Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan.W32.Generic Infection


  • This topic is locked This topic is locked
23 replies to this topic

#1 vsew1210

vsew1210

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:24 PM

Posted 23 April 2015 - 11:54 AM

I run Vipre Anti-Virus and the paid corporate version of Malwarebytes. Two months ago, I connected my sister's portable hard drive to my computer. Windows immediately displayed notifications that Vipre and Malwarebytes reported that they were turned off. I immediately disconnected the portable drive and ran full Vipre and Malwarebytes scans. Both reported that they found no infections.

 

My computer started developing many issues, slow response, high hard drive activity and then finally I could not access any internet sites (Internet Explorer & Chrome would open but would not leave the home page). I followed the steps in the Bleeping Computer Self Help section and some of the issues have improved.

 

However, I copied files from my computer to a brand new, unused flash drive for use on another computer. When I connected the flash drive to the other computer, I allowed Vipre to scan the drive. It appeared that the scan completed but when I accessed one of the files from the flash drive (on the other computer), Vipre reported that it found Trojan.W32.Generic!BT. I allowed Vipre to remove the infection. I attempted to manually scan the flash drive created on my computer with Vipre and learned that as soon as the Vipre scan starts it is immediately stopped. The flash drive scan is never completed.

 

Because of the issue with the flash drive, I believe my computer is still infected but the scans I run continue to report no infections. Until I can be sure that my computer is clean, I have not connected to our work network or moved any of my files to another computer. Please help me resolve this issue. My FRST logs are included as shown in the Preparation Guide.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2015 01
Ran by Val (administrator) on VAL-PC on 23-04-2015 11:04:23
Running from C:\Users\Val\Desktop
Loaded Profiles: Val (Available profiles: Val & QBDataServiceUser20 & Repair)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b2e86aa7ebea9453\stacsv64.exe
(Hewlett-Packard Corporation) C:\Windows\System32\hpservice.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b2e86aa7ebea9453\AESTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbService.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files (x86)\SMINST\BLService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(GFI Software) C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Memeo) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(TOSHIBA) C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Cisco) C:\Users\Val\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Octoshape ApS) C:\Users\Val\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(Creative Home) C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2014 Deluxe\Planner\PLNRnote.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(GFI Software) C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBW32.EXE
(Dropbox, Inc.) C:\Users\Val\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
(GFI Software) C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Google Inc.) C:\Users\Val\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Val\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Val\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Val\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TosDockApp] => C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe [222520 2008-10-21] (TOSHIBA)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [442368 2009-06-03] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1794344 2009-04-30] (Synaptics Incorporated)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-18] (Hewlett-Packard)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\GFI Software\VIPRE\SBAMTray.exe [3050352 2011-12-19] (GFI Software)
HKLM-x32\...\Run: [QlbCtrl.exe] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6365920 2013-03-27] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AnySync] => C:\Program Files (x86)\AnySync\SyncLauncher.exe [41984 2011-03-21] (iAnywhere Solutions, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-11-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Cobian Backup 11 interface] => C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe [4407808 2013-03-07] (Luis Cobian, CobianSoft)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2551656 2012-01-31] (Hewlett-Packard Co.)
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\Run: [HP Officejet Pro 8500 A910 (NET)] => C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\Run: [PCShowServer] => C:\Users\Val\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631088 2014-09-16] (Cisco)
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\Run: [Octoshape Streaming Services] => C:\Users\Val\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806744 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\MountPoints2: {87d1b0ea-d6c1-11de-9a16-00238bc98a1b} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\MountPoints2: {ac24bf63-b9eb-11e4-97c3-00238bc98a1b} - F:\autorun.exe
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\MountPoints2: {f2a552ff-94f8-11e3-b494-00238bc98a1b} - F:\WIN\setup.exe -ap
HKU\S-1-5-18\...\RunOnce: [KodakHomeCenter] => "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminder.lnk [2014-08-16]
ShortcutTarget: Event Planner Reminder.lnk -> C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2014 Deluxe\Planner\PLNRnote.exe (Creative Home)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-07-10]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2014-07-10]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2014-07-10]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2014-07-10]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\Val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-04-09]
ShortcutTarget: Dropbox.lnk -> C:\Users\Val\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-03-27] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-03-27] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-03-27] (Acronis)
ShellIconOverlayIdentifiers: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll [2013-03-22] (Gladinet, INC)
ShellIconOverlayIdentifiers: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll [2013-03-22] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-02-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll [2013-03-22] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll [2013-03-22] (Gladinet, INC)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
URLSearchHook: HKU\S-1-5-21-248488246-4169756248-513192630-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKU\S-1-5-21-248488246-4169756248-513192630-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-248488246-4169756248-513192630-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: HKU\S-1-5-21-248488246-4169756248-513192630-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&query={SearchTerms}&invocationType=tb50-ie-dlink-chromesbox-en-us
SearchScopes: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL = http://www.bing.com/search?FORM=MSDTDF&PC=MSDTDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2013-04-01] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-29] (Oracle Corporation)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2011-11-17] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2013-04-01] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Toolbar: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> No Name - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} -  No File
Toolbar: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll [2014-01-16] (Intuit, Inc.)
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\HelpAsyncPluggableProtocol.dll [2014-06-26] (Intuit, Inc.)
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\HelpAsyncPluggableProtocol.dll [2014-12-06] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ECE01F0E-8C86-4A36-8BD9-D48FDCE922E1}: [NameServer] 172.26.38.1 172.26.38.2
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @glance.net/GlanceClient -> C:\Program Files (x86)\Glance29\npglance.dll [2014-09-16] (Glance Networks, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-09-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.7.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-09-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2009-01-07] (Motive, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2012-12-09] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-248488246-4169756248-513192630-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Val\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-248488246-4169756248-513192630-1000: @movenetworks.com/Quantum Media Player -> C:\Users\Val\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll [2009-10-13] (Move Networks)
FF Plugin HKU\S-1-5-21-248488246-4169756248-513192630-1000: @nds.com/PCShowPlugin -> C:\Users\Val\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKU\S-1-5-21-248488246-4169756248-513192630-1000: @nds.com/PlayerPlugin -> C:\Users\Val\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-248488246-4169756248-513192630-1000: @nds.com/PlayerPlugin64 -> C:\Users\Val\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-248488246-4169756248-513192630-1000: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Val\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-248488246-4169756248-513192630-1000: @plugin.couponnetwork.com/Coupon Print Activator;version=4.5 -> C:\Users\Val\AppData\Roaming\E-centives\NPcolPM460.dll [2011-07-18] (Invenda)
FF Plugin HKU\S-1-5-21-248488246-4169756248-513192630-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Val\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-248488246-4169756248-513192630-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Val\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-248488246-4169756248-513192630-1000: NDS.com/PlayerPlugin -> C:\Users\Val\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-09-16] (Cisco)
FF Plugin ProgramFiles/Appdata: C:\Users\Val\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-02-08] (Octoshape ApS)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-28]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-02-16]
FF HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\Val\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\Val\AppData\Roaming\Move Networks [2009-10-13]
FF HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-09]
CHR Extension: (Google Docs) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-09]
CHR Extension: (Google Drive) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-09]
CHR Extension: (YouTube) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-19]
CHR Extension: (Google Search) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-19]
CHR Extension: (Google Sheets) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-09]
CHR Extension: (Bookmark Manager) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-08]
CHR Extension: (Google Wallet) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-19]
CHR HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.TFEFO4HD7ZUZPENZMTEJGSNAYI - C:\Users\Val\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdminHelper.exe; C:\Program Files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe [56360 2012-12-18] ()
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b2e86aa7ebea9453\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S3 becldr3Service; C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [263168 2013-07-03] () [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 CobianBackup11; C:\Program Files (x86)\Cobian Backup 11\cbService.exe [1131008 2013-03-07] (Luis Cobian, CobianSoft) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8979416 2012-11-20] (DisplayLink Corp.)
R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [30032 2013-03-22] (Gladinet, INC)
R2 HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-11-20] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-04-05] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-06] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-12-02] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-11-26] (Intuit Inc.) [File not signed]
S4 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBDBMgrN.exe [679936 2013-12-02] (Intuit, Inc.) [File not signed]
R2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2008-09-15] () [File not signed]
R2 SBAMSvc; C:\Program Files (x86)\GFI Software\VIPRE\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
R2 SBPIMSvc; C:\Program Files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [173424 2011-12-19] (GFI Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b2e86aa7ebea9453\STacSV64.exe [239104 2009-06-03] (IDT, Inc.)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [317296 2011-06-24] (Sierra Wireless, Inc.)
R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2009-04-22] ()
R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116104 2009-04-22] ()
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [116224 2009-10-14] (WDC) [File not signed]
R2 WDSmartWareBackgroundService; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [20480 2009-06-16] (Memeo) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 HPSLPSVC; C:\Users\Val\AppData\Local\Temp\7zS3272\hpslpsvc64.dll [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AVerBDA6x_x64; C:\Windows\System32\DRIVERS\AVerBDA716x_x64.sys [1317888 2008-12-02] (AVerMedia TECHNOLOGIES, Inc.)
S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [58368 2008-08-20] (ASIX Electronics Corp.)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-03-12] (Emsisoft GmbH)
S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [17408 2012-12-05] (http://libusb-win32.sourceforge.net)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2009-08-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [42784 2008-07-11] (PCTEL Inc.)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-16] (Padus, Inc.) [File not signed]
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-06-11] (Audials AG)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SBRE; C:\Windows\SysWOW64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
R2 SCWFPFilter; C:\Windows\System32\DRIVERS\WFPFilter.sys [25552 2012-01-10] ()
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-05-13] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-05-16] (Sierra Wireless Inc.)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [30088 2008-04-17] ()
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [297472 2011-05-28] (Sierra Wireless Inc.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-07-10] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-07-10] (Acronis)
S3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-07-10] (Acronis International GmbH)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 11:04 - 2015-04-23 11:06 - 00042810 _____ () C:\Users\Val\Desktop\FRST.txt
2015-04-23 11:04 - 2015-04-23 11:04 - 00000000 ____D () C:\FRST
2015-04-23 11:03 - 2015-04-23 11:02 - 02099712 _____ (Farbar) C:\Users\Val\Desktop\FRST64.exe
2015-04-15 10:44 - 2015-04-01 19:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 10:44 - 2015-04-01 18:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 10:44 - 2015-03-24 22:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 10:44 - 2015-03-24 22:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 10:44 - 2015-03-24 22:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 10:44 - 2015-03-24 22:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 10:44 - 2015-03-24 22:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 10:44 - 2015-03-24 22:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 10:44 - 2015-03-24 22:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 10:44 - 2015-03-24 22:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 10:44 - 2015-03-24 22:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 10:44 - 2015-03-24 22:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 10:44 - 2015-03-24 22:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 10:44 - 2015-03-24 22:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 10:44 - 2015-03-24 22:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 10:44 - 2015-03-24 22:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 10:44 - 2015-03-24 22:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 10:44 - 2015-03-24 22:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 10:44 - 2015-03-17 00:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 10:44 - 2015-03-17 00:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 10:44 - 2015-03-17 00:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 10:44 - 2015-03-17 00:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 10:44 - 2015-03-17 00:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 10:44 - 2015-03-17 00:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 10:44 - 2015-03-17 00:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 10:44 - 2015-03-17 00:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 10:44 - 2015-03-17 00:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 10:44 - 2015-03-17 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 10:44 - 2015-03-17 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 10:44 - 2015-03-17 00:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 10:44 - 2015-03-17 00:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 10:44 - 2015-03-17 00:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 10:44 - 2015-03-17 00:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 10:44 - 2015-03-17 00:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 10:44 - 2015-03-17 00:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 10:44 - 2015-03-17 00:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 10:44 - 2015-03-17 00:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 10:44 - 2015-03-17 00:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 10:44 - 2015-03-17 00:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 10:44 - 2015-03-17 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 10:44 - 2015-03-17 00:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 10:44 - 2015-03-17 00:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 10:44 - 2015-03-17 00:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 10:44 - 2015-03-16 23:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 10:44 - 2015-03-16 23:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 10:44 - 2015-03-16 23:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 10:44 - 2015-03-16 23:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 10:44 - 2015-03-16 23:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 10:44 - 2015-03-16 23:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 10:44 - 2015-03-16 23:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 10:44 - 2015-03-16 23:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 10:44 - 2015-03-16 23:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 10:44 - 2015-03-16 23:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 10:44 - 2015-03-12 23:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 10:44 - 2015-03-12 23:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 10:44 - 2015-03-12 23:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 10:44 - 2015-03-12 23:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 10:44 - 2015-03-12 23:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 10:44 - 2015-03-12 23:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 10:44 - 2015-03-12 23:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 10:44 - 2015-03-12 23:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 10:44 - 2015-03-12 23:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 10:44 - 2015-03-12 23:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 10:44 - 2015-03-12 22:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 10:44 - 2015-03-12 22:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 10:44 - 2015-03-12 22:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 10:44 - 2015-03-12 22:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 10:44 - 2015-03-12 22:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 10:44 - 2015-03-12 22:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 10:44 - 2015-03-12 22:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 10:44 - 2015-03-12 22:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 10:44 - 2015-03-12 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 10:44 - 2015-03-12 22:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 10:44 - 2015-03-12 22:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 10:44 - 2015-03-12 22:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 10:44 - 2015-03-12 22:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 10:44 - 2015-03-12 22:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 10:44 - 2015-03-12 22:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 10:44 - 2015-03-12 22:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 10:44 - 2015-03-12 22:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 10:44 - 2015-03-12 22:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 10:44 - 2015-03-12 22:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 10:44 - 2015-03-12 22:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 10:44 - 2015-03-12 22:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 10:44 - 2015-03-12 22:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 10:44 - 2015-03-12 22:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 10:44 - 2015-03-12 22:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 10:44 - 2015-03-12 22:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 10:44 - 2015-03-12 22:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 10:44 - 2015-03-12 22:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 10:44 - 2015-03-12 22:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 10:44 - 2015-03-12 22:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 10:44 - 2015-03-12 22:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 10:44 - 2015-03-12 22:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 10:44 - 2015-03-12 22:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 10:44 - 2015-03-12 21:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 10:44 - 2015-03-12 21:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 10:44 - 2015-03-12 21:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 10:44 - 2015-03-12 21:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 10:44 - 2015-03-12 21:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 10:44 - 2015-03-12 21:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 10:44 - 2015-03-12 21:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 10:44 - 2015-03-12 21:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 10:44 - 2015-03-12 21:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 10:44 - 2015-03-12 21:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 10:44 - 2015-03-12 21:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 10:44 - 2015-03-12 21:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 10:44 - 2015-03-12 21:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 10:44 - 2015-03-12 21:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 10:43 - 2015-03-22 22:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 10:43 - 2015-03-22 22:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 10:43 - 2015-03-22 22:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 10:43 - 2015-03-22 22:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 10:43 - 2015-03-22 22:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 10:43 - 2015-03-22 22:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 10:43 - 2015-03-22 22:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 10:43 - 2015-03-22 22:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 10:43 - 2015-03-17 00:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 10:43 - 2015-03-17 00:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 10:43 - 2015-03-17 00:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 10:43 - 2015-03-17 00:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 10:43 - 2015-03-17 00:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 10:43 - 2015-03-17 00:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 10:43 - 2015-03-17 00:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 10:43 - 2015-03-17 00:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 10:43 - 2015-03-17 00:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:43 - 2015-03-17 00:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 10:43 - 2015-03-16 23:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 10:43 - 2015-03-16 23:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 10:43 - 2015-03-16 23:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 10:43 - 2015-03-16 23:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 10:43 - 2015-03-16 23:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 10:43 - 2015-03-16 23:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 10:43 - 2015-03-16 23:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 10:43 - 2015-03-16 23:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 22:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 10:43 - 2015-03-16 22:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 10:43 - 2015-03-16 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 10:43 - 2015-03-16 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 10:43 - 2015-03-09 22:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 10:43 - 2015-03-09 22:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 10:43 - 2015-03-09 22:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 10:43 - 2015-03-09 22:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 10:43 - 2015-03-05 00:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 10:43 - 2015-03-04 23:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 10:43 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 10:43 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 10:43 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-15 10:43 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-09 17:45 - 2015-04-09 17:45 - 00002515 _____ () C:\Users\Public\Desktop\TurboTax 2014.lnk
2015-04-09 17:45 - 2015-04-09 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2015-04-04 08:28 - 2015-04-04 08:29 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 08:28 - 2015-04-04 08:28 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-02 16:08 - 2015-04-02 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Professor Teaches
2015-04-02 16:07 - 2015-04-02 16:08 - 00000000 ____D () C:\Program Files (x86)\Professor Teaches
2015-03-26 10:08 - 2015-03-26 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-23 11:06 - 2012-09-19 15:42 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-248488246-4169756248-513192630-1000UA.job
2015-04-23 10:38 - 2012-06-11 20:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-23 10:20 - 2009-10-23 14:37 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-23 09:28 - 2012-12-04 18:45 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-23 09:28 - 2012-12-04 18:45 - 00018864 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-23 09:23 - 2012-12-04 22:08 - 01260799 _____ () C:\Windows\WindowsUpdate.log
2015-04-23 09:17 - 2015-03-19 14:38 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-23 09:17 - 2015-01-08 12:42 - 00000000 ___RD () C:\Users\Val\Google Drive
2015-04-23 09:17 - 2014-06-23 09:26 - 00000000 ___RD () C:\Users\Val\Dropbox
2015-04-23 09:17 - 2014-06-23 09:22 - 00000000 ____D () C:\Users\Val\AppData\Roaming\Dropbox
2015-04-23 09:16 - 2009-10-23 14:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-23 09:14 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 09:14 - 2009-07-13 23:51 - 45499210 _____ () C:\Windows\setupact.log
2015-04-23 00:06 - 2012-09-19 15:42 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-248488246-4169756248-513192630-1000Core.job
2015-04-22 18:07 - 2012-12-04 20:55 - 00403108 _____ () C:\Windows\PFRO.log
2015-04-22 11:45 - 2009-06-03 09:09 - 00000000 ____D () C:\Program Files (x86)\Kodak
2015-04-22 11:45 - 2009-06-03 09:07 - 00000000 ____D () C:\ProgramData\Kodak
2015-04-22 11:44 - 2010-09-16 15:51 - 00000000 ____D () C:\Users\Val\AppData\Local\Eastman_Kodak_Company
2015-04-22 11:44 - 2009-09-12 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
2015-04-22 01:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-21 16:42 - 2009-06-08 14:34 - 00000000 ____D () C:\Users\Val\Documents\Quicken
2015-04-21 16:42 - 2009-05-29 12:09 - 00000000 ____D () C:\1 - Backup Files
2015-04-20 10:28 - 2011-10-20 14:38 - 00000000 ____D () C:\1 - A New Scanning
2015-04-20 10:07 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-20 10:05 - 2009-01-13 12:07 - 00003660 _____ () C:\Windows\System32\Tasks\HP Health Check
2015-04-16 16:46 - 2009-05-29 11:46 - 00000000 ____D () C:\1 - pet
2015-04-16 13:39 - 2009-06-04 13:30 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-04-15 13:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-04-15 11:28 - 2014-12-10 10:33 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 11:28 - 2014-04-24 09:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-15 11:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 11:26 - 2009-01-13 11:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-04-15 11:24 - 2012-12-05 10:14 - 00793616 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 11:24 - 2009-07-14 00:13 - 00793616 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 11:20 - 2013-07-10 10:16 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 10:50 - 2012-12-05 13:45 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-15 04:38 - 2012-06-11 20:29 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 04:38 - 2012-03-29 08:34 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 04:38 - 2011-05-18 18:27 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 03:11 - 2012-09-19 15:44 - 00002352 _____ () C:\Users\Val\Desktop\Google Chrome.lnk
2015-04-13 14:25 - 2009-05-27 17:20 - 00003176 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForVal
2015-04-13 14:25 - 2009-05-27 17:20 - 00000326 _____ () C:\Windows\Tasks\HPCeeScheduleForVal.job
2015-04-09 18:30 - 2009-06-12 16:17 - 00000000 ____D () C:\Users\Val\Documents\TurboTax
2015-04-09 17:48 - 2012-12-05 10:35 - 00001090 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-04-09 17:43 - 2009-06-12 16:05 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2015-04-09 17:11 - 2014-06-23 09:26 - 00001009 _____ () C:\Users\Val\Desktop\Dropbox.lnk
2015-04-09 17:11 - 2014-06-23 09:25 - 00000000 ____D () C:\Users\Val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-04-08 18:18 - 2009-07-14 00:08 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-06 16:06 - 2012-06-07 04:46 - 00002032 _____ () C:\Users\Val\PrintMaster-2012-Platinum.prefs
2015-04-03 09:07 - 2015-03-19 14:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-02 16:17 - 2014-10-28 16:11 - 00000000 ____D () C:\Users\Val\AppData\Roaming\Individual Software
2015-03-26 10:08 - 2012-09-25 11:01 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
 
==================== Files in the root of some directories =======
 
2014-03-08 19:01 - 2015-02-01 17:50 - 1029587 _____ () C:\Users\Val\AppData\Roaming\FileDrTool.log
2014-03-08 18:56 - 2014-03-08 18:56 - 0003558 _____ () C:\Users\Val\AppData\Roaming\QBFileDrTool.log
2015-03-18 19:22 - 2015-03-18 19:22 - 0331852 _____ () C:\Users\Val\AppData\Local\ars.cache
2012-12-05 09:34 - 2012-12-05 09:34 - 0000000 _____ () C:\Users\Val\AppData\Local\AtStart.txt
2015-03-18 19:24 - 2015-03-18 19:24 - 0722005 _____ () C:\Users\Val\AppData\Local\census.cache
2012-12-05 09:34 - 2012-12-05 09:34 - 0000000 _____ () C:\Users\Val\AppData\Local\DSwitch.txt
2015-03-18 02:55 - 2015-03-18 02:55 - 0000036 _____ () C:\Users\Val\AppData\Local\housecall.guid.cache
2012-12-05 09:34 - 2012-12-05 09:34 - 0000000 _____ () C:\Users\Val\AppData\Local\QSwitch.txt
2012-12-05 16:00 - 2015-02-28 10:51 - 0007601 _____ () C:\Users\Val\AppData\Local\Resmon.ResmonCfg
2015-03-18 03:11 - 2015-03-18 03:11 - 0000010 _____ () C:\Users\Val\AppData\Local\sponge.last.runtime.cache
2013-03-21 15:16 - 2013-03-21 15:16 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-02-11 13:09 - 2013-02-11 13:09 - 0005101 _____ () C:\ProgramData\cyzlxojr.ycm
2012-12-05 09:33 - 2015-04-23 09:16 - 0000189 _____ () C:\ProgramData\HPWALog.txt
2012-12-05 10:35 - 2015-04-09 17:48 - 0001090 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some content of TEMP:
====================
C:\Users\Val\AppData\Local\Temp\8.0.30.1-EasyShrx.Dll
C:\Users\Val\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpip1vqo.dll
C:\Users\Val\AppData\Local\Temp\VistaLib64_1.dll
 
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\SysWOW64\dlumdfb10.dll
C:\Windows\SysWOW64\dlumdfb11.dll
C:\Windows\SysWOW64\dlumdfb9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-14 00:15
 
==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 23 April 2015 - 02:34 PM

Hello vsew1210 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------

 

Step 1:

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Double-click mbam-setup-2.1.4.1018.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export.
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

Already installed:
Threat Scan

  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export.
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

Step 2:

Please be sure to run our tools with administrator rights.
 ComboFix run:
 
* IMPORTANT : 1   Place ComboFix.exe on your Desktop
* IMPORTANT : 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.
 
Have a nice day.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 vsew1210

vsew1210
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:24 PM

Posted 24 April 2015 - 11:00 AM

Hello Yilmaz,

 

My name is Valerie. Thank you for assisting me with this issue.  I followed the steps in your reply. All completed without issue. Malwarebytes did not detect any malicious items. The scan log is attached as requested. I was not offered the option to install the Recovery Console while ComboFix was running. The text of the ComboFix log is shown below:

 

ComboFix 15-04-19.01 - Val 04/24/2015   9:57.3.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.2072 [GMT -5:00]
Running from: c:\users\Val\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: GFI Software VIPRE *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Val\AppData\Local\Temp\_MEI32522\_ctypes.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\_elementtree.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\_hashlib.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\_multiprocessing.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\_socket.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\_ssl.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\_yappi.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\hashobjs_ext.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\pyexpat.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\pysqlite2._sqlite.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\python27.dll
c:\users\Val\AppData\Local\Temp\_MEI32522\pythoncom27.dll
c:\users\Val\AppData\Local\Temp\_MEI32522\PyWinTypes27.dll
c:\users\Val\AppData\Local\Temp\_MEI32522\select.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\unicodedata.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32api.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32com.shell.shell.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32crypt.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32event.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32file.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32gui.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32inet.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32pdh.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32pipe.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32process.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32profile.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32security.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\win32ts.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\windows._lib_cacheinvalidation.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\wx._animate.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\wx._controls_.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\wx._core_.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\wx._gdi_.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\wx._html2.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\wx._misc_.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\wx._windows_.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\wx._wizard.pyd
c:\users\Val\AppData\Local\Temp\_MEI32522\wxbase294u_net_vc90.dll
c:\users\Val\AppData\Local\Temp\_MEI32522\wxbase294u_vc90.dll
c:\users\Val\AppData\Local\Temp\_MEI32522\wxmsw294u_adv_vc90.dll
c:\users\Val\AppData\Local\Temp\_MEI32522\wxmsw294u_core_vc90.dll
c:\users\Val\AppData\Local\Temp\_MEI32522\wxmsw294u_html_vc90.dll
c:\users\Val\AppData\Local\Temp\_MEI32522\wxmsw294u_webview_vc90.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-24 to 2015-04-24  )))))))))))))))))))))))))))))))
.
.
2015-04-24 15:10 . 2015-04-24 15:10 -------- d-----w- c:\users\Repair\AppData\Local\temp
2015-04-24 15:10 . 2015-04-24 15:10 -------- d-----w- c:\users\QBDataServiceUser20\AppData\Local\temp
2015-04-24 15:10 . 2015-04-24 15:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-24 15:10 . 2015-04-24 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-23 21:14 . 2015-04-23 21:14 -------- d-----w- c:\users\Val\AppData\Roaming\HPAppData
2015-04-23 16:04 . 2015-04-23 16:09 -------- d-----w- C:\FRST
2015-04-15 15:43 . 2015-03-17 05:16 50176 ----a-w- c:\windows\system32\srclient.dll
2015-04-04 13:28 . 2015-04-04 13:29 -------- d-s---w- c:\windows\system32\GWX
2015-04-04 13:28 . 2015-04-04 13:28 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-02 21:07 . 2015-04-02 21:08 -------- d-----w- c:\program files (x86)\Professor Teaches
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-15 15:50 . 2012-12-05 18:45 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-15 09:38 . 2012-03-29 13:34 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-15 09:38 . 2011-05-18 23:27 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-17 04:56 . 2015-04-15 15:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-02-26 03:25 . 2015-03-11 21:23 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-20 04:41 . 2015-03-11 21:26 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 21:26 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 21:26 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 21:26 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 21:26 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 21:26 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 21:26 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 21:26 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 21:26 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 21:26 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-02-13 05:22 . 2015-03-11 21:24 14177280 ----a-w- c:\windows\system32\shell32.dll
2015-02-09 00:42 . 2015-02-09 00:42 63824 ------r- c:\users\Val\AppData\Roaming\Microsoft\Installer\{437f5443-c052-432c-b1e7-abd9bc5cabdb}\ARPPRODUCTICON.exe
2015-02-04 17:23 . 2015-02-04 17:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 17:13 . 2015-02-04 17:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-02-04 03:16 . 2015-03-11 21:18 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-02-04 02:54 . 2015-03-11 21:18 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-02-03 03:34 . 2015-03-11 21:26 693176 ----a-w- c:\windows\system32\winload.efi
2015-02-03 03:34 . 2015-03-11 21:26 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-02-03 03:33 . 2015-03-11 21:26 616360 ----a-w- c:\windows\system32\winresume.efi
2015-02-03 03:31 . 2015-03-11 21:26 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll
2015-02-03 03:31 . 2015-03-11 21:26 14632960 ----a-w- c:\windows\system32\wmp.dll
2015-02-03 03:31 . 2015-03-11 21:26 229376 ----a-w- c:\windows\system32\wintrust.dll
2015-02-03 03:31 . 2015-03-11 21:23 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-03 03:31 . 2015-03-11 21:24 215552 ----a-w- c:\windows\system32\ubpm.dll
2015-02-03 03:31 . 2015-03-11 21:25 5120 ----a-w- c:\windows\system32\dxmasf.dll
2015-02-03 03:31 . 2015-03-11 21:25 5120 ----a-w- c:\windows\system32\msdxm.ocx
2015-02-03 03:31 . 2015-03-11 21:26 63488 ----a-w- c:\windows\system32\setbcdlocale.dll
2015-02-03 03:31 . 2015-03-11 21:26 1574400 ----a-w- c:\windows\system32\quartz.dll
2015-02-03 03:31 . 2015-03-11 21:26 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
2015-02-03 03:31 . 2015-03-11 21:26 371712 ----a-w- c:\windows\system32\qdvd.dll
2015-02-03 03:31 . 2015-03-11 21:26 188416 ----a-w- c:\windows\system32\pcasvc.dll
2015-02-03 03:31 . 2015-03-11 21:26 37376 ----a-w- c:\windows\system32\pcadm.dll
2015-02-03 03:31 . 2015-03-11 21:25 9728 ----a-w- c:\windows\system32\spwmp.dll
2015-02-03 03:31 . 2015-03-11 21:26 641024 ----a-w- c:\windows\system32\msscp.dll
2015-02-03 03:31 . 2015-03-11 21:26 325632 ----a-w- c:\windows\system32\msnetobj.dll
2015-02-03 03:31 . 2015-03-11 21:26 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-02-03 03:31 . 2015-03-11 21:26 432128 ----a-w- c:\windows\system32\mfplat.dll
2015-02-03 03:31 . 2015-03-11 21:26 4121600 ----a-w- c:\windows\system32\mf.dll
2015-02-03 03:31 . 2015-03-11 21:26 206848 ----a-w- c:\windows\system32\mfps.dll
2015-02-03 03:30 . 2015-03-11 21:26 631808 ----a-w- c:\windows\system32\evr.dll
2015-02-03 03:30 . 2015-03-11 21:26 284672 ----a-w- c:\windows\system32\EncDump.dll
2015-02-03 03:30 . 2015-03-11 21:26 1202176 ----a-w- c:\windows\system32\drmv2clt.dll
2015-02-03 03:30 . 2015-03-11 21:26 497664 ----a-w- c:\windows\system32\drmmgrtn.dll
2015-02-03 03:30 . 2015-03-11 21:26 1480192 ----a-w- c:\windows\system32\crypt32.dll
2015-02-03 03:30 . 2015-03-11 21:26 1069056 ----a-w- c:\windows\system32\cryptui.dll
2015-02-03 03:30 . 2015-03-11 21:26 82432 ----a-w- c:\windows\system32\cryptsp.dll
2015-02-03 03:30 . 2015-03-11 21:26 140288 ----a-w- c:\windows\system32\cryptnet.dll
2015-02-03 03:30 . 2015-03-11 21:26 187904 ----a-w- c:\windows\system32\cryptsvc.dll
2015-02-03 03:30 . 2015-03-11 21:26 842240 ----a-w- c:\windows\system32\blackbox.dll
2015-02-03 03:30 . 2015-03-11 21:26 680960 ----a-w- c:\windows\system32\audiosrv.dll
2015-02-03 03:30 . 2015-03-11 21:26 296448 ----a-w- c:\windows\system32\AudioSes.dll
2015-02-03 03:30 . 2015-03-11 21:26 440832 ----a-w- c:\windows\system32\AudioEng.dll
2015-02-03 03:30 . 2015-03-11 21:26 32256 ----a-w- c:\windows\system32\appidsvc.dll
2015-02-03 03:30 . 2015-03-11 21:26 58880 ----a-w- c:\windows\system32\appidapi.dll
2015-02-03 03:30 . 2015-03-11 21:26 55808 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-03 03:30 . 2015-03-11 21:26 11264 ----a-w- c:\windows\system32\pcawrk.exe
2015-02-03 03:30 . 2015-03-11 21:26 9728 ----a-w- c:\windows\system32\pcalua.exe
2015-02-03 03:30 . 2015-03-11 21:26 24576 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-03 03:30 . 2015-03-11 21:26 126464 ----a-w- c:\windows\system32\audiodg.exe
2015-02-03 03:30 . 2015-03-11 21:26 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2015-02-03 03:30 . 2015-03-11 21:26 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2015-02-03 03:30 . 2015-03-11 21:25 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2015-02-03 03:29 . 2015-03-11 21:25 8704 ----a-w- c:\windows\system32\pcaevts.dll
2015-02-03 03:28 . 2015-03-11 21:25 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-03 03:19 . 2015-03-11 21:26 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys
2015-02-03 03:12 . 2015-03-11 21:26 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2015-02-03 03:12 . 2015-03-11 21:26 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2015-02-03 03:12 . 2015-03-11 21:23 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2015-02-03 03:12 . 2015-03-11 21:24 171520 ----a-w- c:\windows\SysWow64\ubpm.dll
2015-02-03 03:12 . 2015-03-11 21:25 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2015-02-03 03:12 . 2015-03-11 21:25 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2015-02-03 03:12 . 2015-03-11 21:26 1329664 ----a-w- c:\windows\SysWow64\quartz.dll
2015-02-03 03:12 . 2015-03-11 21:26 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2015-02-03 03:12 . 2015-03-11 21:26 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
2015-02-03 03:12 . 2015-03-11 21:25 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2015-02-03 03:12 . 2015-03-11 21:26 504320 ----a-w- c:\windows\SysWow64\msscp.dll
2015-02-03 03:12 . 2015-03-11 21:26 265216 ----a-w- c:\windows\SysWow64\msnetobj.dll
2015-02-03 03:12 . 2015-03-11 21:26 3209728 ----a-w- c:\windows\SysWow64\mf.dll
2015-02-03 03:12 . 2015-03-11 21:26 354816 ----a-w- c:\windows\SysWow64\mfplat.dll
2015-02-03 03:12 . 2015-03-11 21:26 103424 ----a-w- c:\windows\SysWow64\mfps.dll
2015-02-03 03:12 . 2015-03-11 21:26 489984 ----a-w- c:\windows\SysWow64\evr.dll
2015-02-03 03:12 . 2015-03-11 21:26 988160 ----a-w- c:\windows\SysWow64\drmv2clt.dll
2015-02-03 03:12 . 2015-03-11 21:26 406016 ----a-w- c:\windows\SysWow64\drmmgrtn.dll
2015-02-03 03:12 . 2015-03-11 21:26 1174528 ----a-w- c:\windows\SysWow64\crypt32.dll
2015-02-03 03:12 . 2015-03-11 21:26 1005056 ----a-w- c:\windows\SysWow64\cryptui.dll
2015-02-03 03:12 . 2015-03-11 21:26 81408 ----a-w- c:\windows\SysWow64\cryptsp.dll
2015-02-03 03:12 . 2015-03-11 21:26 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2015-02-03 03:12 . 2015-03-11 21:26 143872 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2015-02-03 03:12 . 2015-03-11 21:26 744960 ----a-w- c:\windows\SysWow64\blackbox.dll
2015-02-03 03:12 . 2015-03-11 21:26 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
2015-02-03 03:12 . 2015-03-11 21:26 50688 ----a-w- c:\windows\SysWow64\appidapi.dll
2015-02-03 03:12 . 2015-03-11 21:26 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
2015-02-03 03:11 . 2015-03-11 21:26 50176 ----a-w- c:\windows\SysWow64\rrinstaller.exe
2015-02-03 03:11 . 2015-03-11 21:26 23040 ----a-w- c:\windows\SysWow64\mfpmp.exe
2015-02-03 03:11 . 2015-03-11 21:25 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2013-03-22 18:29 194896 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2013-03-22 18:32 194896 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-10-13 2068856]
"HP Photosmart 5520 series (NET)"="c:\program files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe" [2012-01-31 2551656]
"HP Officejet Pro 8500 A910 (NET)"="c:\program files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
"PCShowServer"="c:\users\Val\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2014-09-16 1631088]
"Octoshape Streaming Services"="c:\users\Val\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2011-03-24 107800]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-03-25 7806744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-02-27 3775800]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"SBAMTray"="c:\program files (x86)\GFI Software\VIPRE\SBAMTray.exe" [2011-12-19 3050352]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-03-28 6365920]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1103424]
"AnySync"="c:\program files (x86)\AnySync\SyncLauncher.exe" [2011-03-21 41984]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-11-19 143360]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"Cobian Backup 11 interface"="c:\program files (x86)\Cobian Backup 11\cbInterface.exe" [2013-03-08 4407808]
.
c:\users\Val\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Val\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-4-13 43376600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - c:\program files (x86)\Creative Home\Hallmark Card Studio 2014 Deluxe\Planner\PLNRnote.exe [2013-7-2 370568]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2014-6-5 6306104]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-12-6 1226568]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBW32.EXE -silent [2014-12-6 1537864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Nuance OmniPage Ultimate-reminder"="c:\program files (x86)\Nuance\OmniPage19\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\OmniPage Ultimate\Ereg\Ereg.ini"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 becldr3Service;BCL EasyConverter SDK 3 Loader;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe;c:\program files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS;c:\windows\SYSNATIVE\drivers\BVRPMPR5a64.SYS [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys;c:\windows\SYSNATIVE\drivers\gfiutil.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys;c:\windows\SYSNATIVE\DRIVERS\sbwtis.sys [x]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys;c:\windows\SYSNATIVE\DRIVERS\swg3kser00.sys [x]
R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\DRIVERS\swiwdmbx64.sys;c:\windows\SYSNATIVE\DRIVERS\swiwdmbx64.sys [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys;c:\windows\SYSNATIVE\DRIVERS\swnc8ua3.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 QuickBooksDB24;QuickBooksDB24;c:\progra~2\Intuit\QUD3E7~1.0\QBDBMgrN.exe;c:\progra~2\Intuit\QUD3E7~1.0\QBDBMgrN.exe [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S1 RrNetCapFilterDriver;RadioRip Filter Driver;c:\windows\system32\DRIVERS\RrNetCapFilterDriver.sys;c:\windows\SYSNATIVE\DRIVERS\RrNetCapFilterDriver.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AdminHelper.exe;AdminHelper.exe;c:\program files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe;c:\program files (x86)\AT&T\AT&T Communication Manager\AdminHelper.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b2e86aa7ebea9453\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b2e86aa7ebea9453\AESTSr64.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [x]
S2 CobianBackup11;Cobian Backup 11 Gravity;c:\program files (x86)\Cobian Backup 11\cbService.exe;c:\program files (x86)\Cobian Backup 11\cbService.exe [x]
S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files (x86)\SMINST\BLService.exe;c:\program files (x86)\SMINST\BLService.exe [x]
S2 SBAMSvc;VIPRE Antivirus;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe;c:\program files (x86)\GFI Software\VIPRE\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 SBPIMSvc;SB Recovery Service;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe;c:\program files (x86)\GFI Software\VIPRE\SBPIMSvc.exe [x]
S2 SCWFPFilter;SCWFPFilter;c:\windows\system32\DRIVERS\WFPFilter.sys;c:\windows\SYSNATIVE\DRIVERS\WFPFilter.sys [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe;c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [x]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe;c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;c:\windows\system32\DRIVERS\AVerBDA716x_x64.sys;c:\windows\SYSNATIVE\DRIVERS\AVerBDA716x_x64.sys [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 glancedrv;glancedrv;c:\windows\system32\DRIVERS\glancedrv.sys;c:\windows\SYSNATIVE\DRIVERS\glancedrv.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:38]
.
2015-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-23 05:02]
.
2015-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-10-23 05:02]
.
2015-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-248488246-4169756248-513192630-1000Core.job
- c:\users\Val\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19 15:49]
.
2015-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-248488246-4169756248-513192630-1000UA.job
- c:\users\Val\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-19 15:49]
.
2015-04-13 c:\windows\Tasks\HPCeeScheduleForVal.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-01-13 19:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ------w- c:\users\Val\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-03-28 03:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-03-28 03:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-03-28 03:37 2818800 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 19:24 774472 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2013-03-22 18:30 208208 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2013-03-22 18:33 195920 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosDockApp"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2008-10-21 222520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-04 442368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-30 1794344]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-02-15 516928]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office15\ONBttnIE.dll/105
Trusted Zone: cinemanow.com
Trusted Zone: hsn.com\www
Trusted Zone: intuit.com
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ECE01F0E-8C86-4A36-8BD9-D48FDCE922E1}: NameServer = 172.26.38.1 172.26.38.2
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - c:\program files (x86)\Intuit\QuickBooks Enterprise Solutions 13.0\HelpAsyncPluggableProtocol.dll
Handler: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - c:\program files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\HelpAsyncPluggableProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKU-Default-RunOnce-KodakHomeCenter - c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-{1CB0993B-1CD4-4A18-9C85-9732AFD9843F} - c:\programdata\{559F25A3-87D2-4D88-ADC5-DF4C277CDD45}\setup.exe
AddRemove-{1DA632BA-F963-4B97-A2B6-50F9003A13B8} - c:\programdata\{5B476AFF-42AA-458C-BDFA-38730A66ECB5}\LCSETUP50.exe
AddRemove-{2D1EAE70-56CB-42E7-9C68-038466F3D5BE} - c:\programdata\{677ED8B9-8A06-4B2E-9BD8-EA1000AABD64}\HGTV Ultimate Home Design_English.exe
AddRemove-{3B2DACD1-BAB5-4760-BF4C-3DC9054A751C} - c:\programdata\{EFBAD1D6-DB32-4E45-ACA1-FB05458C6D20}\LCSETUP20.exe
AddRemove-{FB941DEF-00ED-45B5-8A48-30CCAAE161D4} - c:\programdata\{16E17505-BB4A-49B7-8F86-6FC7689CA4FB}\LCSETUP40.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\programdata\FLEXnet\Connect\11\agent.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\ControlCenter4\BrCtrlCntr.exe
c:\program files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBW32.EXE
c:\users\Val\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\ControlCenter4\BrCcUxSys.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\users\Val\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
.
**************************************************************************
.
Completion time: 2015-04-24  10:28:40 - machine was rebooted
ComboFix-quarantined-files.txt  2015-04-24 15:28
.
Pre-Run: 563,409,616,896 bytes free
Post-Run: 562,950,909,952 bytes free
.
- - End Of File - - 7F74FF8FAE2BA0A9DE022E5E5616C3B5

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 24 April 2015 - 06:43 PM

Hi Valerie,
Thank you for the information.
 
Ensure your external and/or USB drives are inserted during always the scan.
 
Please go to Start, Click Control Panel , click Programs and then click Programs and Features if it still exists:
Uninstall:
 
Bing Bar
Coupon Printer for Windows
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar

Malwarebytes Anti-Malware version 1.75.0.1300 (Please install new version)
 
PC restart
 
Please download Malwarebytes Anti-Malware
---------------------------------------------
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt   12.17KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Regards.

Attached Files


Edited by olgun52, 25 April 2015 - 11:44 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 vsew1210

vsew1210
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:24 PM

Posted 25 April 2015 - 09:21 AM

Yilmaz,

 

I attached my USB drive, deleted the programs you listed, downloaded & installed Malwarebytes and performed your steps 1, 2 and 3 as instructed. I did not have any issues completing these steps. The information from the logs generated by steps 1, 2 and 3 follows.

 

Thanks again for your help.

 

FRST Log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2015 01
Ran by Val at 2015-04-24 22:00:38 Run:1
Running from C:\Users\Val\Documents\Downloads\FRST
Loaded Profiles: Val (Available profiles: Val & QBDataServiceUser20 & Repair)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
CustomCLSID: HKU\S-1-5-21-248488246-4169756248-513192630-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Val\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-248488246-4169756248-513192630-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Val\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-248488246-4169756248-513192630-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Val\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-248488246-4169756248-513192630-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\QBW32.EXE No File
CustomCLSID: HKU\S-1-5-21-248488246-4169756248-513192630-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Val\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-248488246-4169756248-513192630-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\QBW32.EXE No File
Task: {97FAD94A-59EE-46E2-B13E-30E83F7BB0A7} - System32\Tasks\{2D2D7827-8077-4EDF-95D8-DE0F0446A7F8} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1601
Task: C:\Windows\Tasks\HPCeeScheduleForVal.job => C:\Program Files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe
2015-04-23 09:16 - 2015-04-23 09:16 - 00098816 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32api.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00110080 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\pywintypes27.dll
2015-04-23 09:16 - 2015-04-23 09:16 - 00364544 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\pythoncom27.dll
2015-04-23 09:16 - 2015-04-23 09:16 - 00045568 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\_socket.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 01161216 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\_ssl.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00320512 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32com.shell.shell.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00713216 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\_hashlib.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 01175040 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._core_.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00805888 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._gdi_.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00811008 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._windows_.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 01062400 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._controls_.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00735232 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._misc_.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00682496 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\pysqlite2._sqlite.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00128512 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\_elementtree.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00127488 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\pyexpat.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00087552 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\_ctypes.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00119808 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32file.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00108544 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32security.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00007168 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\hashobjs_ext.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00167936 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32gui.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00018432 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32event.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00038912 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32inet.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00011264 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32crypt.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00070656 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._html2.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00027136 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\_multiprocessing.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00020480 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\_yappi.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00035840 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32process.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00686080 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\unicodedata.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00122368 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._wizard.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00024064 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32pipe.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00010240 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\select.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00025600 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32pdh.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00525640 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\windows._lib_cacheinvalidation.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00017408 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32profile.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00022528 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\win32ts.pyd
2015-04-23 09:16 - 2015-04-23 09:16 - 00078336 _____ () C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._animate.pyd
AlternateDataStreams: C:\ProgramData\Temp:A303874F
AlternateDataStreams: C:\ProgramData\Temp:FD9CE1F3
IE trusted site: HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\cinemanow.com -> hxxp://cinemanow.com
IE trusted site: HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\cinemanow.com -> hxxps://cinemanow.com
IE trusted site: HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\hsn.com -> hxxps://www.hsn.com
C:\Users\Val\AppData\Local\Temp\8.0.30.1-EasyShrx.Dll
C:\Users\Val\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpip1vqo.dll
C:\Users\Val\AppData\Local\Temp\VistaLib64_1.dll
2013-02-11 13:09 - 2013-02-11 13:09 - 0005101 _____ () C:\ProgramData\cyzlxojr.ycm
2012-12-05 09:33 - 2015-04-23 09:16 - 0000189 _____ () C:\ProgramData\HPWALog.txt
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\Run: [PCShowServer] => C:\Users\Val\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631088 2014-09-16] (Cisco)
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\MountPoints2: {87d1b0ea-d6c1-11de-9a16-00238bc98a1b} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\MountPoints2: {ac24bf63-b9eb-11e4-97c3-00238bc98a1b} - F:\autorun.exe
HKU\S-1-5-21-248488246-4169756248-513192630-1000\...\MountPoints2: {f2a552ff-94f8-11e3-b494-00238bc98a1b} - F:\WIN\setup.exe -ap
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-248488246-4169756248-513192630-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKU\S-1-5-21-248488246-4169756248-513192630-1000 - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
URLSearchHook: HKU\S-1-5-21-248488246-4169756248-513192630-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -  No File
URLSearchHook: HKU\S-1-5-21-248488246-4169756248-513192630-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM -> {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 -> {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&query={SearchTerms}&invocationType=tb50-ie-dlink-chromesbox-en-us
SearchScopes: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> {682A7A5C-953E-4F46-BE75-B46823CC9E8B} URL = http://www.bing.com/search?FORM=MSDTDF&PC=MSDTDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> {F866DC5B-A053-40B9-BCDE-375ED3441201} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2013-04-01] (Yahoo! Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll [2011-11-17] (Yahoo! Inc)
oolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2013-04-01] (Yahoo! Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-09-15] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> No Name - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} -  No File
Toolbar: HKU\S-1-5-21-248488246-4169756248-513192630-1000 -> No Name - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} -  No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin HKU\S-1-5-21-248488246-4169756248-513192630-1000: @nds.com/PCShowPlugin -> C:\Users\Val\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKU\S-1-5-21-248488246-4169756248-513192630-1000: @plugin.couponnetwork.com/Coupon Print Activator;version=4.5 -> C:\Users\Val\AppData\Roaming\E-centives\NPcolPM460.dll [2011-07-18] (Invenda)
CHR HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome.TFEFO4HD7ZUZPENZMTEJGSNAYI - C:\Users\Val\AppData\Local\Google\Chrome\Application\chrome.exe
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-03-28] (Coupons.com Inc.)
S2 HPSLPSVC; C:\Users\Val\AppData\Local\Temp\7zS3272\hpslpsvc64.dll
cmd: type C:\1 - pet
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
 
 
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-248488246-4169756248-513192630-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}" => Key deleted successfully.
"HKU\S-1-5-21-248488246-4169756248-513192630-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}" => Key deleted successfully.
"HKU\S-1-5-21-248488246-4169756248-513192630-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}" => Key deleted successfully.
"HKU\S-1-5-21-248488246-4169756248-513192630-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}" => Key deleted successfully.
"HKU\S-1-5-21-248488246-4169756248-513192630-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}" => Key deleted successfully.
"HKU\S-1-5-21-248488246-4169756248-513192630-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97FAD94A-59EE-46E2-B13E-30E83F7BB0A7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97FAD94A-59EE-46E2-B13E-30E83F7BB0A7}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2D2D7827-8077-4EDF-95D8-DE0F0446A7F8} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D2D7827-8077-4EDF-95D8-DE0F0446A7F8}" => Key deleted successfully.
C:\Windows\Tasks\HPCeeScheduleForVal.job => Moved successfully.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32api.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\pywintypes27.dll" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\pythoncom27.dll" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\_socket.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\_ssl.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32com.shell.shell.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\_hashlib.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._core_.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._gdi_.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._windows_.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._controls_.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._misc_.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\pysqlite2._sqlite.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\_elementtree.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\pyexpat.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\_ctypes.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32file.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32security.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\hashobjs_ext.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32gui.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32event.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32inet.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32crypt.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._html2.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\_multiprocessing.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\_yappi.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32process.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\unicodedata.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._wizard.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32pipe.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\select.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32pdh.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\windows._lib_cacheinvalidation.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32profile.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\win32ts.pyd" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\_MEI45282\wx._animate.pyd" => File/Directory not found.
C:\ProgramData\Temp => ":A303874F" ADS removed successfully.
C:\ProgramData\Temp => ":FD9CE1F3" ADS removed successfully.
"HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cinemanow.com" => Key deleted successfully.
HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cinemanow.com => Key not found. 
"HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hsn.com" => Key deleted successfully.
"C:\Users\Val\AppData\Local\Temp\8.0.30.1-EasyShrx.Dll" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpip1vqo.dll" => File/Directory not found.
"C:\Users\Val\AppData\Local\Temp\VistaLib64_1.dll" => File/Directory not found.
C:\ProgramData\cyzlxojr.ycm => Moved successfully.
C:\ProgramData\HPWALog.txt => Moved successfully.
"C:\Program Files (x86)\Coupons\CouponPrinterService.exe" => File/Directory not found.
HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PCShowServer => value deleted successfully.
HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87d1b0ea-d6c1-11de-9a16-00238bc98a1b} => Key not found. 
HKCR\CLSID\{87d1b0ea-d6c1-11de-9a16-00238bc98a1b} => Key not found. 
HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ac24bf63-b9eb-11e4-97c3-00238bc98a1b} => Key not found. 
HKCR\CLSID\{ac24bf63-b9eb-11e4-97c3-00238bc98a1b} => Key not found. 
HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f2a552ff-94f8-11e3-b494-00238bc98a1b} => Key not found. 
HKCR\CLSID\{f2a552ff-94f8-11e3-b494-00238bc98a1b} => Key not found. 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value deleted successfully.
HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => value deleted successfully.
"HKCR\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" => Key deleted successfully.
HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value not found.
HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value deleted successfully.
"HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}" => Key deleted successfully.
HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}" => Key deleted successfully.
HKCR\CLSID\{682A7A5C-953E-4F46-BE75-B46823CC9E8B} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F866DC5B-A053-40B9-BCDE-375ED3441201}" => Key deleted successfully.
HKCR\CLSID\{F866DC5B-A053-40B9-BCDE-375ED3441201} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{682A7A5C-953E-4F46-BE75-B46823CC9E8B} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F866DC5B-A053-40B9-BCDE-375ED3441201}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{F866DC5B-A053-40B9-BCDE-375ED3441201} => Key not found. 
"HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => Key deleted successfully.
HKCR\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => Key not found. 
"HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{682A7A5C-953E-4F46-BE75-B46823CC9E8B}" => Key deleted successfully.
HKCR\CLSID\{682A7A5C-953E-4F46-BE75-B46823CC9E8B} => Key not found. 
"HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F866DC5B-A053-40B9-BCDE-375ED3441201}" => Key deleted successfully.
HKCR\CLSID\{F866DC5B-A053-40B9-BCDE-375ED3441201} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key not found. 
HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}" => Key deleted successfully.
oolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll [2013-04-01] (Yahoo! Inc.) => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => Value not found.
HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => Key not found. 
HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => value deleted successfully.
HKCR\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} => Key not found. 
HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} => value deleted successfully.
HKCR\CLSID\{10134636-E7AF-4AC5-A1DC-C7C44BB97D81} => Key not found. 
"HKCR\PROTOCOLS\Handler\intu-help-qb2" => Key deleted successfully.
HKCR\CLSID\{84D77A00-41B5-4b8b-8ADF-86486D72E749} => Key not found. 
"HKCR\PROTOCOLS\Handler\intu-help-qb3" => Key deleted successfully.
HKCR\CLSID\{c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} => Key not found. 
"HKCR\PROTOCOLS\Handler\intu-help-qb4" => Key deleted successfully.
"HKCR\CLSID\{ACE22922-D07C-4860-B51B-8CF472FEC2CB}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\MozillaPlugins\@nds.com/PCShowPlugin" => Key deleted successfully.
C:\Users\Val\AppData\Local\DIRECTV Player\npPCShowPlugin.dll not found.
"HKU\S-1-5-21-248488246-4169756248-513192630-1000\Software\MozillaPlugins\@plugin.couponnetwork.com/Coupon Print Activator;version=4.5" => Key deleted successfully.
C:\Users\Val\AppData\Roaming\E-centives\NPcolPM460.dll => Moved successfully.
"HKU\S-1-5-21-248488246-4169756248-513192630-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
CouponPrinterService => Service not found.
HPSLPSVC => Service deleted successfully.
 
=========  type C:\1 - pet =========
 
The system cannot find the file specified.
Error occurred while processing: C:\1.
The system cannot find the file specified.
Error occurred while processing: -.
The system cannot find the file specified.
Error occurred while processing: pet.
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 22:05:18 ====
 
AdwCleaner Log
 
# AdwCleaner v4.202 - Logfile created 24/04/2015 at 22:57:01
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Val - VAL-PC
# Running from : C:\Users\Val\Desktop\adwcleaner_4.202.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Val\AppData\Local\PackageAware
Folder Deleted : C:\Users\Val\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Val\AppData\Roaming\HPAppData
Folder Deleted : C:\Users\Val\AppData\Roaming\download Manager
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Conduit
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - localhost;*.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17728
 
 
-\\ Google Chrome v
 
[C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=843&query={SearchTerms}&invocationType=tb50-ie-dlink-chromesbox-en-us
[C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
[C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.txdot.gov/inside-txdot/search-results.html?q={searchTerms}&search_section=main&path=%2Fcontent%2Ftxdot%2Fen
[C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www8.hp.com/us/en/hp-search/search-results.html?cc=us&lang=en&charset=utf-8&qt={searchTerms}&search=
[C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.bettycrocker.com/search/searchresults?sr=2&terms={searchTerms}
[C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Val\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.deltadentalins.com/search.html?cx=003706181456348511959%3Abl2yforhitq&cof=FORID%3A10%3BNB%3A1&ie=UTF-8&q={searchTerms}&sa=Search
 
*************************
 
AdwCleaner[R0].txt - [4345 bytes] - [24/04/2015 22:27:48]
AdwCleaner[S0].txt - [4193 bytes] - [24/04/2015 22:57:01]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4252  bytes] ##########
 
Junkware Removal Tool Log
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.2 (04.24.2015:1)
OS: Windows 7 Home Premium x64
Ran by Val on Fri 04/24/2015 at 23:08:43.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Users\Val\AppData\Roaming\getrighttogo
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 04/24/2015 at 23:12:38.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 25 April 2015 - 11:50 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Good day.

 

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 vsew1210

vsew1210
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:24 PM

Posted 25 April 2015 - 11:18 PM

The results of the EST scan are:

 

C:\1 - Downloads\My Driver Updater\mydriverupdater7.exe a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\1 - Downloads\Printmaster Platinum 2012\CT2530712_Printmaster_plat_2012.exe Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Program Files\Family Tree Maker 2014\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
 
Thank you.


#8 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 26 April 2015 - 04:40 PM

Please Delete: 

C:\1 - Downloads\Printmaster Platinum 2012\CT2530712_Printmaster_plat_2012.exe 

------------------------------------------------

Step 2:

 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.00 (XI) to your PC's desktop.
 

  • Uninstall Adobe Reader X via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
mcafee-ssp.jpg

Step 2:

Updating Java and Clearing Cache:

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to update.

Please go to Start > Control Panel > Programs and Features > uninstall all the Java Programs you see, now download the latest Java from the following link and install it:

Java 6 Update 7

Java 7 Update 7

Now system reboot.

  • Download the latest version of Java Runtime Environment (JRE) 8
  • Recommended Version is 8 Update 45
  • Read the License Agreement then select Accept License Agreement
  • Click on the link to download Windows x64 Offline (64Bit) and save the file.
  • Close any programs you may have running - especially your web browser.

java-1.jpg
See this page for instructions on how to clear java's cache.

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • Under Temporary Internet Files, click the Delete Files button.
  • There are three options in the window to clear the cache - Leave ALL 3 Checked
    • Downloaded Applets
      Downloaded Applications
      Installed Applications and Applets
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Java Control Panel.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 vsew1210

vsew1210
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:24 PM

Posted 26 April 2015 - 07:50 PM

Hello again,

 

I completed all of the steps you listed. Thanks again for your help.



#10 vsew1210

vsew1210
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:24 PM

Posted 27 April 2015 - 10:11 AM

Yilmaz,

 

I just realized that I have performed all of the scans with the USB drive that I believe to be infected connected to my computer. I haven't seen any of the scans reference anything on this USB drive. Should I perform some type of stand-alone scan on it?

 

Thanks

 

Valerie



#11 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 27 April 2015 - 12:07 PM

Yilmaz,

 

I just realized that I have performed all of the scans with the USB drive that I believe to be infected connected to my computer. I haven't seen any of the scans reference anything on this USB drive. Should I perform some type of stand-alone scan on it?

 

Thanks

 

Valerie

http://www.bleepingcomputer.com/forums/t/574178/possible-trojanw32generic-infection/?p=3688594
Combofix scan--Step2.

* IMPORTANT : 2   Ensure your external and/or USB drives are inserted during the scan

We scan with Combofix. USB should be installed.
Ensure your external and/or USB drives are inserted during always the scan

---------------------------------------------------------------------------------------------------------------

Please tell me how the system is running and any issues ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 vsew1210

vsew1210
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:24 PM

Posted 27 April 2015 - 01:42 PM

I guess the USB drive must be okay. When you instructed me to run the ComboFix scan the other day, the USB drive was connected to my computer.

 

My system seems to be running fine. The fan had been really noisy but it is much quieter now. I haven't noticed any issues. Are there more things you want me to do?

 

Thanks again for all of your help.



#13 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 27 April 2015 - 02:14 PM

Hi vsew1210,

 

Thank you for your patience.  Please do the following:
Uninstall Combofix:

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Combofix_uninstall_image.jpg

 

 

next.....

In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • Delfix will now delete all found traces of our removal process.

If there is still something left please delete it manualy.

 

Please read:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
  •  

:step1: Internet Explorer. Even if you don't use it as your main browser it should be kept up-to-date because that is the browser Windows uses for updates.

Make your Internet Explorer more secure - This can be done by following these simple instructions:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

:step2:  FireFox. If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure:
 
NoScript
AdBlock Plus

:step3:  Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

:step4:  Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
:step5: One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:step6: ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

 

Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 vsew1210

vsew1210
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:24 PM

Posted 29 April 2015 - 12:03 PM

Hello Yilmaz,

 

I apologize for the delay in responding to your last post. My email was down Monday afternoon and I saw your post very early Tuesday morning. I then had some issues that I will show below. 

 

I followed your instructions and deleted ComboFix, ran your delfix (everything deleted except two logs on my desktop that I manually deleted), created a new restore point, and deleted old restore points. My Internet Explorer settings were already set to those that you specified. I use and update an antivirus program and Malwarebytes. I will investigate WinPatrol as you suggested. After completing these items, I shut down my computer to go to work. Until this point my computer had been working well.

 

When i got to the office and started my computer, a screen displayed saying "preparing to configure Windows".  It took more than 45 minutes for my computer to get to the login screen. Once I finally logged in it was extremely slow. Then it started presenting Windows updates in small batches. I always install Windows updates. On April 15th, I installed 15 new updates (these were all of the updates presented to me by Windows Update). My computer was so slow it took most of the day to install a total of 8 updates (additional February updates KB3031432, KB3004375, KB3021952, KB3031432, KB3004375, and April updates KB3013531, KB3020370, KB3048761).

 

My computer seems much better today. Do you think the additional updates needed caused it to be so slow yesterday?

 

Thanks again for all your help.

 

Valerie



#15 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:24 AM

Posted 29 April 2015 - 03:18 PM

Valerie, If you want to, Let's check.

Please post a fresh FRST logfile for my check. (Frst.txt and Additional.txt)

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users