59 - 00000000 ____D () C:\Users\Transcription\Desktop\Physician Education 1114
2014-11-23 08:58 - 2014-11-23 08:58 - 00000000 ____D () C:\ac791415d8f5895eea4affa19e
2014-11-23 08:57 - 2014-11-23 08:57 - 00913408 _____ (Microsoft Corporation) C:\Users\Transcription\Downloads\mssstool64.exe
2014-11-19 07:55 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 07:55 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 07:55 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 07:55 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-19 07:55 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-19 07:55 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-19 07:55 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-19 07:55 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-12 07:33 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-12 07:32 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-12 07:32 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-12 07:32 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 07:32 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 07:32 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 07:32 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 07:32 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 07:32 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 07:32 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-12 07:32 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 07:32 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 07:32 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 07:32 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 07:32 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 07:32 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 07:32 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 07:32 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 07:32 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-12 07:32 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-12 07:32 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-12 07:32 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 07:32 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 07:32 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 07:32 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 07:32 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 07:32 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 07:32 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-12 07:32 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 07:32 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-12 07:32 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-12 07:32 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-12 07:32 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-12 07:32 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 07:32 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 07:32 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 07:32 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-12 07:32 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 07:32 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-12 07:31 - 2014-10-25 19:56 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-12 07:31 - 2014-10-25 19:56 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-12 07:31 - 2014-10-25 19:56 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-12 07:31 - 2014-10-25 19:56 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-12 07:31 - 2014-10-25 19:55 - 19284480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-12 07:31 - 2014-10-25 19:55 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-12 07:31 - 2014-10-25 19:55 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-12 07:31 - 2014-10-25 19:55 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-12 07:31 - 2014-10-25 19:53 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-12 07:31 - 2014-10-25 18:36 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-12 07:31 - 2014-10-25 18:35 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-12 07:31 - 2014-10-25 18:35 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-12 07:31 - 2014-10-25 18:35 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-12 07:31 - 2014-10-25 18:35 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-12 07:31 - 2014-10-25 18:35 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-12 07:31 - 2014-10-25 18:35 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 13758464 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-12 07:31 - 2014-10-25 18:34 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-12 07:31 - 2014-10-25 18:19 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-12 07:31 - 2014-10-25 18:13 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-12 07:31 - 2014-10-25 17:22 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-11-12 07:31 - 2014-10-25 17:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-12 07:31 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 07:31 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-08 22:15 - 2014-11-08 22:15 - 00166662 _____ () C:\Users\Transcription\Documents\cc_20141108_221533.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-07 23:44 - 2011-03-01 20:12 - 01224898 _____ () C:\windows\WindowsUpdate.log
2014-12-07 23:44 - 2009-07-13 22:45 - 00026192 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-07 23:44 - 2009-07-13 22:45 - 00026192 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-07 23:40 - 2014-10-31 22:05 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-07 23:40 - 2011-07-27 10:45 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002UA.job
2014-12-07 23:37 - 2014-10-21 11:02 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-12-07 23:36 - 2011-07-22 07:35 - 00000198 _____ () C:\windows\Tasks\AutoKMS.job
2014-12-07 23:36 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-07 23:34 - 2014-11-04 05:45 - 00000000 ____D () C:\AdwCleaner
2014-12-07 23:33 - 2014-02-26 12:59 - 00000554 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2016598732-1189231270-1083687895-1007.job
2014-12-07 23:28 - 2012-04-08 09:21 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-07 23:23 - 2009-07-25 20:01 - 00000000 ____D () C:\windows\Panther
2014-12-07 22:52 - 2013-04-16 16:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-07 22:46 - 2013-10-08 18:12 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software
2014-12-07 22:46 - 2009-07-13 23:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-12-07 22:17 - 2011-07-27 10:45 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002Core.job
2014-12-07 08:35 - 2011-07-22 07:35 - 00000198 _____ () C:\windows\Tasks\AutoKMSDaily.job
2014-12-05 10:50 - 2014-02-26 12:59 - 00003588 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2016598732-1189231270-1083687895-1007
2014-12-05 10:15 - 2012-07-24 08:55 - 00003257 _____ () C:\windows\InstText.ini
2014-12-02 11:45 - 2013-10-08 18:12 - 00001112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe.lnk
2014-12-02 11:09 - 2009-07-13 22:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-02 10:56 - 2012-07-04 14:09 - 00000632 __RSH () C:\Users\Carissa\ntuser.pol
2014-12-02 10:56 - 2011-07-22 09:40 - 00112744 _____ () C:\Users\Carissa\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-02 10:56 - 2011-07-22 09:37 - 00000000 ____D () C:\Users\Carissa
2014-11-28 11:53 - 2012-06-26 11:48 - 00000000 ____D () C:\Users\Transcription\AppData\Local\Deployment
2014-11-26 08:28 - 2012-04-08 09:21 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 08:28 - 2012-04-08 09:21 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 08:28 - 2011-07-21 08:51 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 23:24 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-11-24 22:23 - 2009-07-13 23:13 - 00853450 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-24 21:59 - 2012-06-25 17:57 - 00112744 _____ () C:\Users\Transcription\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-24 21:57 - 2009-07-13 22:45 - 04966464 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-24 21:53 - 2014-11-04 20:08 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-24 21:46 - 2011-07-22 07:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-24 21:41 - 2013-08-15 02:01 - 00000000 ____D () C:\windows\system32\MRT
2014-11-24 21:36 - 2011-07-21 09:12 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-23 19:42 - 2011-07-27 10:47 - 00002357 _____ () C:\Users\Chad\Desktop\Google Chrome.lnk
2014-11-23 19:35 - 2011-07-27 10:45 - 00003876 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002UA
2014-11-23 19:35 - 2011-07-27 10:45 - 00003480 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002Core
2014-11-23 19:32 - 2012-07-06 16:29 - 00000632 __RSH () C:\Users\Chad\ntuser.pol
2014-11-23 19:32 - 2011-07-21 08:30 - 00000000 ____D () C:\Users\Chad
2014-11-23 11:26 - 2014-11-04 08:02 - 00000000 ____D () C:\windows\Microsoft Antimalware
2014-11-22 12:43 - 2012-06-25 17:56 - 00000000 ____D () C:\Users\Transcription
2014-11-10 17:15 - 2011-07-24 03:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

Files to move or delete:
====================
C:\ProgramData\flashax10.exe
C:\Users\Chad\en_res.dll
C:\Users\Chad\es_res.dll
C:\Users\Chad\fr_res.dll
C:\Users\Chad\grm_res.dll
C:\Users\Chad\it_res.dll
C:\Users\Chad\jp_res.dll
C:\Users\Chad\mfc80u.dll
C:\Users\Chad\msvcr80.dll
C:\Users\Chad\PCPE Setup.exe
C:\Users\Chad\pt_res.dll
C:\Users\Chad\ResourceReader.dll
C:\Users\Chad\ru_res.dll
C:\Users\Chad\zh_res.dll


Some content of TEMP:
====================
C:\Users\Carissa\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Chad\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Chad\AppData\Local\Temp\InstallAX.exe
C:\Users\Chad\AppData\Local\Temp\install_flashplayer15x32axau_mssd_aaa_aih.exe
C:\Users\Chad\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Chad\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Chad\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Chad\AppData\Local\Temp\MSN679A.exe
C:\Users\Chad\AppData\Local\Temp\ose00000.exe
C:\Users\Chad\AppData\Local\Temp\ose00002.exe
C:\Users\Chad\AppData\Local\Temp\ose00003.exe
C:\Users\Chad\AppData\Local\Temp\ose00004.exe
C:\Users\Chad\AppData\Local\Temp\ose00005.exe
C:\Users\Chad\AppData\Local\Temp\Quarantine.exe
C:\Users\Chad\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Chad\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chad\AppData\Local\Temp\winzipsystemutilitiessuite.exe
C:\Users\Transcription\AppData\Local\Temp\Quarantine.exe
C:\Users\Transcription\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 17:41

==================== End Of Log ============================

 

 

 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

 

Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2014 02
Ran by Transcription at 2014-12-08 00:14:59
Running from C:\Users\Transcription\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{493B228C-FD32-8067-121C-32FF67DE8355}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{581AF03B-4008-41AE-846C-21CACF9B48A9}) (Version: 0.9.29 - Kovid Goyal)
Career Step Foot Pedal Software (remove only) (HKLM-x32\...\PedalPlugin) (Version:  - )
ccc-core-static (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CenturyLink Remote Control (HKLM\...\CLinkRC) (Version:  - )
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{378AA12C-D409-49A9-80DF-20F035B38D9A}) (Version: 8.29.3202 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dictaphone EXV Host Selector (HKLM-x32\...\{15E3817F-7C66-4C5B-93CD-2910B8448993}) (Version: 1.0.0.2100 - Dictaphone)
DriverIdentifier 3.9 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
DVDFab 8.1.3.8 (09/12/2011) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
EditScript MT (HKLM-x32\...\{0B799160-49B9-43D5-929D-B048C82D22C6}) (Version: 9.120.0.6 - eScription, Inc)
EditScript MT (HKLM-x32\...\{7F510E46-A10E-4B29-8096-16415E0F1893}) (Version: 10.16.0.8 - Nuance Communications, Inc.)
EditScript MT 11 (HKLM-x32\...\{AD3E0BCD-A2D2-4577-BD45-CFF378BBE36E}) (Version: 11.4.0.34 - Nuance Communications, Inc.)
EditScript MT Crash Handler (HKLM-x32\...\{565A90B3-C226-4258-8A94-4682F388960D}) (Version: 11.0.0.14 - Nuance Communications, Inc.)
EditScript MT Prerequisite Components (HKLM-x32\...\{29DB2B0C-1F20-4CCA-9E60-BA608C5CE2DF}) (Version: 1.0.0.0 - Nuance Communications, Inc.)
Express Dictate Digital Dictation Software (HKLM-x32\...\Express) (Version: 5.82 - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version:  - NCH Software)
Family Tree Maker 2005 (HKLM-x32\...\{B136E4A4-7660-4F15-9752-EF8E6BA7866D}) (Version:  - )
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.388 - Ancestry.com, Inc.) Hidden
FanSpeedControl (HKLM-x32\...\InstallShield_{0EC766C7-F444-42BF-A05F-4A790F5360EB}) (Version: 1.00.00.13 - Lenovo)
FanSpeedControl (x32 Version: 1.00.00.13 - Lenovo) Hidden
FileZilla Client 3.5.2 (HKLM-x32\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.957 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 7.0.4.2033 (HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\GoToMeeting) (Version: 7.0.4.2033 - CitrixOnline)
Instant Text V Pro (HKLM-x32\...\Instant Text V Pro) (Version: Instant Text V Pro - Textware Solutions)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.19120 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.16300 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3720 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.3720 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Sounds (HKLM-x32\...\{10CE1EA2-12E9-11D3-825E-00C04F6843FE}) (Version: 1.0.0.0 - Microsoft Corp)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nitro PDF Professional (HKLM\...\{59525B55-DE3C-439F-82CC-D4578960DE73}) (Version: 6.2.1.10 - Nitro PDF Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quick Look Electronic Drug Reference 2011 (HKLM-x32\...\{9261E08A-CD41-47DE-938F-9BE360E532D8}) (Version: 1.00.0000 - Lippincott Williams & Wilkins)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Ready Reference Bookshelf (HKLM-x32\...\{6DC8C535-92E9-4D97-A267-023794E6D07E}) (Version: 2.02.0000 - Lippincott Williams & Wilkins)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0007 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SSC Service Utility v4.30 (HKLM-x32\...\SSC Service Utility_is1) (Version:  - SSC Localization Group)
Stedman's Electronic Medical Dictionary 7.0 (HKLM-x32\...\Stedman's Electronic Medical Dictionary 7.0) (Version:  - )
Stedman's Electronic Medical Dictionary, version 7.0 (Shared Components) (HKLM-x32\...\Uninstaller_B41C0000_Stedman's Electronic Medical Dictionary, version 7.0) (Version: 2.70.0 - WoltersKluwerLWW)
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.113 - Electronic Arts)
Torrent Episode Downloader (HKLM-x32\...\Torrent Episode Downloader 0.972) (Version: 0.972 - Roel and Joost)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
VLC media player 1.1.8 (HKLM-x32\...\VLC media player) (Version: 1.1.8 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip System Utilities Suite (HKLM-x32\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1) (Version: 2.0.648.11839 - WinZip Computing, S.L. (WinZip Computing))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2016598732-1189231270-1083687895-1007_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2016598732-1189231270-1083687895-1007_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\perftrack.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-11-03 07:39 - 00001512 _RASH C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
158.58.173.194 www.google-analytics.com.
158.58.173.194 google-analytics.com.
158.58.173.194 connect.facebook.net.
198.100.156.140 www.google-analytics.com.
198.100.156.140 google-analytics.com.
198.100.156.140 connect.facebook.net.
85.25.79.123 www.google-analytics.com.
85.25.79.123 google-analytics.com.
85.25.79.123 connect.facebook.net.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EDDDCA7-866B-4A8E-B85C-61CBB6320D63} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {1338A766-2EB2-48D3-9EAF-BAE7092972AD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {1CAD9FA8-5E10-48E5-BC15-3548845CEE4A} - System32\Tasks\G2MUpdateTask-S-1-5-21-2016598732-1189231270-1083687895-1007 => C:\Program Files (x86)\Citrix\GoToMeeting\2033\g2mupdate.exe [2014-12-05] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3421CFE2-5F65-4905-818E-ADE089706F7A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002Core => C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {38890C85-02AC-4F22-865C-A7A47AE77485} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3F5AC597-0B53-4CC2-ADBE-3BAC8462E106} - System32\Tasks\NCH Software\ExpressSevenDays => C:\Program Files (x86)\NCH Software\Express\Express.exe
Task: {413D9F54-88C5-42C4-A6B3-B9AD9FACC7E0} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {52B5CFCF-09EB-4BB7-B7CC-B138508E6D94} - System32\Tasks\NCH Software\ScribeReminder => C:\Program Files (x86)\NCH Software\Scribe\Scribe.exe
Task: {5A06FA5A-6B28-4703-A724-F66C20C680DD} - \Security Center Update - 719484006 No Task File <==== ATTENTION
Task: {66351B87-0D4B-43E8-BD89-7DB9E169B733} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {97358638-67EA-47A4-97A4-CABB5AFD1BE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002UA => C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {AAF5B09C-646D-465D-9106-B19B84BFA060} - System32\Tasks\{AEDCA431-2282-40C4-824D-D98954B45442} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.119.259&amp;LastError=404
Task: {C477AA30-8204-4DF7-B624-9B2E7F382DA7} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {FAF70241-463C-470E-B1BD-676291EE9C56} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2016598732-1189231270-1083687895-1007.job => C:\Program Files (x86)\Citrix\GoToMeeting\2033\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002Core.job => C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002UA.job => C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-11-03 19:03 - 2009-11-03 19:03 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-01 20:14 - 2011-03-01 20:14 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-04 11:49 - 2011-03-04 11:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-02-17 19:30 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-10-01 19:22 - 2014-10-01 19:22 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-26 08:28 - 2014-11-26 08:28 - 16841392 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Program Files\Common Files\System:t43xNzIORiDQgsgFDhl
AlternateDataStreams: C:\ProgramData\Microsoft:bSEkr0z7bXUzOnimDA5GZfB
AlternateDataStreams: C:\ProgramData\Microsoft:dn9SFSWVlEXZJZjc3U
AlternateDataStreams: C:\Users\Carissa\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Carissa\Desktop\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Carissa\AppData\Local\nIq5QlGUdjLO:q9s2fvWk2C2rzqg8L5jLL1juVYzX
AlternateDataStreams: C:\Users\Carissa\AppData\Local\Temporary Internet Files:zvi8Fnp0eW13Pv96itybs2afI
AlternateDataStreams: C:\Users\Carissa\Documents\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Chad\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Chad\AppData\Local\Temporary Internet Files:zvi8Fnp0eW13Pv96itybs2afI

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Display => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Lenovo Dynamic Brightness System => C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
MSCONFIG\startupreg: Lenovo Eye Distance System => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
MSCONFIG\startupreg: LenovoFSC => C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2016598732-1189231270-1083687895-500 - Administrator - Disabled)
Carissa (S-1-5-21-2016598732-1189231270-1083687895-1004 - Administrator - Enabled) => C:\Users\Carissa
Chad (S-1-5-21-2016598732-1189231270-1083687895-1002 - Administrator - Enabled) => C:\Users\Chad
Guest (S-1-5-21-2016598732-1189231270-1083687895-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2016598732-1189231270-1083687895-1012 - Limited - Enabled)
Lilly and Violet (S-1-5-21-2016598732-1189231270-1083687895-1011 - Limited - Enabled) => C:\Users\Lilly and Violet
Mcx1-PC (S-1-5-21-2016598732-1189231270-1083687895-1006 - Limited - Enabled) => C:\Users\Mcx1-PC
Transcription (S-1-5-21-2016598732-1189231270-1083687895-1007 - Administrator - Enabled) => C:\Users\Transcription

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/07/2014 11:41:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1370

Start Time: 01d012a978568691

Termination Time: 31

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: e2d963e3-7e9c-11e4-9a22-1078d2ce8b6c

Error: (12/07/2014 11:39:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 1.0.1.711 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6ac

Start Time: 01d012a93a91b163

Termination Time: 16

Application Path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

Report Id: 99beba38-7e9c-11e4-9a22-1078d2ce8b6c

Error: (12/07/2014 11:38:14 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2014 11:38:14 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2014 11:38:14 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2014 11:38:14 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/07/2014 11:38:11 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2014 11:38:11 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/07/2014 11:38:11 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2014 11:38:11 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (12/07/2014 11:38:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/07/2014 11:38:15 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/07/2014 11:34:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Live ID Sign-in Assistant service failed to start due to the following error:
%%109

Error: (12/07/2014 11:34:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (12/07/2014 11:34:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/07/2014 11:34:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/07/2014 11:34:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The APC Data Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/07/2014 11:34:42 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/07/2014 11:34:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WINZIPSSDiskOptimizer service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/07/2014 11:34:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (12/07/2014 11:41:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.711137001d012a97856869131C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exee2d963e3-7e9c-11e4-9a22-1078d2ce8b6c

Error: (12/07/2014 11:39:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.1.7116ac01d012a93a91b16316C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe99beba38-7e9c-11e4-9a22-1078d2ce8b6c

Error: (12/07/2014 11:38:14 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2014 11:38:14 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2014 11:38:14 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/07/2014 11:38:14 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (12/07/2014 11:38:11 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (12/07/2014 11:38:11 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/07/2014 11:38:11 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (12/07/2014 11:38:11 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700


==================== Memory info ===========================

Processor: AMD Athlon™ II X2 255 Processor
Percentage of memory in use: 63%
Total physical RAM: 8190.05 MB
Available physical RAM: 3003.5 MB
Total Pagefile: 16378.29 MB
Available Pagefile: 10998.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.59 GB) (Free:169.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (UNTITLED) (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00F0A9E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=440.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 08 December 2014 - 11:05 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 Nochte

Nochte
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 08 December 2014 - 10:46 PM

Ok... Here we go.  Did notice some Group restrictions again in the new FRST log.   Thanks again for take time to work through this, and helping me.

 

AdwCleaner Log:

 

# AdwCleaner v4.105 - Report created 08/12/2014 at 20:18:23
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Transcription - PC
# Running from : C:\Users\Transcription\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Nico Mak Computing

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17148


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


*************************

AdwCleaner[R0].txt - [2759 octets] - [04/11/2014 05:45:15]
AdwCleaner[R1].txt - [1495 octets] - [04/11/2014 18:25:13]
AdwCleaner[R2].txt - [1346 octets] - [12/11/2014 01:18:31]
AdwCleaner[R3].txt - [1129 octets] - [24/11/2014 22:20:50]
AdwCleaner[R4].txt - [1595 octets] - [07/12/2014 23:27:08]
AdwCleaner[R5].txt - [1409 octets] - [08/12/2014 20:15:45]
AdwCleaner[S0].txt - [2753 octets] - [04/11/2014 05:46:56]
AdwCleaner[S1].txt - [1560 octets] - [04/11/2014 18:31:08]
AdwCleaner[S2].txt - [1413 octets] - [12/11/2014 01:28:52]
AdwCleaner[S3].txt - [1191 octets] - [24/11/2014 22:27:04]
AdwCleaner[S4].txt - [1625 octets] - [07/12/2014 23:34:41]
AdwCleaner[S5].txt - [1333 octets] - [08/12/2014 20:18:23]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1393 octets] ##########
 

 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

 

 

MBAM Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/8/2014
Scan Time: 8:42:08 P
Logfile: MBAM.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.09.01
Rootkit Database: v2014.12.08.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Transcription

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 512046
Time Elapsed: 38 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

 

JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Transcription on Mon 12/08/2014 at 21:28:35.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/08/2014 at 21:30:59.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-12-2014
Ran by Transcription (administrator) on PC on 08-12-2014 21:36:25
Running from C:\Users\Transcription\Desktop
Loaded Profile: Transcription (Available profiles: Chad & Carissa & Mcx1-PC & Transcription & Lilly and Violet)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(WinZip Computing, S.L. (WinZip Computing)) C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Transcription\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\957\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\MountPoints2: {f7681827-7085-11e3-832c-1078d2ce8b6c} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\MountPoints2: {f7681831-7085-11e3-832c-1078d2ce8b6c} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
GroupPolicyUsers\S-1-5-21-2016598732-1189231270-1083687895-1011\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2016598732-1189231270-1083687895-1007 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://nuanceevents.webex.com/client/T27LD/nbr/ieatgpc1.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 207.14.235.234 67.238.98.162 208.180.42.68
Tcpip\..\Interfaces\{B6635E1D-F40E-43D1-8A47-78959D470B95}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{BD264802-0807-4FF7-A9EF-AD7F798DACD8}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Transcription\AppData\Roaming\Mozilla\Firefox\Profiles\bvqzl4mk.default-1415155178838
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @careerstep.com/PedalPlugin,version=1.0.0.2 -> C:\Program Files (x86)\Career Step\Footpedal Plugin\nppedal.dll (Career Step LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2016598732-1189231270-1083687895-1007: @citrixonline.com/appdetectorplugin -> C:\Users\Transcription\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppedal.dll (Career Step LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PIEHid.dll (PI Engineering)

Chrome:
=======
CHR StartMenuInternet: Google Chrome - C:\Users\Chad\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-07-22] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 LWWLicenseService; C:\Program Files (x86)\Common Files\WoltersKluwerLWW Shared\Service\LWWLicenseService.exe [72704 2012-06-25] (WoltersKluwerLWW) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [361472 2011-06-13] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [441344 2011-06-13] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$DOCNET; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-03-21] (Nitro PDF Software)
R2 WINZIPSSDiskOptimizer; C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [628040 2011-11-10] (WinZip Computing, S.L. (WinZip Computing))

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 CVPNDRVA; C:\windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation                           )
R3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11848 2009-06-05] ()
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 21:36 - 2014-12-08 21:36 - 00015512 _____ () C:\Users\Transcription\Desktop\FRST.txt
2014-12-08 21:35 - 2014-12-08 21:35 - 02119680 _____ (Farbar) C:\Users\Transcription\Desktop\FRST64(1).exe
2014-12-08 21:30 - 2014-12-08 21:30 - 00000641 _____ () C:\Users\Transcription\Desktop\JRT.txt
2014-12-08 21:28 - 2014-12-08 21:28 - 00000000 ____D () C:\windows\ERUNT
2014-12-08 21:24 - 2014-12-08 21:25 - 01707646 _____ (Thisisu) C:\Users\Transcription\Desktop\JRT.exe
2014-12-08 20:28 - 2014-12-08 20:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-08 20:26 - 2014-12-08 20:26 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Transcription\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-08 20:15 - 2014-12-08 20:15 - 02166272 _____ () C:\Users\Transcription\Desktop\AdwCleaner.exe
2014-12-08 14:01 - 2014-12-08 14:01 - 00000000 _____ () C:\Users\Transcription\Downloads\BTS Chain of Trust Agreement 09-2011.pdf.asse02x.partial
2014-12-08 00:14 - 2014-12-08 00:15 - 00034711 _____ () C:\Users\Transcription\Downloads\Addition.txt
2014-12-08 00:11 - 2014-12-08 21:36 - 00000000 ____D () C:\FRST
2014-12-08 00:11 - 2014-12-08 00:15 - 00037379 _____ () C:\Users\Transcription\Downloads\FRST.txt
2014-12-08 00:11 - 2014-12-08 00:11 - 02119680 _____ (Farbar) C:\Users\Transcription\Downloads\FRST64.exe
2014-12-07 23:53 - 2014-12-08 21:33 - 00000000 ____D () C:\Users\Transcription\Desktop\Chad
2014-12-07 23:52 - 2014-12-07 23:52 - 00019799 _____ () C:\Users\Transcription\Desktop\dds.txt
2014-12-07 23:52 - 2014-12-07 23:52 - 00015518 _____ () C:\Users\Transcription\Desktop\attach.txt
2014-12-07 23:47 - 2014-12-07 23:48 - 00688992 ____R (Swearware) C:\Users\Transcription\Downloads\dds.com
2014-12-07 23:35 - 2014-12-08 20:19 - 00000628 _____ () C:\windows\PFRO.log
2014-12-07 23:35 - 2014-12-08 20:19 - 00000112 _____ () C:\windows\setupact.log
2014-12-07 23:35 - 2014-12-07 23:35 - 00000000 _____ () C:\windows\setuperr.log
2014-12-07 23:27 - 2014-12-07 23:27 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-07 23:01 - 2014-12-07 23:01 - 00000000 ____D () C:\windows\pss
2014-12-07 22:51 - 2014-12-07 22:52 - 05162080 _____ (Piriform Ltd) C:\Users\Transcription\Downloads\ccsetup500.exe
2014-12-03 14:56 - 2014-12-03 14:57 - 00153826 _____ () C:\Users\Transcription\Desktop\pedalplugin-win.zip
2014-12-02 11:46 - 2014-12-02 11:46 - 00001272 _____ () C:\Users\Public\Desktop\NCH Suite.lnk
2014-12-02 11:46 - 2014-12-02 11:46 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Dictate Digital Dictation Software.lnk
2014-12-02 11:46 - 2014-12-02 11:46 - 00001166 _____ () C:\Users\Public\Desktop\Express Dictate Digital Dictation Software.lnk
2014-12-02 11:45 - 2014-12-02 11:45 - 00001100 _____ () C:\Users\Public\Desktop\Express Scribe.lnk
2014-12-02 11:07 - 2014-12-02 11:07 - 00039450 _____ () C:\Users\Carissa\Downloads\1_Rad.wav
2014-12-02 10:51 - 2014-12-02 10:51 - 00039450 _____ () C:\Users\Transcription\Desktop\1_Rad.wav
2014-12-02 10:32 - 2014-12-02 10:35 - 00654246 _____ () C:\Users\Transcription\Documents\Attachments_2014122.zip
2014-12-02 10:32 - 2014-12-02 10:32 - 00039450 _____ () C:\Users\Transcription\Documents\1_Rad.wav
2014-11-23 19:25 - 2014-11-23 19:25 - 00000000 _____ () C:\windows\system32\config\SOFTWARE472cf58
2014-11-23 08:59 - 2014-11-23 08:59 - 00000000 ____D () C:\Users\Transcription\Desktop\Physician Education 1114
2014-11-23 08:58 - 2014-11-23 08:58 - 00000000 ____D () C:\ac791415d8f5895eea4affa19e
2014-11-23 08:57 - 2014-11-23 08:57 - 00913408 _____ (Microsoft Corporation) C:\Users\Transcription\Downloads\mssstool64.exe
2014-11-19 07:55 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 07:55 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 07:55 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 07:55 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-19 07:55 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-19 07:55 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-19 07:55 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-19 07:55 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-12 07:33 - 2014-11-05 11:56 - 00304640 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-11-12 07:32 - 2014-11-05 11:56 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-11-12 07:32 - 2014-11-05 11:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-11-12 07:32 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 07:32 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 07:32 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 07:32 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 07:32 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 07:32 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 07:32 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-12 07:32 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 07:32 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 07:32 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-11-12 07:32 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 07:32 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 07:32 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 07:32 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 07:32 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 07:32 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-12 07:32 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-12 07:32 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-12 07:32 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 07:32 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 07:32 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 07:32 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 07:32 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 07:32 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 07:32 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-12 07:32 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 07:32 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-12 07:32 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-12 07:32 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-12 07:32 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-12 07:32 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 07:32 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 07:32 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 07:32 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-12 07:32 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 07:32 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-12 07:31 - 2014-10-25 19:56 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-12 07:31 - 2014-10-25 19:56 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-12 07:31 - 2014-10-25 19:56 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-12 07:31 - 2014-10-25 19:56 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-12 07:31 - 2014-10-25 19:55 - 19284480 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-12 07:31 - 2014-10-25 19:55 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-12 07:31 - 2014-10-25 19:55 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-12 07:31 - 2014-10-25 19:55 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-12 07:31 - 2014-10-25 19:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-12 07:31 - 2014-10-25 19:53 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-12 07:31 - 2014-10-25 18:36 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-12 07:31 - 2014-10-25 18:35 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-12 07:31 - 2014-10-25 18:35 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-12 07:31 - 2014-10-25 18:35 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-12 07:31 - 2014-10-25 18:35 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-12 07:31 - 2014-10-25 18:35 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-12 07:31 - 2014-10-25 18:35 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 13758464 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-12 07:31 - 2014-10-25 18:34 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-12 07:31 - 2014-10-25 18:34 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-12 07:31 - 2014-10-25 18:19 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-12 07:31 - 2014-10-25 18:13 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-12 07:31 - 2014-10-25 17:22 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-11-12 07:31 - 2014-10-25 17:17 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-11-12 07:31 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 07:31 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-08 22:15 - 2014-11-08 22:15 - 00166662 _____ () C:\Users\Transcription\Documents\cc_20141108_221533.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-08 21:33 - 2014-02-26 12:59 - 00000554 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2016598732-1189231270-1083687895-1007.job
2014-12-08 21:33 - 2012-05-11 19:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-08 21:29 - 2014-10-21 11:02 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-12-08 21:28 - 2012-04-08 09:21 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-08 20:42 - 2014-10-31 22:05 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 20:40 - 2011-07-27 10:45 - 00000904 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002UA.job
2014-12-08 20:28 - 2014-10-31 22:05 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 20:28 - 2014-10-31 22:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-08 20:27 - 2009-07-13 22:45 - 00026192 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-08 20:27 - 2009-07-13 22:45 - 00026192 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-08 20:24 - 2011-03-01 20:12 - 01249356 _____ () C:\windows\WindowsUpdate.log
2014-12-08 20:20 - 2011-07-22 07:35 - 00000198 _____ () C:\windows\Tasks\AutoKMS.job
2014-12-08 20:20 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-08 20:18 - 2014-11-04 05:45 - 00000000 ____D () C:\AdwCleaner
2014-12-08 20:14 - 2011-07-27 10:45 - 00000852 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002Core.job
2014-12-08 13:36 - 2014-02-11 21:45 - 00002136 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2014-12-08 13:36 - 2014-02-11 21:45 - 00002124 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2014-12-08 12:40 - 2011-07-22 07:35 - 00000198 _____ () C:\windows\Tasks\AutoKMSDaily.job
2014-12-07 23:23 - 2009-07-25 20:01 - 00000000 ____D () C:\windows\Panther
2014-12-07 22:52 - 2013-04-16 16:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-07 22:46 - 2013-10-08 18:12 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software
2014-12-07 22:46 - 2009-07-13 23:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-12-05 10:50 - 2014-02-26 12:59 - 00003588 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-2016598732-1189231270-1083687895-1007
2014-12-05 10:15 - 2012-07-24 08:55 - 00003257 _____ () C:\windows\InstText.ini
2014-12-02 11:45 - 2013-10-08 18:12 - 00001112 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Scribe.lnk
2014-12-02 11:09 - 2009-07-13 22:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-12-02 10:56 - 2012-07-04 14:09 - 00000632 __RSH () C:\Users\Carissa\ntuser.pol
2014-12-02 10:56 - 2011-07-22 09:40 - 00112744 _____ () C:\Users\Carissa\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-02 10:56 - 2011-07-22 09:37 - 00000000 ____D () C:\Users\Carissa
2014-11-28 11:53 - 2012-06-26 11:48 - 00000000 ____D () C:\Users\Transcription\AppData\Local\Deployment
2014-11-26 08:28 - 2012-04-08 09:21 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 08:28 - 2012-04-08 09:21 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 08:28 - 2011-07-21 08:51 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-24 23:24 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-11-24 22:23 - 2009-07-13 23:13 - 00853450 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-24 21:59 - 2012-06-25 17:57 - 00112744 _____ () C:\Users\Transcription\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-24 21:57 - 2009-07-13 22:45 - 04966464 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-24 21:53 - 2014-11-04 20:08 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-11-24 21:46 - 2011-07-22 07:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-24 21:41 - 2013-08-15 02:01 - 00000000 ____D () C:\windows\system32\MRT
2014-11-24 21:36 - 2011-07-21 09:12 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-23 19:42 - 2011-07-27 10:47 - 00002357 _____ () C:\Users\Chad\Desktop\Google Chrome.lnk
2014-11-23 19:35 - 2011-07-27 10:45 - 00003876 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002UA
2014-11-23 19:35 - 2011-07-27 10:45 - 00003480 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002Core
2014-11-23 19:32 - 2012-07-06 16:29 - 00000632 __RSH () C:\Users\Chad\ntuser.pol
2014-11-23 19:32 - 2011-07-21 08:30 - 00000000 ____D () C:\Users\Chad
2014-11-23 11:26 - 2014-11-04 08:02 - 00000000 ____D () C:\windows\Microsoft Antimalware
2014-11-22 12:43 - 2012-06-25 17:56 - 00000000 ____D () C:\Users\Transcription
2014-11-21 06:14 - 2014-10-31 22:04 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-10-31 22:04 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2012-08-01 05:15 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-10 17:15 - 2011-07-24 03:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

Files to move or delete:
====================
C:\ProgramData\flashax10.exe
C:\Users\Chad\en_res.dll
C:\Users\Chad\es_res.dll
C:\Users\Chad\fr_res.dll
C:\Users\Chad\grm_res.dll
C:\Users\Chad\it_res.dll
C:\Users\Chad\jp_res.dll
C:\Users\Chad\mfc80u.dll
C:\Users\Chad\msvcr80.dll
C:\Users\Chad\PCPE Setup.exe
C:\Users\Chad\pt_res.dll
C:\Users\Chad\ResourceReader.dll
C:\Users\Chad\ru_res.dll
C:\Users\Chad\zh_res.dll


Some content of TEMP:
====================
C:\Users\Carissa\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Carissa\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Chad\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Chad\AppData\Local\Temp\InstallAX.exe
C:\Users\Chad\AppData\Local\Temp\install_flashplayer15x32axau_mssd_aaa_aih.exe
C:\Users\Chad\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Chad\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Chad\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Chad\AppData\Local\Temp\MSN679A.exe
C:\Users\Chad\AppData\Local\Temp\ose00000.exe
C:\Users\Chad\AppData\Local\Temp\ose00002.exe
C:\Users\Chad\AppData\Local\Temp\ose00003.exe
C:\Users\Chad\AppData\Local\Temp\ose00004.exe
C:\Users\Chad\AppData\Local\Temp\ose00005.exe
C:\Users\Chad\AppData\Local\Temp\Quarantine.exe
C:\Users\Chad\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Chad\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Chad\AppData\Local\Temp\winzipsystemutilitiessuite.exe
C:\Users\Transcription\AppData\Local\Temp\Quarantine.exe
C:\Users\Transcription\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-15 17:41

==================== End Of Log ============================

 

 

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

 

FRST Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-12-2014
Ran by Transcription at 2014-12-08 21:37:30
Running from C:\Users\Transcription\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.0.19530 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{493B228C-FD32-8067-121C-32FF67DE8355}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{581AF03B-4008-41AE-846C-21CACF9B48A9}) (Version: 0.9.29 - Kovid Goyal)
Career Step Foot Pedal Software (remove only) (HKLM-x32\...\PedalPlugin) (Version:  - )
ccc-core-static (x32 Version: 2010.0302.2233.40412 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
CenturyLink Remote Control (HKLM\...\CLinkRC) (Version:  - )
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{378AA12C-D409-49A9-80DF-20F035B38D9A}) (Version: 8.29.3202 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dictaphone EXV Host Selector (HKLM-x32\...\{15E3817F-7C66-4C5B-93CD-2910B8448993}) (Version: 1.0.0.2100 - Dictaphone)
DriverIdentifier 3.9 (HKLM-x32\...\{40A3E5DB-5EF8-4F04-BF3E-7AB87C4AE85A}_is1) (Version:  - DriverIdentifier)
DVDFab 8.1.3.8 (09/12/2011) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
EditScript MT (HKLM-x32\...\{0B799160-49B9-43D5-929D-B048C82D22C6}) (Version: 9.120.0.6 - eScription, Inc)
EditScript MT (HKLM-x32\...\{7F510E46-A10E-4B29-8096-16415E0F1893}) (Version: 10.16.0.8 - Nuance Communications, Inc.)
EditScript MT 11 (HKLM-x32\...\{AD3E0BCD-A2D2-4577-BD45-CFF378BBE36E}) (Version: 11.4.0.34 - Nuance Communications, Inc.)
EditScript MT Crash Handler (HKLM-x32\...\{565A90B3-C226-4258-8A94-4682F388960D}) (Version: 11.0.0.14 - Nuance Communications, Inc.)
EditScript MT Prerequisite Components (HKLM-x32\...\{29DB2B0C-1F20-4CCA-9E60-BA608C5CE2DF}) (Version: 1.0.0.0 - Nuance Communications, Inc.)
Express Dictate Digital Dictation Software (HKLM-x32\...\Express) (Version: 5.82 - NCH Software)
Express Scribe (HKLM-x32\...\Scribe) (Version:  - NCH Software)
Family Tree Maker 2005 (HKLM-x32\...\{B136E4A4-7660-4F15-9752-EF8E6BA7866D}) (Version:  - )
Family Tree Maker 2012 (HKLM-x32\...\Family Tree Maker 2012) (Version: 21.0.388 - Ancestry.com, Inc.)
Family Tree Maker 2012 (x32 Version: 21.0.388 - Ancestry.com, Inc.) Hidden
FanSpeedControl (HKLM-x32\...\InstallShield_{0EC766C7-F444-42BF-A05F-4A790F5360EB}) (Version: 1.00.00.13 - Lenovo)
FanSpeedControl (x32 Version: 1.00.00.13 - Lenovo) Hidden
FileZilla Client 3.5.2 (HKLM-x32\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.957 - Citrix Online, a division of Citrix Systems, Inc.)
GoToMeeting 7.0.4.2033 (HKU\S-1-5-21-2016598732-1189231270-1083687895-1007\...\GoToMeeting) (Version: 7.0.4.2033 - CitrixOnline)
Instant Text V Pro (HKLM-x32\...\Instant Text V Pro) (Version: Instant Text V Pro - Textware Solutions)
iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Driver and Application Installation (HKLM-x32\...\{45970CD1-D599-47D4-938F-3E9800D54ED1}) (Version: 5.10.1809 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.00.19120 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.00.16300 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3720 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.3720 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 3.0.1409 - CyberLink Corp.)
Lenovo Rescue System (Version: 3.0.1409 - CyberLink Corp.) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
LVT (HKLM-x32\...\{D3063097-EC84-4D21-84A4-9D852E974355}) (Version: 4.1.2.0919 - Lenovo)
LXH-JME2207FN Hotkey Driver (HKLM-x32\...\{42B21298-C850-4272-AFD9-636CBC005421}) (Version: 5.1.0804 - Lenovo)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Sounds (HKLM-x32\...\{10CE1EA2-12E9-11D3-825E-00C04F6843FE}) (Version: 1.0.0.0 - Microsoft Corp)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nitro PDF Professional (HKLM\...\{59525B55-DE3C-439F-82CC-D4578960DE73}) (Version: 6.2.1.10 - Nitro PDF Software)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quick Look Electronic Drug Reference 2011 (HKLM-x32\...\{9261E08A-CD41-47DE-938F-9BE360E532D8}) (Version: 1.00.0000 - Lippincott Williams & Wilkins)
Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Ready Reference Bookshelf (HKLM-x32\...\{6DC8C535-92E9-4D97-A267-023794E6D07E}) (Version: 2.02.0000 - Lippincott Williams & Wilkins)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0007 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6043 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30116 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SSC Service Utility v4.30 (HKLM-x32\...\SSC Service Utility_is1) (Version:  - SSC Localization Group)
Stedman's Electronic Medical Dictionary 7.0 (HKLM-x32\...\Stedman's Electronic Medical Dictionary 7.0) (Version:  - )
Stedman's Electronic Medical Dictionary, version 7.0 (Shared Components) (HKLM-x32\...\Uninstaller_B41C0000_Stedman's Electronic Medical Dictionary, version 7.0) (Version: 2.70.0 - WoltersKluwerLWW)
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 2.0.113 - Electronic Arts)
Torrent Episode Downloader (HKLM-x32\...\Torrent Episode Downloader 0.972) (Version: 0.972 - Roel and Joost)
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
VLC media player 1.1.8 (HKLM-x32\...\VLC media player) (Version: 1.1.8 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip System Utilities Suite (HKLM-x32\...\{73370408-B80E-4509-B9AF-957E2E0F512F}_is1) (Version: 2.0.648.11839 - WinZip Computing, S.L. (WinZip Computing))
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2016598732-1189231270-1083687895-1007_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1468\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2016598732-1189231270-1083687895-1007_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\perftrack.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-11-03 07:39 - 00001512 _RASH C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
158.58.173.194 www.google-analytics.com.
158.58.173.194 google-analytics.com.
158.58.173.194 connect.facebook.net.
198.100.156.140 www.google-analytics.com.
198.100.156.140 google-analytics.com.
198.100.156.140 connect.facebook.net.
85.25.79.123 www.google-analytics.com.
85.25.79.123 google-analytics.com.
85.25.79.123 connect.facebook.net.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0EDDDCA7-866B-4A8E-B85C-61CBB6320D63} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {1338A766-2EB2-48D3-9EAF-BAE7092972AD} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {1CAD9FA8-5E10-48E5-BC15-3548845CEE4A} - System32\Tasks\G2MUpdateTask-S-1-5-21-2016598732-1189231270-1083687895-1007 => C:\Program Files (x86)\Citrix\GoToMeeting\2033\g2mupdate.exe [2014-12-05] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {3421CFE2-5F65-4905-818E-ADE089706F7A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002Core => C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {38890C85-02AC-4F22-865C-A7A47AE77485} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3F5AC597-0B53-4CC2-ADBE-3BAC8462E106} - System32\Tasks\NCH Software\ExpressSevenDays => C:\Program Files (x86)\NCH Software\Express\Express.exe
Task: {413D9F54-88C5-42C4-A6B3-B9AD9FACC7E0} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-PC => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {52B5CFCF-09EB-4BB7-B7CC-B138508E6D94} - System32\Tasks\NCH Software\ScribeReminder => C:\Program Files (x86)\NCH Software\Scribe\Scribe.exe
Task: {5A06FA5A-6B28-4703-A724-F66C20C680DD} - \Security Center Update - 719484006 No Task File <==== ATTENTION
Task: {66351B87-0D4B-43E8-BD89-7DB9E169B733} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {97358638-67EA-47A4-97A4-CABB5AFD1BE5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002UA => C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {AAF5B09C-646D-465D-9106-B19B84BFA060} - System32\Tasks\{AEDCA431-2282-40C4-824D-D98954B45442} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.119.259&amp;LastError=404
Task: {C477AA30-8204-4DF7-B624-9B2E7F382DA7} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {FAF70241-463C-470E-B1BD-676291EE9C56} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-2016598732-1189231270-1083687895-1007.job => C:\Program Files (x86)\Citrix\GoToMeeting\2033\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002Core.job => C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2016598732-1189231270-1083687895-1002UA.job => C:\Users\Chad\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-11-03 19:03 - 2009-11-03 19:03 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-01 20:14 - 2011-03-01 20:14 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-01-02 08:42 - 2010-01-02 08:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-09-08 15:16 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-03-21 10:16 - 2011-03-21 10:16 - 00123712 _____ () C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NPShellExtension64.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-01 23:26 - 2011-11-01 23:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-04 11:49 - 2011-03-04 11:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-02-17 19:30 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2014-12-08 20:28 - 2014-12-08 20:28 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Program Files\Common Files\System:t43xNzIORiDQgsgFDhl
AlternateDataStreams: C:\ProgramData\Microsoft:bSEkr0z7bXUzOnimDA5GZfB
AlternateDataStreams: C:\ProgramData\Microsoft:dn9SFSWVlEXZJZjc3U
AlternateDataStreams: C:\Users\Carissa\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Carissa\Desktop\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Carissa\AppData\Local\nIq5QlGUdjLO:q9s2fvWk2C2rzqg8L5jLL1juVYzX
AlternateDataStreams: C:\Users\Carissa\AppData\Local\Temporary Internet Files:zvi8Fnp0eW13Pv96itybs2afI
AlternateDataStreams: C:\Users\Carissa\Documents\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Chad\.DS_Store:AFP_AfpInfo
AlternateDataStreams: C:\Users\Chad\AppData\Local\Temporary Internet Files:zvi8Fnp0eW13Pv96itybs2afI

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: Display => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: jmekey => C:\Program Files (x86)\jmesoft\hotkey.exe
MSCONFIG\startupreg: Lenovo Dynamic Brightness System => C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe 1
MSCONFIG\startupreg: Lenovo Eye Distance System => C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe 1
MSCONFIG\startupreg: LenovoFSC => C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-2016598732-1189231270-1083687895-500 - Administrator - Disabled)
Carissa (S-1-5-21-2016598732-1189231270-1083687895-1004 - Administrator - Enabled) => C:\Users\Carissa
Chad (S-1-5-21-2016598732-1189231270-1083687895-1002 - Administrator - Enabled) => C:\Users\Chad
Guest (S-1-5-21-2016598732-1189231270-1083687895-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2016598732-1189231270-1083687895-1012 - Limited - Enabled)
Lilly and Violet (S-1-5-21-2016598732-1189231270-1083687895-1011 - Limited - Enabled) => C:\Users\Lilly and Violet
Mcx1-PC (S-1-5-21-2016598732-1189231270-1083687895-1006 - Limited - Enabled) => C:\Users\Mcx1-PC
Transcription (S-1-5-21-2016598732-1189231270-1083687895-1007 - Administrator - Enabled) => C:\Users\Transcription

==================== Faulty Device Manager Devices =============

Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 255 Processor
Percentage of memory in use: 24%
Total physical RAM: 8190.05 MB
Available physical RAM: 6216.25 MB
Total Pagefile: 16378.29 MB
Available Pagefile: 14259.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.59 GB) (Free:169.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (UNTITLED) (Removable) (Total:14.89 GB) (Free:14.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 00F0A9E6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=440.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 09 December 2014 - 08:12 AM

Task: {C477AA30-8204-4DF7-B624-9B2E7F382DA7} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {FAF70241-463C-470E-B1BD-676291EE9C56} - System32\Tasks\AutoKMSDaily => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\windows\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\windows\AutoKMS.exe

What's this?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 Nochte

Nochte
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 09 December 2014 - 09:09 AM

After doing a bit of research.  Nothing that is needed.  The net says it is part of a crack for Office, but I have a legit copy of office, so it is not something I need.



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 09 December 2014 - 09:34 AM

But why is a crack of Office on your system when you have a legit Office?

We Need to Diagnose a Possible Problem with WGA
This may be preventing you from installing that service pack.
  • Please download MGADiag and save it to your desktop.
  • Double click the mgadiag.png icon on your desktop.
  • Click Continue
  • Click Copy
  • Go to Start -> Run and type in "Notepad"
  • Go to Edit -> Paste in notepad.
  • x out all of the numbers and letters in the line beginning with "Windows Product Key:"
  • Copy and paste that log here.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 Nochte

Nochte
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 09 December 2014 - 01:35 PM

Wellll..... I may or may not have always had a legit Office.

 

Will get the MGADiag log up as soon as possible.



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 09 December 2014 - 02:44 PM

OK

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Nochte

Nochte
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 09 December 2014 - 07:14 PM

Here ya go...

 

MGADiag Log:

 

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-*****-*****-*****
Windows Product Key Hash: AYaBykmfTHUVW5whGaYMeVJn0/U=
Windows Product ID: 00359-OEM-8992687-00249
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {63AFB6FC-7051-428B-BED0-8BD3358F5314}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.140303-2144
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{63AFB6FC-7051-428B-BED0-8BD3358F5314}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-FJQKD</PKey><PID>00359-OEM-8992687-00249</PID><PIDType>2</PIDType><SID>S-1-5-21-2016598732-1189231270-1083687895</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>Lenovo H405</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>D2KT32AUS</Version><SMBIOSVersion major="2" minor="6"/><Date>20110211000000.000000+000</Date></BIOS><HWID>A9F83C07018400F4</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-03   </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>  

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, HomePremium edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800249-02-1033-7600.0000-0602011
Installation ID: 021396727004906840671215638481321712708071655620203465
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: FJQKD
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 12/9/2014 6:10:58 P

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NAAAAAEABAABAAIAAAACAAAAAQABAAEAln2Cqr5BlCAypRAzVPKiQGwDAigU2+ZEYJwYeQ==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
  ACPI Table Name    OEMID Value    OEMTableID Value
  APIC            LENOVO        TC-03
  FACP            LENOVO        TC-03
  HPET            LENOVO        TC-03
  MCFG            LENOVO        TC-03
  SSDT            LENOVO        TC-03   
  SLIC            LENOVO        TC-03   

 



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 10 December 2014 - 08:37 AM

Wellll..... I may or may not have always had a legit Office.

Why should I help people that crack software? Or use cracks?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 Nochte

Nochte
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 10 December 2014 - 09:13 AM

I was laid off a couple of years ago, and my wife decided to try transcription work to help us.  Money was tight, and she needed to get up and running.  If i remember correctly, we were just extending the trial period of Office until our situation improved.  Once things turned around, we bought the license.  You can see what we have installed on our machine.  Family tree maker, Sims, Turbo Lister... we aren't elite software pirates. I did what I did to help, and then I made it right.



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:46 AM

Posted 10 December 2014 - 09:52 AM

Another helper will contact you soon hopefully.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users