Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Work Computer Infected, dllhost.exe and dvupgrd.exe


  • This topic is locked This topic is locked
4 replies to this topic

#1 GenericName#3872

GenericName#3872

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 18 December 2014 - 01:43 PM

I have a computer here at work that has been running extremely slow. Several IT people have checked it out and have yet to even find a band-aide for it. We've run scans on everything from malwarebytes to McAfee to Eset. We've found some viruses and malware/spyware and malicious programs. But the issues sill persist, including the ones stated in the title.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by Lori2 (ATTENTION: The logged in user is not administrator) on FRONT-OFFICE on 18-12-2014 11:22:11
Running from C:\Users\Lori2\Downloads
Loaded Profile: Lori2 (Available profiles: Lori & ADMIN & QBDataServiceUser17 & QBDataServiceUser21 & Robert Hogan & Lori2)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Dell Computer Corporation) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(United Parcel Service, Inc.) C:\UPS\WSTD\WSTDMessaging.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\UPS\WSTD\UPSNA1Msgr.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NCR Corporation) C:\Program Files (x86)\NCR\Passport Web Edition\pwecsrvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
(Intuit) C:\Program Files (x86)\Intuit\QuickBooks 2014\QuickBooksMessaging.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Users\Lori2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lori2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lori2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lori2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lori2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lori2\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lori2\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Users\Lori2\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhst3g.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2727568 2014-11-25] ()
HKLM-x32\...\Run: [SoundMAXPnP] => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1314816 2009-04-23] (Analog Devices, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [NA1Messenger] => C:\UPS\WSTD\UPSNA1Msgr.exe [30744 2013-03-07] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Passport Web Edition Client] => C:\Program Files (x86)\NCR\Passport Web Edition\pwecsrvc.exe [24675 2013-04-24] (NCR Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKU\S-1-5-21-694751471-1203505059-785087458-1008\...\Run: [Google Update] => C:\Users\Lori2\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-694751471-1203505059-785087458-1008\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-694751471-1203505059-785087458-1008\...\MountPoints2: {a4e6fca8-a75b-11e2-86b8-bc305be8f23a} - F:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-694751471-1203505059-785087458-1008\...\MountPoints2: {b58b9275-bd5c-11e2-8415-bc305be8f23a} - F:\LaunchU3.exe -a
HKU\S-1-5-21-694751471-1203505059-785087458-1008\...\MountPoints2: {e0431291-cbb0-11e1-81fb-bc305be8f23a} - F:\LaunchU3.exe -a
HKU\S-1-5-21-694751471-1203505059-785087458-1008\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
ShortcutTarget: UPS WorldShip Messaging Utility.lnk -> C:\UPS\WSTD\WSTDMessaging.exe (United Parcel Service, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
ShortcutTarget: UPS WorldShip PLD Reminder Utility.lnk -> C:\UPS\WSTD\wstdPldReminder.exe (UPS)
Startup: C:\Users\Lori2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-694751471-1203505059-785087458-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-694751471-1203505059-785087458-1008 -> DefaultScope {DFC94D6A-36CA-405B-8BC5-DEE121B08D79} URL = https://search.yahoo.com/search?fr=mcafee&type=B014US105D20141106&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-694751471-1203505059-785087458-1008 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKU\S-1-5-21-694751471-1203505059-785087458-1008 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-694751471-1203505059-785087458-1008 -> {DFC94D6A-36CA-405B-8BC5-DEE121B08D79} URL = https://search.yahoo.com/search?fr=mcafee&type=B014US105D20141106&p={SearchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{0911E49D-6588-4CFC-B3A4-6B9366E976ED}: [NameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-694751471-1203505059-785087458-1008: @tools.google.com/Google Update;version=3 -> C:\Users\Lori2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-694751471-1203505059-785087458-1008: @tools.google.com/Google Update;version=9 -> C:\Users\Lori2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Lori2\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-11-08]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-05-08]
FF HKU\S-1-5-21-694751471-1203505059-785087458-1008\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Lori2\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Lori2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Lori2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-14]
CHR Extension: (Google Search) - C:\Users\Lori2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-14]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Lori2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2014-12-16]
CHR Extension: (Google Wallet) - C:\Users\Lori2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\Lori2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-14]
CHR StartMenuInternet: Google Chrome - C:\Users\Lori2\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 MSSQL$UPSWSDBSERVER; c:\UPS\WSTD\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2693448 2014-11-25] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-06-26] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]
S4 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks 2014\QBDBMgrN.exe [679936 2013-08-19] (Intuit, Inc.) [File not signed]
S3 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [2117120 2010-11-03] (Wave Systems Corp.) [File not signed]
S2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-08-18] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-08-18] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-18] (ESET)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 TsUsb2; C:\Windows\System32\Drivers\TSUSB2.sys [53760 2013-04-24] (HTL)
S1 dyqckkoh; \??\C:\Windows\system32\drivers\dyqckkoh.sys [X]
S1 hlzjksuq; \??\C:\Windows\system32\drivers\hlzjksuq.sys [X]
S1 khqnjicz; \??\C:\Windows\system32\drivers\khqnjicz.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-18 11:22 - 2014-12-18 11:25 - 00021166 _____ () C:\Users\Lori2\Downloads\FRST.txt
2014-12-18 10:59 - 2014-12-18 11:22 - 00000000 ____D () C:\FRST
2014-12-18 10:54 - 2014-12-18 10:58 - 02121216 _____ (Farbar) C:\Users\Lori2\Downloads\FRST64.exe
2014-12-18 08:04 - 2014-12-18 08:04 - 00000422 __RSH () C:\Users\Lori2\ntuser.pol
2014-12-17 16:52 - 2014-12-12 22:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-17 16:52 - 2014-12-12 20:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 16:07 - 2014-12-17 16:46 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 16:07 - 2014-12-17 16:07 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-17 16:07 - 2014-12-17 16:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-17 16:07 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-17 16:07 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-17 16:07 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-17 10:49 - 2014-12-17 10:49 - 00002252 _____ () C:\Users\Lori2\Downloads\GL_1503-3703_12172014_124756706.iif
2014-12-16 15:54 - 2014-12-16 16:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Lori2\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-16 10:43 - 2014-12-16 10:43 - 00000000 ____D () C:\Users\Lori2\AppData\Local\WebEx
2014-12-16 10:40 - 2014-12-16 10:42 - 00650568 _____ (Cisco WebEx LLC) C:\Users\Lori2\Downloads\Cisco_WebEx_Add-On (1).exe
2014-12-15 13:00 - 2014-11-25 16:15 - 02693448 _____ () C:\Windows\system32\nvwmi64.exe
2014-12-15 13:00 - 2014-11-25 16:15 - 00004425 _____ () C:\Windows\system32\nvPerfProvider.man
2014-12-15 13:00 - 2014-11-21 19:47 - 04103996 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-15 12:59 - 2014-11-25 16:15 - 00072904 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-12-15 12:59 - 2014-11-25 16:15 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-12-15 12:59 - 2014-05-19 19:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-12-15 12:59 - 2014-05-19 19:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 31514312 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 24201416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 22992072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 15294280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 13916088 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 13827712 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 12890312 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-15 12:49 - 2014-11-25 16:15 - 11271728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 11209192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 04245648 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 03986632 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 02824176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 01907400 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434121.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 01555656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434121.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 00944328 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 00908432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 00903496 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 00870032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-15 12:49 - 2014-11-25 16:15 - 00026155 _____ () C:\Windows\system32\nvinfo.pb
2014-12-15 12:47 - 2014-12-15 12:47 - 00000000 ____D () C:\NVIDIA
2014-12-15 12:46 - 2014-12-15 12:46 - 00000000 ____D () C:\Windows\Sun
2014-12-15 12:44 - 2014-12-15 12:47 - 216728232 _____ (NVIDIA Corporation) C:\Users\Lori2\Downloads\341.21-quadro-grid-desktop-notebook-win8-win7-64bit-international-whql.exe
2014-12-15 12:42 - 2014-12-15 12:42 - 00638888 _____ (Oracle Corporation) C:\Users\Lori2\Downloads\chromeinstall-8u25.exe
2014-12-11 11:14 - 2014-12-11 11:15 - 29235664 _____ (Intuit) C:\Users\Lori2\Downloads\qbfd.exe
2014-12-11 11:08 - 2014-12-11 11:08 - 00417064 _____ () C:\Users\Lori2\Downloads\DellSystemDetect.exe
2014-12-11 10:43 - 2014-12-11 10:43 - 00000017 _____ () C:\Users\Lori2\AppData\Local\resmon.resmoncfg
2014-12-10 22:40 - 2014-12-15 12:44 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-10 22:40 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-10 22:40 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-10 22:40 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-10 22:39 - 2014-12-10 22:40 - 00004700 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-10 21:38 - 2014-12-10 21:38 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-10 19:44 - 2014-11-26 18:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 19:44 - 2014-11-26 18:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 19:44 - 2014-11-21 20:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 19:44 - 2014-11-21 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 19:44 - 2014-11-21 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 19:44 - 2014-11-21 19:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 19:44 - 2014-11-21 19:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 19:44 - 2014-11-21 19:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 19:44 - 2014-11-21 19:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 19:44 - 2014-11-21 19:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 19:44 - 2014-11-21 19:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 19:44 - 2014-11-21 19:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 19:44 - 2014-11-21 19:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 19:44 - 2014-11-21 19:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 19:44 - 2014-11-21 19:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 19:44 - 2014-11-21 19:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 19:44 - 2014-11-21 19:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 19:44 - 2014-11-21 19:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 19:44 - 2014-11-21 19:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 19:44 - 2014-11-21 19:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 19:44 - 2014-11-21 19:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 19:44 - 2014-11-21 19:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 19:44 - 2014-11-21 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 19:44 - 2014-11-21 19:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 19:44 - 2014-11-21 19:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 19:44 - 2014-11-21 19:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 19:44 - 2014-11-21 19:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 19:44 - 2014-11-21 19:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 19:44 - 2014-11-21 19:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 19:44 - 2014-11-21 18:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 19:44 - 2014-11-21 18:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 19:44 - 2014-11-21 18:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 19:44 - 2014-11-21 18:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 19:44 - 2014-11-21 18:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 19:44 - 2014-11-21 18:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 19:44 - 2014-11-21 18:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 19:44 - 2014-11-21 18:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 19:44 - 2014-11-21 18:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 19:44 - 2014-11-21 18:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 19:44 - 2014-11-21 18:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 19:44 - 2014-11-21 18:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 19:44 - 2014-11-21 18:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 19:44 - 2014-11-21 18:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 19:44 - 2014-11-21 18:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 19:44 - 2014-11-21 18:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 19:44 - 2014-11-21 18:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 19:44 - 2014-11-21 18:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 19:44 - 2014-11-21 18:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 19:44 - 2014-11-21 18:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 19:44 - 2014-11-21 18:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 19:44 - 2014-11-21 18:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 19:44 - 2014-11-21 18:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 19:44 - 2014-11-21 17:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 19:44 - 2014-11-21 17:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 19:33 - 2014-12-10 19:33 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-10 16:52 - 2014-10-17 19:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-10 16:52 - 2014-10-17 18:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-10 16:28 - 2014-12-10 16:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 16:28 - 2014-12-10 16:28 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-10 14:05 - 2014-12-03 19:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 14:05 - 2014-12-03 19:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 14:05 - 2014-12-03 19:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 14:05 - 2014-12-03 19:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 14:05 - 2014-12-03 19:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 14:05 - 2014-12-03 19:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 14:05 - 2014-12-03 19:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 14:05 - 2014-12-01 16:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 14:05 - 2014-11-10 20:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 14:05 - 2014-11-10 19:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 14:05 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 14:05 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 14:05 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 14:05 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 14:05 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 14:05 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 14:05 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 14:05 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 14:05 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 14:05 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 14:05 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 14:05 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 14:05 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 14:03 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 14:03 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-04 22:20 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-04 22:20 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-04 10:54 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-04 10:53 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-04 10:53 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-04 10:53 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-04 10:53 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-04 10:53 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-04 10:53 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-04 10:53 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-04 10:53 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-12-04 10:53 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-12-04 10:53 - 2013-10-01 17:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-04 10:53 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-04 10:53 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-04 10:53 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-04 10:53 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-04 10:53 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-21 07:57 - 2014-11-21 07:57 - 00000000 ____D () C:\Users\Lori2\AppData\Roaming\ESET
2014-11-21 07:57 - 2014-11-21 07:57 - 00000000 ____D () C:\Users\Lori2\AppData\Local\ESET
2014-11-20 14:31 - 2014-11-20 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-11-20 14:31 - 2014-11-20 14:31 - 00000000 ____D () C:\ProgramData\ESET
2014-11-20 14:31 - 2014-11-20 14:31 - 00000000 ____D () C:\Program Files\ESET
2014-11-20 14:24 - 2014-11-20 14:24 - 00000085 _____ () C:\Windows\wininit.ini
2014-11-20 14:23 - 2014-11-20 14:23 - 01661128 _____ (ESET) C:\Users\Lori2\Downloads\eset_smart_security_live_installer.exe
2014-11-19 08:05 - 2014-11-10 20:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 08:05 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 08:05 - 2014-11-10 19:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 08:05 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-18 11:17 - 2011-11-09 07:02 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1008UA.job
2014-12-18 11:10 - 2013-08-15 05:49 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-18 11:01 - 2011-09-30 12:57 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1000UA.job
2014-12-18 10:58 - 2011-11-08 14:04 - 00000000 ____D () C:\Users\Lori2\Documents\Outlook Files
2014-12-18 08:51 - 2011-08-22 12:17 - 01382648 _____ () C:\Windows\WindowsUpdate.log
2014-12-18 08:38 - 2009-07-13 21:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-18 08:38 - 2009-07-13 21:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-18 08:17 - 2011-11-09 07:02 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1008Core.job
2014-12-18 08:04 - 2011-11-08 13:38 - 00000000 ____D () C:\Users\Lori2
2014-12-18 08:02 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 08:02 - 2009-07-13 21:51 - 00138871 _____ () C:\Windows\setupact.log
2014-12-17 16:46 - 2012-02-21 13:29 - 00000210 _____ () C:\Windows\wstdUPSWSHIP.INI
2014-12-17 16:31 - 2010-11-20 20:47 - 00284310 _____ () C:\Windows\PFRO.log
2014-12-17 16:20 - 2011-09-26 20:13 - 00000000 ____D () C:\Users\ADMIN
2014-12-17 14:13 - 2012-03-01 09:24 - 00000000 ____D () C:\UPS
2014-12-17 12:01 - 2011-09-30 12:57 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1000Core.job
2014-12-15 13:36 - 2011-09-27 18:08 - 00000000 ____D () C:\Program Files (x86)\Intuit
2014-12-15 13:00 - 2011-08-22 14:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-15 13:00 - 2011-08-22 14:11 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-15 13:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help
2014-12-15 13:00 - 2008-05-10 16:41 - 00000000 ____D () C:\temp
2014-12-15 12:58 - 2011-08-22 14:11 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-12-15 12:44 - 2013-10-22 09:48 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-15 12:44 - 2013-08-06 09:50 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-15 09:26 - 2009-07-13 22:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-12-13 14:31 - 2011-11-09 14:05 - 00000000 ____D () C:\Users\Lori2\Desktop\Word Docs
2014-12-12 18:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-12-12 09:30 - 2014-11-06 09:42 - 00002372 _____ () C:\Users\Lori2\Desktop\Google Chrome.lnk
2014-12-11 11:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-11 08:47 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 22:36 - 2013-08-15 05:49 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-10 22:36 - 2011-08-22 12:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 19:33 - 2014-05-06 16:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-10 19:33 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-10 16:58 - 2011-09-17 15:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 16:57 - 2013-07-29 19:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 16:54 - 2011-09-17 16:24 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 16:28 - 2011-09-30 13:06 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-10 16:28 - 2011-09-30 13:06 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-04 15:59 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-30 12:53 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-11-25 16:15 - 2011-08-22 13:59 - 18634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-11-25 16:15 - 2011-08-22 13:59 - 16128040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-25 16:15 - 2011-08-22 13:59 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-11-25 16:15 - 2011-08-22 13:59 - 03209736 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-11-25 14:39 - 2009-12-04 03:45 - 06782152 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-11-25 14:39 - 2009-12-04 03:45 - 03522192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-11-25 14:39 - 2009-12-04 03:45 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-11-25 14:39 - 2009-12-04 03:45 - 00932040 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-11-25 14:39 - 2009-12-04 03:45 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-11-25 14:39 - 2009-12-04 03:45 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-11-25 13:57 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-11-24 15:21 - 2014-07-25 10:47 - 00115320 _____ () C:\Users\Lori2\Documents\2014 Vacation1.xlsx
2014-11-24 15:07 - 2014-07-09 10:21 - 00027791 _____ () C:\Users\Lori2\Desktop\Petty Cash Log.xlsx
2014-11-24 14:04 - 2010-11-20 20:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-20 14:28 - 2012-07-10 06:43 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-20 14:24 - 2014-11-14 11:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
 
Some content of TEMP:
====================
C:\Users\Lori\AppData\Local\Temp\dbfhide.exe
C:\Users\Lori\AppData\Local\Temp\dblgen11.dll
C:\Users\Lori\AppData\Local\Temp\dblib11.dll
C:\Users\Lori\AppData\Local\Temp\dbtool11.dll
C:\Users\Lori\AppData\Local\Temp\FsdRegistration.dll
C:\Users\Lori\AppData\Local\Temp\GDSBLMgr.dll
C:\Users\Lori\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Users\Lori\AppData\Local\Temp\MSN5613.exe
C:\Users\Lori\AppData\Local\Temp\MSN9FCC.exe
C:\Users\Lori\AppData\Local\Temp\msvcp90.dll
C:\Users\Lori\AppData\Local\Temp\msvcr90.dll
C:\Users\Lori\AppData\Local\Temp\QBFirwal.dll
C:\Users\Lori\AppData\Local\Temp\qbinstal.dll
C:\Users\Lori\AppData\Local\Temp\QBNGEN.dll
C:\Users\Lori\AppData\Local\Temp\SMUnInstaller.dll
C:\Users\Lori\AppData\Local\Temp\stlport_r50.dll
C:\Users\Lori\AppData\Local\Temp\StopQBServer.dll
C:\Users\Lori\AppData\Local\Temp\UtilDBSetup.dll
C:\Users\Lori2\AppData\Local\Temp\launch.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-12-2014
Ran by Lori2 at 2014-12-18 11:36:20
Running from C:\Users\Lori2\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709n (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AlignmentUtility (x32 Version: 16.00.0000 - UPS) Hidden
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (HKLM\...\{982E1601-0DFC-4FD3-A427-AC6570697858}) (Version: 14.0.3.2 - Broadcom Corporation)
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CCC (x32 Version: 16.00.0000 - United Parcel Service, Inc.) Hidden
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.12068.0 - Cisco Consumer Products LLC)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Custom (Version: 12.34.56.789 - Wave Systems Corp.) Hidden
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3225 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Data Protection | Access (HKLM-x32\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.0.00000.085 - Dell Inc.)
Dell Data Protection | Access (Version: 01.01.00.085 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM-x32\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 1.00.011 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM-x32\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 1.00.005 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell System Manager (HKLM\...\{0DB0EA38-E806-44ED-A892-489F2E305080}) (Version: 1.5.00000 - Dell Inc.)
DellAccess (Version: 01.01.00.053 - Wave Systems Corp.) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DocMgr (x32 Version: 140.0.65.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.100.000 - Hewlett-Packard) Hidden
EMBASSY Security Center (Version: 04.03.00.067 - Wave Systems Corp.) Hidden
ESET Smart Security (HKLM\...\{C082CDB9-D173-4740-AE0E-C685E6F44850}) (Version: 8.0.304.0 - ESET, spol s r. o.)
Fax (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
FormsComponent (x32 Version: 16.00.0000 - UPS) Hidden
FOSS (x32 Version: 16.00.0500 - UPS) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
Google Chrome (HKU\S-1-5-21-694751471-1203505059-785087458-1008\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet 6500 E709 Series (HKLM\...\{58D79E62-CFC8-4331-8469-3A1B16E1769C}) (Version: 14.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{F792E5B0-11C4-4C68-8A63-FB5F52749180}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPOJ8600_N911g_FWUpdateAlert (x32 Version: 1.00.0000 - HP) Hidden
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ICCHelp (HKLM-x32\...\{A5763105-D1D5-4862-A3FE-EC058F9AA73E}) (Version: 1.0.0.2 - UPS)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSIChecker (x32 Version: 9.00.0000 - UPS) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NA1Messenger (x32 Version: 16.00.0000 - Your Company Name) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NRF (x32 Version: 16.00.0000 - UPS) Hidden
NTRU TCG Software Stack (Version: 2.1.34 - Security Innovation) Hidden
NVIDIA Graphics Driver 341.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.21 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PolicyManager (x32 Version: 16.00.0000 - UPS) Hidden
Preboot Manager (Version: 03.03.00.049 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.01.00.007 - Wave Systems Corp.) Hidden
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
QuickBooks (x32 Version: 24.0.4007.2403 - Intuit Inc.) Hidden
QuickBooks File Doctor (HKLM-x32\...\{DFFCFEBF-1148-43CF-8DC2-ECE3C1EEAEC2}) (Version: 3.6.6 - Intuit)
QuickBooks Premier: Mfg and Whsle Edition 2014 (HKLM-x32\...\{46984AEC-E137-4567-8A1A-8BC71862611F}) (Version: 24.0.4001.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Reconciler (x32 Version: 16.00.0000 - UPS) Hidden
RemoteDepositWebClient (HKLM-x32\...\{6A26BCFD-3C93-423A-AA26-AEF9BAD83CA4}) (Version: 3.09.01.02 - NCR)
ReportServer (x32 Version: 16.00.0000 - Your Company Name) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 12.0.0.2769 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Intuit QuickBooks 2004-2013 (x32 Version: 10.1.0.2416 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Microsoft Outlook 97-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Word 2000-2010 (x32 Version: 10.1.0.2416 - Stamps.com, Inc.) Hidden
Stamps.com support for Intuit QuickBooks 2004-2013 (HKLM-x32\...\Stamps.com support for Intuit QuickBooks 2004-2013) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Outlook 97-2010 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 97-2010) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Word 2000-2010 (HKLM-x32\...\Stamps.com support for Microsoft Word 2000-2010) (Version:  - Stamps.com, Inc.)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
SupportUtility (x32 Version: 16.00.0000 - Your Company Name) Hidden
System (x32 Version: 16.00.0000 - UPS) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Trusted Drive Manager (Version: 4.0.0.512 - Wave Systems Corp.) Hidden
UnifiedPrinting (x32 Version: 16.00.0000 - UPS) Hidden
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
UPS WorldShip (HKLM-x32\...\UPS WorldShip) (Version: 15.0 - UPS)
UPSDB (x32 Version: 16.00.0000 - UPS) Hidden
UPSICC (x32 Version: 16.00.0000 - UPS) Hidden
UPSlinkHTTP (x32 Version: 1.0.0.13 - UPS) Hidden
UPSVC2008MM (x32 Version: 1.00.0000 - UPS) Hidden
UPSVCMM (x32 Version: 12.00.0000 - UPS) Hidden
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Wave Infrastructure Installer (Version: 07.66.40.0008 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.13.00.014 - Wave Systems Corp) Hidden
WebHelp (HKLM-x32\...\{8C5BD501-AD5D-4A75-9321-076509B438FC}) (Version: 1.00.0000 - UPS)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
Windows Driver Package - Digital Check Corporation (TsUsb2) USB  (04/01/2010 2.0.0.0) (HKLM\...\1BCFCB58CAD0C622A504194B76156A833DE92C31) (Version: 04/01/2010 2.0.0.0 - Digital Check Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WorldShip (x32 Version: 16.00.0000 - UPS) Hidden
WSShared (x32 Version: 16.00.0000 - UPS) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1000Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1000UA.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1008Core.job => C:\Users\Lori2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1008UA.job => C:\Users\Lori2\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-05 07:04 - 2013-03-07 05:15 - 00030744 _____ () C:\UPS\WSTD\UPSNA1Msgr.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Lori\AppData\Roaming\Comma Separated Values (DOS).EML:OECustomProperty
AlternateDataStreams: C:\Users\Lori\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty
AlternateDataStreams: C:\Users\Lori\AppData\Roaming\Microsoft Excel.EML:OECustomProperty
AlternateDataStreams: C:\Users\Lori\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: nwiz => C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
 
========================= Accounts: ==========================
 
ADMIN (S-1-5-21-694751471-1203505059-785087458-1003 - Administrator - Enabled) => C:\Users\ADMIN
Administrator (S-1-5-21-694751471-1203505059-785087458-500 - Administrator - Disabled)
Guest (S-1-5-21-694751471-1203505059-785087458-501 - Limited - Enabled)
Lori (S-1-5-21-694751471-1203505059-785087458-1000 - Limited - Enabled) => C:\Users\Lori
Lori2 (S-1-5-21-694751471-1203505059-785087458-1008 - Limited - Enabled) => C:\Users\Lori2
QBDataServiceUser17 (S-1-5-21-694751471-1203505059-785087458-1005 - Limited - Enabled) => C:\Users\QBDataServiceUser17
QBDataServiceUser21 (S-1-5-21-694751471-1203505059-785087458-1006 - Limited - Enabled) => C:\Users\QBDataServiceUser21
QBDataServiceUser24 (S-1-5-21-694751471-1203505059-785087458-1012 - Limited - Enabled)
Robert Hogan (S-1-5-21-694751471-1203505059-785087458-1007 - Limited - Enabled) => C:\Users\Robert Hogan
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/18/2014 08:27:11 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2014":
Error reading server location from registry :The system cannot find the file specified.
 
Error: (12/18/2014 08:26:33 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks: Premier Manufacturing and Wholesale Edition 2014":
Error reading server location from registry :The system cannot find the file specified.
 
Error: (12/18/2014 08:24:29 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Error reading server location from registry :The system cannot find the file specified.
 
Error: (12/18/2014 08:05:21 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Error: creating load at startup registry Keys:0.
 
Error: (12/18/2014 08:04:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2014 04:47:18 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Error: creating load at startup registry Keys:0.
 
Error: (12/17/2014 04:46:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2014 04:33:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2014 04:03:44 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Error: creating load at startup registry Keys:0.
 
Error: (12/17/2014 04:02:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (12/18/2014 11:31:36 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (12/18/2014 11:06:27 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
 
Error: (12/18/2014 10:46:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intuit QuickBooks FCS service failed to start due to the following error: 
%%1053
 
Error: (12/18/2014 10:46:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Intuit QuickBooks FCS service to connect.
 
Error: (12/18/2014 10:46:18 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053QBFCService{E2F551B5-D7E4-351C-A975-2E8EEE4D1917}
 
Error: (12/18/2014 10:08:14 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
 
Error: (12/18/2014 09:15:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
 
Error: (12/18/2014 09:04:50 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
 
Error: (12/18/2014 08:32:56 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.
 
Error: (12/18/2014 08:22:49 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.
 
 
Microsoft Office Sessions:
=========================
Error: (12/18/2014 08:27:11 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks: Premier Manufacturing and Wholesale Edition 2014Error reading server location from registry :The system cannot find the file specified.
 
Error: (12/18/2014 08:26:33 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks: Premier Manufacturing and Wholesale Edition 2014Error reading server location from registry :The system cannot find the file specified.
 
Error: (12/18/2014 08:24:29 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksError reading server location from registry :The system cannot find the file specified.
 
Error: (12/18/2014 08:05:21 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksError: creating load at startup registry Keys:0.
 
Error: (12/18/2014 08:04:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2014 04:47:18 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksError: creating load at startup registry Keys:0.
 
Error: (12/17/2014 04:46:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2014 04:33:15 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (12/17/2014 04:03:44 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksError: creating load at startup registry Keys:0.
 
Error: (12/17/2014 04:02:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Xeon® CPU W3505 @ 2.53GHz
Percentage of memory in use: 91%
Total physical RAM: 4093.55 MB
Available physical RAM: 357.55 MB
Total Pagefile: 14091.73 MB
Available Pagefile: 7322.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:282.29 GB) (Free:115.87 GB) NTFS
Drive y: (DATAPART1) (Network) (Total:613.58 GB) (Free:589.02 GB) NTFS
Drive z: (DATAPART1) (Network) (Total:613.58 GB) (Free:589.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,701 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:26 PM

Posted 19 December 2014 - 03:44 AM

Hi GenericName#3872, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 
  • Step #1 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      Closeprocesses:
      Emptytemp:
      HKLM-x32\...\Run: [] => [X]
      HKU\S-1-5-21-694751471-1203505059-785087458-1008\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
      SearchScopes: HKU\S-1-5-21-694751471-1203505059-785087458-1008 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
      SearchScopes: HKU\S-1-5-21-694751471-1203505059-785087458-1008 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
      SearchScopes: HKU\S-1-5-21-694751471-1203505059-785087458-1008 -> {CEA0D387-8A75-405C-A767-16199758F4CA} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=C4702716-0722-4113-A278-8B44353EC10E&apn_sauid=C2231CBD-7F9B-4A67-B007-5D05C5A065A6
      S1 dyqckkoh; \??\C:\Windows\system32\drivers\dyqckkoh.sys [X]
      S1 hlzjksuq; \??\C:\Windows\system32\drivers\hlzjksuq.sys [X]
      S1 khqnjicz; \??\C:\Windows\system32\drivers\khqnjicz.sys [X]
      Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1000Core.job => ?
      Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1000UA.job => ?
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #2 Scan with Farbar Service Scanner
    • Please download Farbar Service Scanner by Farbar to your Desktop from the link below.
      Download Link
    • Right-click and choose Run as Administrator;
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
 
  • Required Log(s):
    • Farbar Tool Log(s)--
      • FRST Fix Log
      • FSS.txt
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 GenericName#3872

GenericName#3872
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 19 December 2014 - 03:42 PM

Sorry it took so long. Here are the logs you asked for.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by Lori2 at 2014-12-19 08:39:42 Run:1
Running from C:\Users\Lori2\Downloads
Loaded Profile: Lori2 (Available profiles: Lori & ADMIN & QBDataServiceUser17 & QBDataServiceUser21 & Robert Hogan & Lori2)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
Closeprocesses:
Emptytemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-694751471-1203505059-785087458-1008\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
SearchScopes: HKU\S-1-5-21-694751471-1203505059-785087458-1008 -> {49606DC7-976D-4030-A74E-9FB5C842FA68} URL = 
SearchScopes: HKU\S-1-5-21-694751471-1203505059-785087458-1008 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
S1 dyqckkoh; \??\C:\Windows\system32\drivers\dyqckkoh.sys [X]
S1 hlzjksuq; \??\C:\Windows\system32\drivers\hlzjksuq.sys [X]
S1 khqnjicz; \??\C:\Windows\system32\drivers\khqnjicz.sys [X]
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1000Core.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1000UA.job => ?
End
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value could not be deleted.
"HKU\S-1-5-21-694751471-1203505059-785087458-1008\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
"HKU\S-1-5-21-694751471-1203505059-785087458-1008\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
"HKU\S-1-5-21-694751471-1203505059-785087458-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => Key not found.
"HKCR\CLSID\{49606DC7-976D-4030-A74E-9FB5C842FA68}" => Key not found.
"HKU\S-1-5-21-694751471-1203505059-785087458-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKU\S-1-5-21-694751471-1203505059-785087458-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CEA0D387-8A75-405C-A767-16199758F4CA}" => Key not found.
"HKCR\CLSID\{CEA0D387-8A75-405C-A767-16199758F4CA}" => Key not found.
dyqckkoh => Error deleting Service
hlzjksuq => Error deleting Service
khqnjicz => Error deleting Service
Could not move "C:\Windows\Tasks\Adobe Flash Player Updater.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1000Core.job" => Scheduled to move on reboot.
Could not move "C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1000UA.job" => Scheduled to move on reboot.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-19 13:40:07)<=
 
==> ATTENTION: System is not rebooted.
"C:\Windows\Tasks\Adobe Flash Player Updater.job" => File could not move.
"C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1000Core.job" => File could not move.
"C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-694751471-1203505059-785087458-1000UA.job" => File could not move.
 
==== End of Fixlog ====
 
 
 
 
 
 
 
 
 
Farbar Service Scanner Version: 21-07-2014
Ran by Lori2 (ATTENTION: The logged in user is not administrator) on 19-12-2014 at 13:42:02
Running from "C:\Users\Lori2\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
 
VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.
 
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#4 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,701 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:26 PM

Posted 20 December 2014 - 01:07 AM

  • Step #3 Run ComboFix
    Download ComboFix by sUBs from one of the suitable locations listed below and save it to your Desktop.
    Download Link #1
    Download Link #2
    Donwload Link #3

    Warning

    Please acknowledged yourself this warning beforehand. The tool, ComboFix, is an extremely powerful malware removal tool if not one of the most powerful tools ever created. In the hands of an inept person or a simple mistake can render your machine un-bootable. Peruse every step I listed below unless you want a dreadful occurrence.

    ***

    • Disable your security software. For more information, peruse this thread;
    • Right-click and choose Run as administrator to run the program.
    • As a buit-in process, ComboFix will check if you system has Microsoft Windows Recovery Console installed. Let Combofix download and install Microsoft Windows Recovery Console.
      • It requires an active internet connection.
      • If your system already has Microsoft Windows Recovery Console installed, this step will be skipped
    • ComboFix will now scan your system for malwares and will attempt to remove them.
      • Note: ComboFix performs fifty steps during this fix. Please be patient.
    • After the scan your system will reboot and a log will be produced. The log is automatically saved in C:\ComboFix.txt.
    • Post the contents of the log in your next reply.
    Crucial Notes:
    • Do not mouse-click when ComboFix is running as it may stall.
    • Do not re-run ComboFix if you face a problem. Ask for my instruction here.
    • ComboFix will make Internet Explorer your default browser and will change number of different Internet Explorer settings.
    • ComboFix prevents autorun functions of all CD and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you, please tell me.
    • It is possible that ComboFix, even on its first run, may have fixed the problems you are having. We strongly suggest that you still post your log into the topic that you are receiving help as you most likely will have infections left over that your helper will need to analyze further.
    • ComboFix will disconnect your system from internet for security measures. The connection is automatically restored after the scan but if it does not, it can be restored by rebooting the PC.
 
  • Required Log(s):
    • Combofix Log
Regards,
Valinorum

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#5 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,701 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:26 PM

Posted 26 December 2014 - 11:32 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users