Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Getting a Security Information window - cannot remove it!


  • This topic is locked This topic is locked
7 replies to this topic

#1 lakititi

lakititi

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 22 January 2015 - 05:47 PM

I am getting this Security information window that says: Your system has been blocked for security reasons (I also attached the image of the pop up together with the FRST Addition log )

I ran malware bytes and it's not picking up anything up. Ran adwcleaner and it found something which I removed but I am still getting the pop up. 

 

Here is my FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by KDemos (administrator) on KDEMOS-W7L on 22-01-2015 16:28:48
Running from C:\Users\KDemos\Downloads
Loaded Profiles: KDemos (Available profiles: Katerina & RLaigo & KDemos)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Patch Agent\spa.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Bomgar) C:\ProgramData\bomgar-scc-0x54c175be\bomgar-scc.exe
(Bomgar) C:\ProgramData\bomgar-scc-0x54c175be\bomgar-scc.exe
() C:\ProgramData\bomgar-scc-0x54c175be\nstvstub.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-01-31] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-03-28] (Sophos Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-764903313-1208633371-1849977318-319209\...\MountPoints2: {37bdc546-9776-11e4-b8eb-68a86d1697a1} - F:\SETUP.EXE
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD2258831482] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x54bec8c0" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2258831482 /f
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD396865148] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x54bf27ea" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD396865148 /f
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-04-30] (Sophos Limited)
AppInit_DLLs-x32: c:\progra~2\sophos\sophos~1\sophos~1.dll => c:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-04-30] (Sophos Limited)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-764903313-1208633371-1849977318-319209\Software\Microsoft\Internet Explorer\Main,Start Page = http://mnet/home/Default.aspx
HKU\S-1-5-21-764903313-1208633371-1849977318-319209\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-764903313-1208633371-1849977318-319209\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mmweb/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-764903313-1208633371-1849977318-319209 -> {57B8C947-777B-4E89-B0B6-FBDFCAC6FA5E} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-764903313-1208633371-1849977318-319209 -> {7E8EC029-D269-4FAE-90A7-C5F75D2370C7} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.15.2.150 10.21.2.150
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-19]
CHR Extension: (Google Drive) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-22]
CHR Extension: (YouTube) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-19]
CHR Extension: (Google Search) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
CHR Extension: (Gmail) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-19]
CHR Extension: (PriceLeess) - C:\ProgramData\eajcljjjahokcoeocggaokgnopokmoae\ [2014-12-19]
CHR Extension: (ProicueLesS) - C:\ProgramData\naaiglkdejlagnmoiocgfgnepafnhbof\ [2014-12-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-01-31] ()
R2 bomgar-scc-54C175BE; C:\ProgramData\bomgar-scc-0x54c175be\bomgar-scc.exe [7954336 2014-10-18] (Bomgar)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-12-15] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-12-15] (Sophos Limited)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2014-12-15] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-03-28] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2014-12-15] (Sophos Limited)
R2 Sophos Patch Agent; C:\Program Files\Sophos\Sophos Patch Agent\spa.exe [3163432 2014-12-15] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-12-15] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-12-15] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-12-15] (Sophos Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2013-09-06] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [39424 2013-09-06] (Apple Inc.)
S3 AppleODD; C:\Windows\System32\DRIVERS\AppleODD.sys [8704 2012-12-22] (Apple Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2014-01-31] (Intel Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-12-15] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-12-15] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-12-15] (Sophos Limited)
U0 SR; No ImagePath
U2 srservice; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 16:28 - 2015-01-22 16:29 - 00019626 _____ () C:\Users\KDemos\Downloads\FRST.txt
2015-01-22 16:28 - 2015-01-22 16:28 - 00000000 ____D () C:\FRST
2015-01-22 16:27 - 2015-01-22 16:27 - 02126848 _____ (Farbar) C:\Users\KDemos\Downloads\FRST64.exe
2015-01-22 16:13 - 2014-10-18 00:02 - 00010240 _____ () C:\Users\KDemos\AppData\Local\Z@!-9b757dd0-12b2-4709-a508-0940e3927e2a.tmp
2015-01-22 16:13 - 2014-10-18 00:02 - 00010240 _____ () C:\ProgramData\Z@!-aab60b88-005e-4094-80f6-bbe07a192cc1.tmp
2015-01-22 16:13 - 2014-10-18 00:02 - 00009216 _____ () C:\Users\KDemos\AppData\Local\Z@S!-93682244-ccd5-4f58-b906-865b20c0d369.tmp
2015-01-22 16:13 - 2014-10-18 00:02 - 00009216 _____ () C:\ProgramData\Z@S!-910b2f70-83dd-4238-b63e-b1b39136aadb.tmp
2015-01-22 16:12 - 2015-01-22 16:29 - 00000000 ____D () C:\ProgramData\bomgar-scc-0x54c175be
2015-01-21 16:37 - 2015-01-21 16:37 - 00000000 ____D () C:\Users\KDemos\Desktop\firestone
2015-01-21 14:47 - 2015-01-22 16:13 - 00322392 _____ () C:\Users\KDemos\Desktop\Complete Adv Auto List.xlsx
2015-01-20 22:28 - 2015-01-20 22:28 - 02186752 _____ () C:\Users\KDemos\Downloads\AdwCleaner.exe
2015-01-20 22:27 - 2015-01-20 22:27 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\KDemos\Downloads\tdsskiller.exe
2015-01-20 22:17 - 2015-01-20 22:17 - 00000000 ____D () C:\Windows\pss
2015-01-20 22:15 - 2015-01-20 22:15 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Deployment
2015-01-20 22:15 - 2015-01-20 22:15 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Apps\2.0
2015-01-20 15:41 - 2015-01-20 15:41 - 00000020 ___SH () C:\Users\rlaigo\ntuser.ini
2015-01-20 15:41 - 2015-01-20 15:41 - 00000000 ____D () C:\Users\rlaigo
2015-01-20 15:41 - 2015-01-13 09:31 - 00000000 ____D () C:\Users\rlaigo\AppData\Local\Microsoft Help
2015-01-20 15:41 - 2014-12-22 12:38 - 00002112 _____ () C:\Users\rlaigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-20 15:41 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\rlaigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 15:41 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\rlaigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 15:36 - 2015-01-20 15:36 - 00003864 _____ () C:\Windows\System32\Tasks\GeniusBox
2015-01-20 14:18 - 2015-01-20 14:18 - 00011888 _____ () C:\Users\KDemos\Desktop\Copy of IL Advance Auto List.xlsx
2015-01-20 14:14 - 2015-01-20 14:17 - 00310710 _____ () C:\Users\KDemos\Downloads\Adv Auto List-Complete.xlsx
2015-01-20 14:05 - 2015-01-20 14:18 - 00044976 _____ () C:\Users\KDemos\Downloads\Adv Auto OH List Update June 11th (3).xlsx
2015-01-20 14:05 - 2015-01-20 14:07 - 00310706 _____ () C:\Users\KDemos\Downloads\Complete Adv Auto List.xlsx
2015-01-20 13:58 - 2015-01-20 14:18 - 00050986 _____ () C:\Users\KDemos\Downloads\ADV FLORIDA.xlsx
2015-01-20 13:58 - 2015-01-20 14:18 - 00028048 _____ () C:\Users\KDemos\Downloads\Adv Auto MI List.xlsx
2015-01-20 13:58 - 2015-01-20 14:18 - 00023613 _____ () C:\Users\KDemos\Downloads\Adv Auto  Kansas and Kentucky.xlsx
2015-01-20 13:58 - 2015-01-20 14:18 - 00017444 _____ () C:\Users\KDemos\Downloads\Adv Auto WI List.xlsx
2015-01-20 13:58 - 2015-01-20 14:13 - 00033585 _____ () C:\Users\KDemos\Downloads\Adv Auto TN IA MN.xlsx
2015-01-20 13:58 - 2015-01-20 14:05 - 00011826 _____ () C:\Users\KDemos\Downloads\IL Advance Auto List.xlsx
2015-01-20 13:57 - 2015-01-20 14:18 - 00023916 _____ () C:\Users\KDemos\Downloads\Adv Auto IN List.xlsx
2015-01-19 14:33 - 2015-01-19 14:33 - 00015781 _____ () C:\Users\KDemos\Documents\Copy of Firestone MI MO KS List updates.xlsx
2015-01-13 13:59 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 13:59 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 13:59 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 13:59 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 13:59 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 13:59 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 13:59 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 13:59 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 13:59 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 13:59 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 13:59 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 13:59 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 13:59 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 09:31 - 2015-01-13 09:31 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-13 09:31 - 2015-01-13 09:31 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-12 09:37 - 2015-01-19 09:40 - 00010733 _____ () C:\Windows\system32\ScanResults.xml
2015-01-12 09:35 - 2015-01-19 09:38 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-01-09 13:19 - 2015-01-09 13:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-09 09:54 - 2015-01-09 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-01-09 09:54 - 2015-01-09 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-09 09:53 - 2015-01-09 09:53 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-09 09:53 - 2015-01-09 09:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-01-09 09:53 - 2015-01-09 09:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-01-09 09:53 - 2015-01-09 09:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-09 09:48 - 2015-01-09 09:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-01-09 09:47 - 2015-01-09 09:47 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-09 09:47 - 2015-01-09 09:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-01-09 09:46 - 2015-01-14 11:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-09 09:44 - 2015-01-09 09:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_AppleODD_01005.Wdf
2015-01-08 09:34 - 2015-01-08 09:34 - 00000165 ____H () C:\Users\KDemos\Desktop\~$Eman Database Firestone.xlsx
2015-01-07 13:16 - 2015-01-20 16:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 13:15 - 2015-01-07 13:15 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-07 13:15 - 2015-01-07 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-07 13:15 - 2015-01-07 13:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 13:15 - 2015-01-07 13:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-07 13:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-07 13:15 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-07 13:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-07 11:55 - 2015-01-07 11:55 - 00000000 ____D () C:\Users\KDemos\AppData\Local\VirtualStore
2015-01-07 11:16 - 2015-01-07 11:16 - 00003102 _____ () C:\Windows\System32\Tasks\{94327B83-0C44-4084-A661-4BFD018D7736}
2015-01-07 11:14 - 2015-01-20 16:47 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-07 11:13 - 2015-01-07 11:13 - 00000363 _____ () C:\Users\KDemos\Desktop\Control Panel - Shortcut.lnk
2015-01-07 10:40 - 2015-01-08 10:59 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-01-07 10:40 - 2015-01-07 11:54 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-01-07 10:40 - 2015-01-07 11:18 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-01-07 10:40 - 2015-01-07 10:40 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-01-07 10:39 - 2015-01-07 10:39 - 00628496 _____ (CMI Limited) C:\Users\KDemos\AppData\Local\nsv7800.tmp
2015-01-07 10:28 - 2015-01-07 10:28 - 00000047 _____ () C:\Users\KDemos\AppData\Roaming\WB.CFG
2015-01-07 09:44 - 2015-01-07 09:44 - 00000000 ____D () C:\Users\KDemos\AppData\Local\A
2015-01-07 09:40 - 2015-01-07 09:40 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Sophos
2015-01-07 09:34 - 2015-01-07 09:37 - 00000000 ____D () C:\Users\KDemos\AppData\Local\GetNowUpdater
2015-01-07 09:34 - 2015-01-07 09:34 - 00000000 ____D () C:\Users\KDemos\AppData\Roaming\mozilla
2015-01-07 09:33 - 2015-01-07 09:33 - 00000000 ____D () C:\Users\KDemos\AppData\Roaming\Macromedia
2015-01-07 09:31 - 2015-01-07 09:31 - 00000000 ____D () C:\Program Files (x86)\Enhance Browser
2015-01-07 09:30 - 2015-01-19 16:47 - 00000000 ____D () C:\ProgramData\naaiglkdejlagnmoiocgfgnepafnhbof
2015-01-07 09:30 - 2015-01-19 16:47 - 00000000 ____D () C:\ProgramData\eajcljjjahokcoeocggaokgnopokmoae
2015-01-07 09:30 - 2015-01-07 13:39 - 00000000 ____D () C:\Program Files (x86)\ProicueLesS
2015-01-07 09:30 - 2015-01-07 13:39 - 00000000 ____D () C:\Program Files (x86)\PriceLeess
2015-01-07 09:29 - 2015-01-07 09:29 - 00004046 _____ () C:\Windows\System32\Tasks\{ce70445a-e564-46fc-956b-edee4b4911a7}
2015-01-07 09:29 - 2015-01-07 09:29 - 00000000 ____D () C:\Users\KDemos\AppData\Roaming\JavaUpdaterV118
2015-01-07 09:29 - 2015-01-07 09:29 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Developerts_LLC
2015-01-06 22:33 - 2015-01-06 22:33 - 00004472 _____ () C:\Windows\System32\Tasks\Validate Installation
2015-01-06 22:33 - 2015-01-06 22:33 - 00004264 _____ () C:\Windows\System32\Tasks\Check Updates
2015-01-06 22:33 - 2015-01-06 22:33 - 00000064 _____ () C:\Users\KDemos\AppData\Local\7618e10150f8c4df3383cc77ab39d702
2015-01-06 22:29 - 2015-01-07 11:13 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-06 22:27 - 2015-01-07 09:29 - 00000371 _____ () C:\prefs.js
2015-01-06 22:27 - 2015-01-07 09:29 - 00000000 ____D () C:\searchplugins
2015-01-06 22:27 - 2015-01-06 22:27 - 00004648 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-01-06 22:27 - 2015-01-06 22:27 - 00002480 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-06 22:27 - 2015-01-06 22:27 - 00002480 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-01-06 22:27 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-01-06 22:27 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-01-06 22:26 - 2015-01-06 22:27 - 00000000 ____D () C:\Users\KDemos\Documents\ProPCCleaner
2015-01-06 22:22 - 2015-01-06 22:22 - 00015777 _____ () C:\Users\KDemos\Downloads\Microsoft_Office_2010_Professional_+_Activator_Working_December_2013 (1).torrent
2015-01-06 21:24 - 2015-01-06 22:28 - 00000000 ____D () C:\Users\KDemos\Downloads\Microsoft Office 2010 Professional + Activator Working December 2013
2015-01-06 21:23 - 2015-01-07 15:26 - 00000000 ____D () C:\Users\KDemos\AppData\Roaming\Skype
2015-01-06 21:23 - 2015-01-06 21:23 - 00015777 _____ () C:\Users\KDemos\Downloads\Microsoft_Office_2010_Professional_+_Activator_Working_December_2013.torrent
2015-01-06 21:23 - 2015-01-06 21:23 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Skype
2015-01-06 21:22 - 2015-01-07 11:14 - 00000000 ____D () C:\ProgramData\Skype
2015-01-06 21:21 - 2015-01-07 11:11 - 00000000 ____D () C:\Users\KDemos\AppData\Roaming\uTorrent
2015-01-06 21:20 - 2015-01-06 21:21 - 01677904 _____ (BitTorrent Inc.) C:\Users\KDemos\Downloads\uTorrent_3_4_2_37754.exe
2015-01-06 15:31 - 2015-01-07 12:38 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Microsoft Help
2015-01-06 09:35 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-06 09:35 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-05 16:04 - 2015-01-09 15:13 - 00021820 _____ () C:\Users\KDemos\Desktop\Eman Database Firestone.xlsx
2015-01-05 13:40 - 2015-01-07 09:37 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {24da4ef1-5c36-4485-a4ad-3c543477150e} KDemos-W7L.mmreibc.prv
2015-01-05 12:28 - 2015-01-05 16:04 - 00019123 _____ () C:\Users\KDemos\Downloads\Eman Database.xlsx
2015-01-05 11:11 - 2015-01-05 11:11 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-05 10:59 - 2015-01-05 10:59 - 00000000 ____D () C:\Users\KDemos\AppData\OICE_15_974FA576_32C1D314_1C11
2015-01-05 10:38 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-05 10:38 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-05 10:38 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-05 10:38 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-05 10:38 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-05 10:38 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-05 10:38 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-05 10:38 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-05 10:38 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-05 10:38 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-05 10:35 - 2015-01-05 10:35 - 00000000 __RHD () C:\MSOCache
2015-01-05 10:22 - 2015-01-05 10:22 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-22 16:00 - 2014-12-19 15:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 15:04 - 2014-12-15 16:24 - 00007553 __RSH () C:\ProgramData\ntuser.pol
2015-01-22 15:04 - 2014-12-15 16:17 - 00000216 _____ () C:\Windows\system32\config\netlogon.ftl
2015-01-22 15:03 - 2014-12-19 15:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-22 09:17 - 2009-07-13 23:13 - 00802158 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 23:31 - 2014-12-16 07:58 - 00000542 _____ () C:\Windows\Tasks\Weekly Full Scan.job
2015-01-21 09:22 - 2014-11-19 15:58 - 01485757 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 09:12 - 2009-07-13 22:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 09:12 - 2009-07-13 22:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 09:05 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 09:05 - 2009-07-13 22:51 - 00032056 _____ () C:\Windows\setupact.log
2015-01-20 16:49 - 2014-12-19 15:48 - 00000000 ____D () C:\Program Files\Google
2015-01-20 16:49 - 2014-12-19 15:48 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-20 16:49 - 2010-11-20 21:47 - 00324158 _____ () C:\Windows\PFRO.log
2015-01-20 16:48 - 2014-12-19 15:48 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Google
2015-01-20 15:27 - 2014-12-15 16:37 - 00000626 __RSH () C:\Users\KDemos\ntuser.pol
2015-01-20 15:27 - 2014-12-15 16:36 - 00000000 ____D () C:\Users\KDemos
2015-01-14 11:45 - 2009-07-13 20:34 - 00000478 _____ () C:\Windows\win.ini
2015-01-14 11:42 - 2014-11-19 17:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:40 - 2014-11-19 17:37 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 16:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-13 10:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-01-13 09:38 - 2009-07-13 22:45 - 00432928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-12 09:57 - 2014-11-19 15:58 - 00000000 ____D () C:\Users\Katerina
2015-01-09 13:17 - 2014-12-15 16:42 - 00111536 _____ () C:\Users\KDemos\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-09 09:53 - 2014-12-15 16:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-09 09:53 - 2011-04-12 02:28 - 00000000 ____D () C:\Windows\ShellNew
2015-01-09 09:53 - 2009-07-13 23:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-09 09:51 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-07 11:56 - 2014-11-19 22:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-07 09:28 - 2014-12-19 15:49 - 00002191 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 11:11 - 2014-11-19 19:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-05 11:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-05 11:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
 
==================== Files in the root of some directories =======
2014-11-19 16:48 - 2014-11-19 16:48 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-01-07 10:28 - 2015-01-07 10:28 - 0000047 _____ () C:\Users\KDemos\AppData\Roaming\WB.CFG
2015-01-06 22:33 - 2015-01-06 22:33 - 0000064 _____ () C:\Users\KDemos\AppData\Local\7618e10150f8c4df3383cc77ab39d702
2015-01-07 10:39 - 2015-01-07 10:39 - 0628496 _____ (CMI Limited) C:\Users\KDemos\AppData\Local\nsv7800.tmp
2015-01-22 16:13 - 2014-10-18 00:02 - 0010240 _____ () C:\Users\KDemos\AppData\Local\Z@!-9b757dd0-12b2-4709-a508-0940e3927e2a.tmp
2015-01-22 16:13 - 2014-10-18 00:02 - 0009216 _____ () C:\Users\KDemos\AppData\Local\Z@S!-93682244-ccd5-4f58-b906-865b20c0d369.tmp
2015-01-22 16:13 - 2014-10-18 00:02 - 0010240 _____ () C:\ProgramData\Z@!-aab60b88-005e-4094-80f6-bbe07a192cc1.tmp
2015-01-22 16:13 - 2014-10-18 00:02 - 0009216 _____ () C:\ProgramData\Z@S!-910b2f70-83dd-4238-b63e-b1b39136aadb.tmp
 
Some content of TEMP:
====================
C:\Users\Katerina\AppData\Local\Temp\IntelxHCISetup.exe
C:\Users\Katerina\AppData\Local\Temp\Setup64.exe
C:\Users\Katerina\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-15 11:57
 
==================== End Of Log ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:33 PM

Posted 22 January 2015 - 05:51 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   1.69KB   5 downloads

After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by deeprybka, 22 January 2015 - 06:17 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 lakititi

lakititi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 23 January 2015 - 01:25 PM

Here is the Fixlog,txt file:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by KDemos at 2015-01-23 12:09:38 Run:1
Running from C:\Users\KDemos\Downloads
Loaded Profiles: KDemos (Available profiles: Katerina & RLaigo & KDemos)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
EmptyTemp:
Task: {0707BA6D-CB12-4404-AEF8-406403FF5238} - System32\Tasks\{ce70445a-e564-46fc-956b-edee4b4911a7} => C:\Users\KDemos\AppData\Roaming\JavaUpdaterV118\SecureUpdater.exe [2015-01-07] ()
Task: {07792BC6-B9B6-4569-B83D-47DA5078BA90} - System32\Tasks\{94327B83-0C44-4084-A661-4BFD018D7736} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {762BCA79-D858-4FFF-AB5E-DB204861CAAF} - System32\Tasks\GeniusBox => cmd.exe /C start "" "C:\Users\KDemos\AppData\Local\GeniusBox\client.exe"
Task: {7EE44B8D-4416-41A3-8EF7-158AEDB5CC56} - System32\Tasks\Validate Installation => C:\Users\KDemos\AppData\Local\GeniusBox\updater.exe
Task: {A5A29A9D-3167-4E73-95A9-6DFB82B05E8D} - System32\Tasks\Check Updates => C:\Users\KDemos\AppData\Local\GeniusBox\updater.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
C:\Users\KDemos\AppData\Local\GeniusBox
C:\Users\KDemos\AppData\Roaming\JavaUpdaterV118
C:\Program Files (x86)\AnyProtectEx
CreateRestorePoint:
*****************
 
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0707BA6D-CB12-4404-AEF8-406403FF5238}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0707BA6D-CB12-4404-AEF8-406403FF5238}" => Key deleted successfully.
C:\Windows\System32\Tasks\{ce70445a-e564-46fc-956b-edee4b4911a7} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ce70445a-e564-46fc-956b-edee4b4911a7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07792BC6-B9B6-4569-B83D-47DA5078BA90}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07792BC6-B9B6-4569-B83D-47DA5078BA90}" => Key deleted successfully.
C:\Windows\System32\Tasks\{94327B83-0C44-4084-A661-4BFD018D7736} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{94327B83-0C44-4084-A661-4BFD018D7736}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{762BCA79-D858-4FFF-AB5E-DB204861CAAF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{762BCA79-D858-4FFF-AB5E-DB204861CAAF}" => Key deleted successfully.
C:\Windows\System32\Tasks\GeniusBox => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GeniusBox" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7EE44B8D-4416-41A3-8EF7-158AEDB5CC56}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EE44B8D-4416-41A3-8EF7-158AEDB5CC56}" => Key deleted successfully.
C:\Windows\System32\Tasks\Validate Installation => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Validate Installation" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5A29A9D-3167-4E73-95A9-6DFB82B05E8D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5A29A9D-3167-4E73-95A9-6DFB82B05E8D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Check Updates => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Check Updates" => Key deleted successfully.
C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => Key deleted successfully.
"HKU\.DEFAULT\Software\Classes\.exe" => Key deleted successfully.
HKU\.DEFAULT\Software\Classes\exefile => Key not found. 
"HKU\S-1-5-19\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-19\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-19\Software\Classes\exefile => Key not found. 
"HKU\S-1-5-20\Software\Classes\exefile" => Key deleted successfully.
"HKU\S-1-5-20\Software\Classes\.exe" => Key deleted successfully.
HKU\S-1-5-20\Software\Classes\exefile => Key not found. 
"C:\Users\KDemos\AppData\Local\GeniusBox" => File/Directory not found.
C:\Users\KDemos\AppData\Roaming\JavaUpdaterV118 => Moved successfully.
"C:\Program Files (x86)\AnyProtectEx" => File/Directory not found.
Restore point was successfully created.
EmptyTemp: => Removed 1.3 GB temporary data.
 
 
The system needed a reboot. 
 

 

==== End of Fixlog 12:10:01 ====

Here is the FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by KDemos (administrator) on KDEMOS-W7L on 23-01-2015 12:16:20
Running from C:\Users\KDemos\Downloads
Loaded Profiles: KDemos (Available profiles: Katerina & RLaigo & KDemos)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Windows\System32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\System32\AppleTimeSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Patch Agent\spa.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apple_KbdMgr] => C:\Program Files\Boot Camp\Bootcamp.exe [746816 2014-01-31] (Apple Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1617704 2014-03-28] (Sophos Limited)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-764903313-1208633371-1849977318-319209\...\MountPoints2: {37bdc546-9776-11e4-b8eb-68a86d1697a1} - F:\SETUP.EXE
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD2258831482] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x54bec8c0" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD2258831482 /f
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD396865148] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x54bf27ea" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD396865148 /f
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD45599425] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-0x54c28dd3" & reg.exe delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD45599425 /f
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll [217160 2014-04-30] (Sophos Limited)
AppInit_DLLs-x32: c:\progra~2\sophos\sophos~1\sophos~1.dll => c:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-04-30] (Sophos Limited)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-764903313-1208633371-1849977318-319209\Software\Microsoft\Internet Explorer\Main,Start Page = http://mnet/home/Default.aspx
HKU\S-1-5-21-764903313-1208633371-1849977318-319209\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-764903313-1208633371-1849977318-319209\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mmweb/
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-764903313-1208633371-1849977318-319209 -> {57B8C947-777B-4E89-B0B6-FBDFCAC6FA5E} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-764903313-1208633371-1849977318-319209 -> {7E8EC029-D269-4FAE-90A7-C5F75D2370C7} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll No File
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.15.2.150 10.21.2.150
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-19]
CHR Extension: (Google Drive) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-22]
CHR Extension: (YouTube) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-19]
CHR Extension: (Google Search) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
CHR Extension: (Gmail) - C:\Users\KDemos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-19]
CHR Extension: (PriceLeess) - C:\ProgramData\eajcljjjahokcoeocggaokgnopokmoae\ [2014-12-19]
CHR Extension: (ProicueLesS) - C:\ProgramData\naaiglkdejlagnmoiocgfgnepafnhbof\ [2014-12-19]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [226112 2014-01-31] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-12-15] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [205096 2014-12-15] (Sophos Limited)
R2 Sophos Agent; C:\Program Files (x86)\Sophos\Remote Management System\ManagementAgentNT.exe [289856 2014-12-15] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [341800 2014-03-28] (Sophos Limited)
R2 Sophos Message Router; C:\Program Files (x86)\Sophos\Remote Management System\RouterNT.exe [818240 2014-12-15] (Sophos Limited)
R2 Sophos Patch Agent; C:\Program Files\Sophos\Sophos Patch Agent\spa.exe [3163432 2014-12-15] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [355624 2014-12-15] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3174696 2014-12-15] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2065704 2014-12-15] (Sophos Limited)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [12288 2013-09-06] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [39424 2013-09-06] (Apple Inc.)
S3 AppleODD; C:\Windows\System32\DRIVERS\AppleODD.sys [8704 2012-12-22] (Apple Inc.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-20] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2014-01-31] (Intel Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [158976 2014-12-15] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [38144 2014-12-15] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [27904 2014-12-15] (Sophos Limited)
U0 SR; No ImagePath
U2 srservice; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 12:16 - 2015-01-23 12:16 - 00019194 _____ () C:\Users\KDemos\Downloads\FRST.txt
2015-01-23 12:07 - 2015-01-19 12:33 - 00010240 _____ () C:\Users\KDemos\AppData\Local\Z@!-35eb53c4-7552-4752-b572-5e1fdc9f087c.tmp
2015-01-23 12:07 - 2015-01-19 12:33 - 00010240 _____ () C:\ProgramData\Z@!-4e5b43cc-7690-4f70-9e0b-f3ea4fc3e21d.tmp
2015-01-23 12:07 - 2015-01-19 12:33 - 00009216 _____ () C:\Users\KDemos\AppData\Local\Z@S!-1ae44150-c18a-436d-9554-9a034d9f8f11.tmp
2015-01-23 12:07 - 2015-01-19 12:33 - 00009216 _____ () C:\ProgramData\Z@S!-541687f6-4d72-47f7-b24e-4fc26b307d12.tmp
2015-01-23 12:06 - 2015-01-23 12:06 - 06249117 _____ () C:\Users\KDemos\Desktop\save-a-lot.mpd2
2015-01-22 16:28 - 2015-01-23 12:16 - 00000000 ____D () C:\FRST
2015-01-22 16:27 - 2015-01-22 16:27 - 02126848 _____ (Farbar) C:\Users\KDemos\Downloads\FRST64.exe
2015-01-21 16:37 - 2015-01-21 16:37 - 00000000 ____D () C:\Users\KDemos\Desktop\firestone
2015-01-21 14:47 - 2015-01-23 11:09 - 00324835 _____ () C:\Users\KDemos\Desktop\Complete Adv Auto List.xlsx
2015-01-20 22:28 - 2015-01-20 22:28 - 02186752 _____ () C:\Users\KDemos\Downloads\AdwCleaner.exe
2015-01-20 22:27 - 2015-01-20 22:27 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\KDemos\Downloads\tdsskiller.exe
2015-01-20 22:17 - 2015-01-20 22:17 - 00000000 ____D () C:\Windows\pss
2015-01-20 22:15 - 2015-01-20 22:15 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Deployment
2015-01-20 22:15 - 2015-01-20 22:15 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Apps\2.0
2015-01-20 15:41 - 2015-01-20 15:41 - 00000020 ___SH () C:\Users\rlaigo\ntuser.ini
2015-01-20 15:41 - 2015-01-20 15:41 - 00000000 ____D () C:\Users\rlaigo
2015-01-20 15:41 - 2015-01-13 09:31 - 00000000 ____D () C:\Users\rlaigo\AppData\Local\Microsoft Help
2015-01-20 15:41 - 2014-12-22 12:38 - 00002112 _____ () C:\Users\rlaigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-20 15:41 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\rlaigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-20 15:41 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\rlaigo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-01-20 14:18 - 2015-01-20 14:18 - 00011888 _____ () C:\Users\KDemos\Desktop\Copy of IL Advance Auto List.xlsx
2015-01-20 14:14 - 2015-01-20 14:17 - 00310710 _____ () C:\Users\KDemos\Downloads\Adv Auto List-Complete.xlsx
2015-01-20 14:05 - 2015-01-20 14:18 - 00044976 _____ () C:\Users\KDemos\Downloads\Adv Auto OH List Update June 11th (3).xlsx
2015-01-20 14:05 - 2015-01-20 14:07 - 00310706 _____ () C:\Users\KDemos\Downloads\Complete Adv Auto List.xlsx
2015-01-20 13:58 - 2015-01-20 14:18 - 00050986 _____ () C:\Users\KDemos\Downloads\ADV FLORIDA.xlsx
2015-01-20 13:58 - 2015-01-20 14:18 - 00028048 _____ () C:\Users\KDemos\Downloads\Adv Auto MI List.xlsx
2015-01-20 13:58 - 2015-01-20 14:18 - 00023613 _____ () C:\Users\KDemos\Downloads\Adv Auto  Kansas and Kentucky.xlsx
2015-01-20 13:58 - 2015-01-20 14:18 - 00017444 _____ () C:\Users\KDemos\Downloads\Adv Auto WI List.xlsx
2015-01-20 13:58 - 2015-01-20 14:13 - 00033585 _____ () C:\Users\KDemos\Downloads\Adv Auto TN IA MN.xlsx
2015-01-20 13:58 - 2015-01-20 14:05 - 00011826 _____ () C:\Users\KDemos\Downloads\IL Advance Auto List.xlsx
2015-01-20 13:57 - 2015-01-20 14:18 - 00023916 _____ () C:\Users\KDemos\Downloads\Adv Auto IN List.xlsx
2015-01-19 14:33 - 2015-01-19 14:33 - 00015781 _____ () C:\Users\KDemos\Documents\Copy of Firestone MI MO KS List updates.xlsx
2015-01-13 13:59 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 13:59 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 13:59 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 13:59 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 13:59 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 13:59 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 13:59 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 13:59 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 13:59 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 13:59 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 13:59 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 13:59 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 13:59 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 09:31 - 2015-01-13 09:31 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-13 09:31 - 2015-01-13 09:31 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-12 09:37 - 2015-01-19 09:40 - 00010733 _____ () C:\Windows\system32\ScanResults.xml
2015-01-12 09:35 - 2015-01-19 09:38 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-01-09 13:19 - 2015-01-09 13:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-01-09 09:54 - 2015-01-09 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-01-09 09:54 - 2015-01-09 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-09 09:53 - 2015-01-09 09:53 - 00000000 ____D () C:\Windows\PCHEALTH
2015-01-09 09:53 - 2015-01-09 09:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-01-09 09:53 - 2015-01-09 09:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-01-09 09:53 - 2015-01-09 09:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-09 09:48 - 2015-01-09 09:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-01-09 09:47 - 2015-01-09 09:47 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-09 09:47 - 2015-01-09 09:47 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-01-09 09:46 - 2015-01-14 11:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-09 09:44 - 2015-01-09 09:44 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_AppleODD_01005.Wdf
2015-01-08 09:34 - 2015-01-08 09:34 - 00000165 ____H () C:\Users\KDemos\Desktop\~$Eman Database Firestone.xlsx
2015-01-07 13:16 - 2015-01-20 16:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 13:15 - 2015-01-07 13:15 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-07 13:15 - 2015-01-07 13:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-07 13:15 - 2015-01-07 13:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-07 13:15 - 2015-01-07 13:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-07 13:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-07 13:15 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-07 13:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-07 11:55 - 2015-01-07 11:55 - 00000000 ____D () C:\Users\KDemos\AppData\Local\VirtualStore
2015-01-07 11:14 - 2015-01-20 16:47 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-07 11:13 - 2015-01-07 11:13 - 00000363 _____ () C:\Users\KDemos\Desktop\Control Panel - Shortcut.lnk
2015-01-07 10:40 - 2015-01-07 10:40 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-01-07 10:39 - 2015-01-07 10:39 - 00628496 _____ (CMI Limited) C:\Users\KDemos\AppData\Local\nsv7800.tmp
2015-01-07 10:28 - 2015-01-07 10:28 - 00000047 _____ () C:\Users\KDemos\AppData\Roaming\WB.CFG
2015-01-07 09:44 - 2015-01-07 09:44 - 00000000 ____D () C:\Users\KDemos\AppData\Local\A
2015-01-07 09:40 - 2015-01-07 09:40 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Sophos
2015-01-07 09:34 - 2015-01-07 09:37 - 00000000 ____D () C:\Users\KDemos\AppData\Local\GetNowUpdater
2015-01-07 09:34 - 2015-01-07 09:34 - 00000000 ____D () C:\Users\KDemos\AppData\Roaming\mozilla
2015-01-07 09:33 - 2015-01-07 09:33 - 00000000 ____D () C:\Users\KDemos\AppData\Roaming\Macromedia
2015-01-07 09:31 - 2015-01-07 09:31 - 00000000 ____D () C:\Program Files (x86)\Enhance Browser
2015-01-07 09:30 - 2015-01-19 16:47 - 00000000 ____D () C:\ProgramData\naaiglkdejlagnmoiocgfgnepafnhbof
2015-01-07 09:30 - 2015-01-19 16:47 - 00000000 ____D () C:\ProgramData\eajcljjjahokcoeocggaokgnopokmoae
2015-01-07 09:30 - 2015-01-07 13:39 - 00000000 ____D () C:\Program Files (x86)\ProicueLesS
2015-01-07 09:30 - 2015-01-07 13:39 - 00000000 ____D () C:\Program Files (x86)\PriceLeess
2015-01-07 09:29 - 2015-01-07 09:29 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Developerts_LLC
2015-01-06 22:33 - 2015-01-06 22:33 - 00000064 _____ () C:\Users\KDemos\AppData\Local\7618e10150f8c4df3383cc77ab39d702
2015-01-06 22:29 - 2015-01-07 11:13 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-06 22:27 - 2015-01-07 09:29 - 00000371 _____ () C:\prefs.js
2015-01-06 22:27 - 2015-01-07 09:29 - 00000000 ____D () C:\searchplugins
2015-01-06 22:27 - 2015-01-06 22:27 - 00004648 _____ () C:\Windows\SysWOW64\LavasoftTcpService.ini
2015-01-06 22:27 - 2015-01-06 22:27 - 00002480 _____ () C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-01-06 22:27 - 2015-01-06 22:27 - 00002480 _____ () C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-01-06 22:27 - 2014-12-16 12:10 - 00358736 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-01-06 22:27 - 2014-12-16 12:10 - 00312424 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-01-06 22:26 - 2015-01-06 22:27 - 00000000 ____D () C:\Users\KDemos\Documents\ProPCCleaner
2015-01-06 22:22 - 2015-01-06 22:22 - 00015777 _____ () C:\Users\KDemos\Downloads\Microsoft_Office_2010_Professional_+_Activator_Working_December_2013 (1).torrent
2015-01-06 21:24 - 2015-01-06 22:28 - 00000000 ____D () C:\Users\KDemos\Downloads\Microsoft Office 2010 Professional + Activator Working December 2013
2015-01-06 21:23 - 2015-01-07 15:26 - 00000000 ____D () C:\Users\KDemos\AppData\Roaming\Skype
2015-01-06 21:23 - 2015-01-06 21:23 - 00015777 _____ () C:\Users\KDemos\Downloads\Microsoft_Office_2010_Professional_+_Activator_Working_December_2013.torrent
2015-01-06 21:23 - 2015-01-06 21:23 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Skype
2015-01-06 21:22 - 2015-01-07 11:14 - 00000000 ____D () C:\ProgramData\Skype
2015-01-06 21:21 - 2015-01-07 11:11 - 00000000 ____D () C:\Users\KDemos\AppData\Roaming\uTorrent
2015-01-06 21:20 - 2015-01-06 21:21 - 01677904 _____ (BitTorrent Inc.) C:\Users\KDemos\Downloads\uTorrent_3_4_2_37754.exe
2015-01-06 15:31 - 2015-01-07 12:38 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Microsoft Help
2015-01-06 09:35 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-06 09:35 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-05 16:04 - 2015-01-09 15:13 - 00021820 _____ () C:\Users\KDemos\Desktop\Eman Database Firestone.xlsx
2015-01-05 13:40 - 2015-01-07 09:37 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {24da4ef1-5c36-4485-a4ad-3c543477150e} KDemos-W7L.mmreibc.prv
2015-01-05 12:28 - 2015-01-05 16:04 - 00019123 _____ () C:\Users\KDemos\Downloads\Eman Database.xlsx
2015-01-05 11:11 - 2015-01-05 11:11 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-05 10:59 - 2015-01-05 10:59 - 00000000 ____D () C:\Users\KDemos\AppData\OICE_15_974FA576_32C1D314_1C11
2015-01-05 10:38 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-05 10:38 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-05 10:38 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-05 10:38 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-05 10:38 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-05 10:38 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-05 10:38 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-05 10:38 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-05 10:38 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-05 10:38 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-05 10:35 - 2015-01-05 10:35 - 00000000 __RHD () C:\MSOCache
2015-01-05 10:22 - 2015-01-05 10:22 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 12:14 - 2014-12-19 15:48 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 12:14 - 2014-12-15 16:24 - 00007553 __RSH () C:\ProgramData\ntuser.pol
2015-01-23 12:14 - 2014-12-15 16:17 - 00000216 _____ () C:\Windows\system32\config\netlogon.ftl
2015-01-23 12:14 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 12:13 - 2010-11-20 21:47 - 00325886 _____ () C:\Windows\PFRO.log
2015-01-23 12:13 - 2009-07-13 22:51 - 00032112 _____ () C:\Windows\setupact.log
2015-01-23 12:12 - 2014-11-19 15:58 - 01523354 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 12:00 - 2014-12-19 15:48 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-22 09:17 - 2009-07-13 23:13 - 00802158 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 23:31 - 2014-12-16 07:58 - 00000542 _____ () C:\Windows\Tasks\Weekly Full Scan.job
2015-01-21 09:12 - 2009-07-13 22:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 09:12 - 2009-07-13 22:45 - 00032080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 16:49 - 2014-12-19 15:48 - 00000000 ____D () C:\Program Files\Google
2015-01-20 16:49 - 2014-12-19 15:48 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-20 16:48 - 2014-12-19 15:48 - 00000000 ____D () C:\Users\KDemos\AppData\Local\Google
2015-01-20 15:27 - 2014-12-15 16:37 - 00000626 __RSH () C:\Users\KDemos\ntuser.pol
2015-01-20 15:27 - 2014-12-15 16:36 - 00000000 ____D () C:\Users\KDemos
2015-01-14 11:45 - 2009-07-13 20:34 - 00000478 _____ () C:\Windows\win.ini
2015-01-14 11:42 - 2014-11-19 17:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:40 - 2014-11-19 17:37 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 16:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-13 10:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2015-01-13 09:38 - 2009-07-13 22:45 - 00432928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-12 09:57 - 2014-11-19 15:58 - 00000000 ____D () C:\Users\Katerina
2015-01-09 13:17 - 2014-12-15 16:42 - 00111536 _____ () C:\Users\KDemos\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-09 09:53 - 2014-12-15 16:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-09 09:53 - 2011-04-12 02:28 - 00000000 ____D () C:\Windows\ShellNew
2015-01-09 09:53 - 2009-07-13 23:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-09 09:51 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-07 11:56 - 2014-11-19 22:24 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-01-07 09:28 - 2014-12-19 15:49 - 00002191 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-06 04:36 - 2010-11-20 21:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 11:11 - 2014-11-19 19:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-05 11:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-05 11:11 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
 
==================== Files in the root of some directories =======
2014-11-19 16:48 - 2014-11-19 16:48 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-01-07 10:28 - 2015-01-07 10:28 - 0000047 _____ () C:\Users\KDemos\AppData\Roaming\WB.CFG
2015-01-06 22:33 - 2015-01-06 22:33 - 0000064 _____ () C:\Users\KDemos\AppData\Local\7618e10150f8c4df3383cc77ab39d702
2015-01-07 10:39 - 2015-01-07 10:39 - 0628496 _____ (CMI Limited) C:\Users\KDemos\AppData\Local\nsv7800.tmp
2015-01-23 12:07 - 2015-01-19 12:33 - 0010240 _____ () C:\Users\KDemos\AppData\Local\Z@!-35eb53c4-7552-4752-b572-5e1fdc9f087c.tmp
2015-01-23 12:07 - 2015-01-19 12:33 - 0009216 _____ () C:\Users\KDemos\AppData\Local\Z@S!-1ae44150-c18a-436d-9554-9a034d9f8f11.tmp
2015-01-23 12:07 - 2015-01-19 12:33 - 0010240 _____ () C:\ProgramData\Z@!-4e5b43cc-7690-4f70-9e0b-f3ea4fc3e21d.tmp
2015-01-23 12:07 - 2015-01-19 12:33 - 0009216 _____ () C:\ProgramData\Z@S!-541687f6-4d72-47f7-b24e-4fc26b307d12.tmp
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-15 11:57
 
==================== End Of Log ============================

Here is Addition.txt:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015

Ran by KDemos at 2015-01-23 12:16:58
Running from C:\Users\KDemos\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Boot Camp Services (HKLM\...\{FA2B2C2A-EA41-495A-9308-60726125D562}) (Version: 5.1.5621 - Apple Inc.)
Cisco Systems VPN Client 5.0.07.0440 (HKLM\...\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}) (Version: 5.0.7 - Cisco Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
iMpact 2 (remove only) (HKLM-x32\...\iMpact 2) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-764903313-1208633371-1849977318-319209\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sophos Anti-Virus (HKLM-x32\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.7 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{D924231F-D02D-4E0B-B511-CC4A0E3ED547}) (Version: 3.1.1.18 - Sophos Limited)
Sophos Patch Agent (HKLM\...\{2FB80981-C6B6-4FCA-BC65-24437DF4C8CB}) (Version: 1.0.307.0 - Sophos Limited)
Sophos Remote Management System (HKLM-x32\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 3.4.1 - Sophos Limited)
Windows Driver Package - Apple Inc. (AppleCamera) Image  (11/21/2013 5.0.22.0) (HKLM\...\1FCF3C93707C46D648F0B00E216A55E96DEB5A17) (Version: 11/21/2013 5.0.22.0 - Apple Inc.)
Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net  (02/01/2008 3.10.3.10) (HKLM\...\D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5) (Version: 02/01/2008 3.10.3.10 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5) (HKLM\...\EA3C044F6FD39CEC8F4F596836BF4197E97E1D39) (Version: 03/01/2010 3.0.0.5 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (04/10/2013 5.0.4.0) (HKLM\...\EC3BA08E32AD503AB708B97F11CE09D06BCC9604) (Version: 04/10/2013 5.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0) (HKLM\...\E0EAD0CEA9119B77350ED4DE28D9A82E57014D94) (Version: 01/23/2009 3.0.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) (HKLM\...\D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3) (Version: 02/21/2008 2.0.4.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Keyboard (01/10/2014 5.0.8.0) (HKLM\...\ABCCA6C3F97A148D7C69114CB55DFA9D46053BEA) (Version: 01/10/2014 5.0.8.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch (09/04/2013 5.0.2.0) (HKLM\...\277F15E06E6EEB458048F41BCB8FB843B3241E95) (Version: 09/04/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Multitouch Mouse (09/11/2012 4.0.3.0) (HKLM\...\742CB1BDA52EA9F1BBE482DA6DAA17944652B476) (Version: 09/11/2012 4.0.3.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) (HKLM\...\D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C) (Version: 05/17/2010 3.1.0.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple SD Card Reader (07/22/2013 1.0.0.1) (HKLM\...\D323E2C0C5E4948B07EE346CF62161281B0A8578) (Version: 07/22/2013 1.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple System Device (05/20/2013 5.0.2.0) (HKLM\...\1A9F109A8ACEE4CA1F898708DBB0FBA6EF0587FC) (Version: 05/20/2013 5.0.2.0 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) (HKLM\...\D088EE4BD2819FBA2B349EF9D55176F223419BE6) (Version: 06/01/2011 4.0.0.1 - Apple Inc.)
Windows Driver Package - Apple Inc. Apple Wireless Trackpad (10/29/2011 5.0.0.0) (HKLM\...\551732BB0872DA97E26385C221B172A5BD4DE93C) (Version: 10/29/2011 5.0.0.0 - Apple Inc.)
Windows Driver Package - Atheros Communications Inc. (athr) Net  (11/13/2010 9.2.0.113) (HKLM\...\F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF) (Version: 11/13/2010 9.2.0.113 - Atheros Communications Inc.)
Windows Driver Package - Broadcom (b57nd60a) Net  (09/04/2012 15.4.0.17) (HKLM\...\75E64992A03EC5E73D33586790CC506561DCC5DB) (Version: 09/04/2012 15.4.0.17 - Broadcom)
Windows Driver Package - Broadcom (B57ports) Net  (06/16/2009 1.0.0.1) (HKLM\...\FC2077892425ED71A137B1CB6D99A9CA7475435D) (Version: 06/16/2009 1.0.0.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net  (11/13/2012 5.106.199.1) (HKLM\...\3D6DDDCF8961C8C866F6660579A59B5B6CFA281F) (Version: 11/13/2012 5.106.199.1 - Broadcom)
Windows Driver Package - Broadcom (BCM43XX) Net  (12/13/2013 6.30.223.215) (HKLM\...\A5E73046BA905B7B0235AB40FA98A4E3AB96E00E) (Version: 12/13/2013 6.30.223.215 - Broadcom)
Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost  (08/14/2012 1.0.0.243) (HKLM\...\ADF3AD5C5705E56E7DEA1447D58EFF216BA1223D) (Version: 08/14/2012 1.0.0.243 - Broadcom Corporation)
Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (02/19/2013 6.6001.1.40) (HKLM\...\969EFE1D5E95B01D3C42B9D0363FA64AF9E336E7) (Version: 02/19/2013 6.6001.1.40 - Cirrus Logic, Inc.)
Windows Driver Package - Cirrus Logic, Inc. (CirrusLFD) MEDIA  (10/03/2013 6.6001.3.13) (HKLM\...\9EBC96DD99F2C854D540FBF6A16A557BADDBC228) (Version: 10/03/2013 6.6001.3.13 - Cirrus Logic, Inc.)
Windows Driver Package - Intel (e1express) Net  (03/26/2010 9.13.41.0) (HKLM\...\159439476E3A00F9FAE49DD6C1A78F2F6288A5B9) (Version: 03/26/2010 9.13.41.0 - Intel)
Windows Driver Package - Intel (e1kexpress) Net  (04/12/2010 11.6.92.0) (HKLM\...\5BEF08C10896D86DC13394FFA75874564B700368) (Version: 04/12/2010 11.6.92.0 - Intel)
Windows Driver Package - Intel (e1qexpress) Net  (12/04/2009 11.4.7.0) (HKLM\...\57AFA39B22ADEC4E383572E9331167546EB3C9C7) (Version: 12/04/2009 11.4.7.0 - Intel)
Windows Driver Package - Intel (e1rexpress) Net  (01/07/2010 11.4.16.0) (HKLM\...\F71DB41300D30088C8D3716343D1429488E605C1) (Version: 01/07/2010 11.4.16.0 - Intel)
Windows Driver Package - Intel (e1yexpress) Net  (04/07/2010 10.1.9.0) (HKLM\...\CB599752301BCA080D135697FDD05900F5A5CF4C) (Version: 04/07/2010 10.1.9.0 - Intel)
Windows Driver Package - Intel System  (07/20/2007 1.2.76.0) (HKLM\...\E2708073906571A0B56F17FD825EF19281ECE29B) (Version: 07/20/2007 1.2.76.0 - Intel)
Windows Driver Package - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3) (HKLM\...\CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A) (Version: 12/06/2007 10.51.1.3 - Marvell)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-764903313-1208633371-1849977318-319209_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\KDemos\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764903313-1208633371-1849977318-319209_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\KDemos\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764903313-1208633371-1849977318-319209_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\KDemos\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764903313-1208633371-1849977318-319209_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\KDemos\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-764903313-1208633371-1849977318-319209_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\KDemos\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
06-01-2015 22:26:57 LavasoftWeCompanion
07-01-2015 11:13:57 Removed Skype™ 7.0
07-01-2015 11:18:37 LavasoftWeCompanion
07-01-2015 11:19:25 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
08-01-2015 14:30:25 Windows Update
09-01-2015 09:46:14 Installed Microsoft Office Professional Plus 2010
13-01-2015 09:27:07 Windows Update
14-01-2015 11:40:02 Windows Update
20-01-2015 09:37:59 Windows Update
20-01-2015 16:47:49 Removed Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
23-01-2015 12:09:39 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {633D8423-8D02-4CE9-A0CA-5BEE68043B32} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {65A7AB6E-C219-403D-AED5-77AEB5BC9F96} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {79BAC3CD-DF65-45ED-A87D-D0C4BF9833B8} - System32\Tasks\Weekly Full Scan => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2014-12-15] (Sophos Limited)
Task: {7B9745F1-C028-437D-888F-715E100025B2} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {24da4ef1-5c36-4485-a4ad-3c543477150e} KDemos-W7L.mmreibc.prv => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-12-22] (Microsoft Corporation)
Task: {8849670F-C2D5-4D30-9438-01EBA3DAB51B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {AA579794-FD01-4878-B717-ACF4BCB23C22} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C7ADE356-5382-4CC2-AAE4-9C2AA74FA8A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-19] (Google Inc.)
Task: {F10E16CB-F102-42F3-AD85-A09094DA4C75} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Weekly Full Scan.job => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-31 17:59 - 2014-01-31 17:59 - 00226112 _____ () C:\Windows\system32\AppleOSSMgr.exe
2014-12-22 12:30 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-12-22 12:33 - 2014-12-22 12:33 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-03-04 12:49 - 2011-03-04 12:49 - 00202752 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2014-12-15 16:40 - 2014-12-15 16:40 - 01055808 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE.dll
2014-12-15 16:40 - 2014-12-15 16:40 - 01539136 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO.dll
2014-12-15 16:40 - 2014-12-15 16:40 - 00183360 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_DynamicAny.dll
2014-12-15 16:40 - 2014-12-15 16:40 - 00760896 _____ () C:\Program Files (x86)\Sophos\Remote Management System\LIBEAY32.dll
2014-12-15 16:40 - 2014-12-15 16:40 - 00146496 _____ () C:\Program Files (x86)\Sophos\Remote Management System\SSLEAY32.dll
2014-12-15 16:40 - 2014-12-15 16:40 - 00076864 _____ () C:\Program Files (x86)\Sophos\Remote Management System\ACE_SSL.dll
2014-12-15 16:40 - 2014-12-15 16:40 - 00535616 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_PortableServer.dll
2014-12-15 16:40 - 2014-12-15 16:40 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.DLL
2014-12-15 16:40 - 2014-12-15 16:40 - 00740416 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Security.dll
2014-12-15 16:40 - 2014-12-15 16:40 - 00039488 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_Valuetype.dll
2014-12-15 16:40 - 2014-12-15 16:40 - 00244800 _____ () C:\Program Files (x86)\Sophos\Remote Management System\TAO_SSLIOP.dll
2014-11-19 22:27 - 2014-01-31 17:54 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:C5831B98
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk => C:\Windows\pss\vpngui.exe.lnk.CommonStartup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: Web Companion => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1479511499-1762950612-33661821-500 - Administrator - Disabled)
Guest (S-1-5-21-1479511499-1762950612-33661821-501 - Limited - Disabled)
Katerina (S-1-5-21-1479511499-1762950612-33661821-1000 - Administrator - Enabled) => C:\Users\Katerina
SophosSAUKDEMOS-W7L0 (S-1-5-21-1479511499-1762950612-33661821-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2015 00:15:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/23/2015 00:14:11 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3
 
Error: (01/23/2015 00:09:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c8452929-a72e-41f8-9bde-022762d2b6a9}
 
Error: (01/23/2015 11:26:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc0000005
Fault offset: 0x006b9000
Faulting process id: 0x12e8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (01/23/2015 11:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc0000005
Fault offset: 0x006b9000
Faulting process id: 0x13a4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (01/21/2015 09:06:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/21/2015 09:05:14 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3
 
Error: (01/20/2015 05:30:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/20/2015 05:29:07 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3
 
Error: (01/20/2015 05:23:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (01/23/2015 00:14:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/23/2015 00:14:08 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MMREIBC due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
Error: (01/23/2015 00:12:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (01/23/2015 00:12:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (01/23/2015 00:12:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (01/23/2015 00:10:08 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (01/23/2015 00:09:47 PM) (Source: SAVOnAccess) (EventID: 85) (User: )
Description: File [...11e4-90fc-68a86d1697a1}{3808876b-c176-4e48-b7ae-04046e6cc752}]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process System, (start check timestamp [ 1d03737c5edca7b]).
 
Error: (01/23/2015 00:09:47 PM) (Source: SAVOnAccess) (EventID: 85) (User: )
Description: File [...\Device\HarddiskVolume4\Windows\SysWOW64\stdole2.tlb]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1d03737c5edca7b]).
 
Error: (01/23/2015 00:09:47 PM) (Source: SAVOnAccess) (EventID: 85) (User: )
Description: File [...11e4-90fc-68a86d1697a1}{3808876b-c176-4e48-b7ae-04046e6cc752}]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process System, (start check timestamp [ 1d03737c5eb6917]).
 
Error: (01/23/2015 00:09:47 PM) (Source: SAVOnAccess) (EventID: 85) (User: )
Description: File [...ram Files (x86)\Sophos\Sophos Anti-Virus\ComponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1d03737c5eb6917]).
 
 
Microsoft Office Sessions:
=========================
Error: (01/23/2015 00:15:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/23/2015 00:14:11 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: 
 
Error: (01/23/2015 00:09:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c8452929-a72e-41f8-9bde-022762d2b6a9}
 
Error: (01/23/2015 11:26:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccMSHTML.dll11.0.9600.17496546ff2f9c0000005006b900012e801d03731976a04cbC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dlleb86aa82-a324-11e4-976b-68a86d1697a1
 
Error: (01/23/2015 11:24:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17496546fddccMSHTML.dll11.0.9600.17496546ff2f9c0000005006b900013a401d0372b71b58734C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dllaa71acb6-a324-11e4-976b-68a86d1697a1
 
Error: (01/21/2015 09:06:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/21/2015 09:05:14 AM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: 
 
Error: (01/20/2015 05:30:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/20/2015 05:29:07 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
Description: 
 
Error: (01/20/2015 05:23:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2557M CPU @ 1.70GHz
Percentage of memory in use: 50%
Total physical RAM: 4006.73 MB
Available physical RAM: 1988.63 MB
Total Pagefile: 8011.65 MB
Available Pagefile: 6003.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (BOOTCAMP) (Fixed) (Total:139.7 GB) (Free:101.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Macintosh HD) (Fixed) (Total:93.26 GB) (Free:47.43 GB) HFS
Drive h: () (Network) (Total:1 GB) (Free:0.99 GB) 
Drive m: () (Network) (Total:19.53 GB) (Free:9.54 GB) 
Drive p: () (Network) (Total:39.07 GB) (Free:0.92 GB) 
Drive q: () (Network) (Total:156.11 GB) (Free:57.96 GB) 
Drive r: () (Network) (Total:19.53 GB) (Free:9.54 GB) 
Drive t: () (Network) (Total:19.53 GB) (Free:14.32 GB) 
Drive w: () (Network) (Total:19.53 GB) (Free:9.54 GB) 
Drive x: () (Network) (Total:19.53 GB) (Free:14.32 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233.8 GB) (Disk ID: 13F4EA2D)
 
Partition: GPT Partition Type.
Partition 2: (Not Active) - (Size=93.3 GB) - (Type=AF)
Partition 3: (Not Active) - (Size=620 MB) - (Type=AB)
Partition 4: (Active) - (Size=139.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:33 PM

Posted 23 January 2015 - 04:36 PM

Hi,
are these popups now gone or are they still there?

Step 1

emsisoft_emergency_kit.pnglogo.png
  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Full Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.
EKK.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 lakititi

lakititi
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 23 January 2015 - 06:21 PM

I had to leave and am without my computer. 

I will do this on Monday, is that ok?

Thank you.



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:33 PM

Posted 23 January 2015 - 06:23 PM

Yes, for sure! Have a nice weekend! :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:33 PM

Posted 26 January 2015 - 06:57 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:33 PM

Posted 29 January 2015 - 12:36 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users