Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran ComboFix, Now all Files and Folders from Desktop are gone.


  • This topic is locked This topic is locked
18 replies to this topic

#1 TCShavasu

TCShavasu

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 07 September 2015 - 10:53 PM

Yes, First thing is don't run ComboFix without being instructed to.

 

That being said, it was still run.

 

It moved the desktop location to C:\Combofix\desktop

There are NO files in that folder.

There were many PDF files and Folders with files in them that have gone missing.

I have searched the entire drive for the missing files and found none.

There is nothing in the log about deleting the files.

 

Here is the log file...

 

ComboFix 15-09-07.01 - Mike 09/07/2015  17:04:36.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12271.10398 [GMT -7:00]
Running from: c:\users\Mike\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msdownld.tmp
c:\windows\SysWow64\regobj.dll
.
.
(((((((((((((((((((((((((   Files Created from 2015-08-08 to 2015-09-08  )))))))))))))))))))))))))))))))
.
.
2015-09-08 00:10 . 2015-09-08 00:10 -------- d-----w- c:\users\Rio\AppData\Local\temp
2015-09-08 00:10 . 2015-09-08 00:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-09-08 00:10 . 2015-09-08 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-07 23:59 . 2015-09-07 23:59 -------- d-----w- C:\OneDriveTemp
2015-09-07 20:57 . 2015-09-07 20:58 -------- d-----w- C:\AdwCleaner
2015-09-07 20:45 . 2015-09-07 20:45 -------- d-----w- c:\program files (x86)\GUMC3BB.tmp
2015-09-07 18:07 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59F49AD9-56A9-4956-A5EB-349E8D6CC44C}\mpengine.dll
2015-09-07 18:06 . 2015-09-07 18:06 -------- d-----w- c:\program files\CCleaner
2015-09-07 18:04 . 2015-09-07 18:08 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-09-07 18:04 . 2015-09-07 18:04 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-09-07 18:04 . 2015-06-18 15:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-09-07 18:04 . 2015-06-18 15:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-09-07 18:04 . 2015-06-18 15:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-09-06 10:05 . 2015-09-06 23:05 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2015-09-03 04:16 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-09-02 04:16 . 2015-07-02 13:18 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F4B1B98D-8611-46BD-B52F-15A0C23BFF23}\gapaengine.dll
2015-08-24 04:32 . 2015-08-24 04:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-08-24 04:32 . 2015-08-24 04:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-08-24 04:32 . 2015-08-24 04:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-08-24 04:32 . 2015-08-24 04:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-08-24 04:32 . 2015-08-24 04:32 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-08-24 04:32 . 2015-08-24 04:32 -------- d-----w- c:\program files (x86)\QuickTime
2015-08-24 04:30 . 2015-08-24 04:30 -------- d-----w- c:\program files (x86)\iTunes
2015-08-24 04:30 . 2015-08-24 04:30 -------- d-----w- c:\program files\iPod
2015-08-24 04:30 . 2015-08-24 04:31 -------- d-----w- c:\program files\iTunes
2015-08-21 02:20 . 2015-09-08 00:00 -------- d-----w- c:\users\Mike\OneDrive
2015-08-21 02:20 . 2015-08-21 02:20 -------- d-----w- c:\program files (x86)\Microsoft OneDrive
2015-08-21 02:20 . 2015-08-21 02:20 -------- d-----w- c:\programdata\Microsoft OneDrive
2015-08-21 02:15 . 2015-08-21 02:14 631504 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-08-21 02:14 . 2015-08-21 02:20 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2015-08-21 02:12 . 2015-08-21 02:12 -------- d-----w- c:\program files\Microsoft Office 15
2015-08-20 10:00 . 2015-08-11 01:20 25191936 ----a-w- c:\windows\system32\mshtml.dll
2015-08-20 10:00 . 2015-08-11 01:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-20 10:00 . 2015-08-11 00:33 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-18 02:44 . 2015-08-18 03:31 -------- d-----w- c:\program files (x86)\Magical Jelly Bean
2015-08-13 11:32 . 2015-08-13 11:32 4608 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\MSEnv\PublicAssemblies\extensibility.dll
2015-08-13 11:31 . 2015-08-13 11:31 5132888 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
2015-08-13 11:31 . 2015-08-13 11:31 2230360 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL
2015-08-13 11:31 . 2015-08-13 11:31 204376 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
2015-08-13 11:31 . 2015-08-13 11:31 189136 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\LICLUA.EXE
2015-08-13 11:31 . 2015-08-13 11:31 1833560 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL
2015-08-13 11:31 . 2015-08-13 11:31 150600 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2015-08-13 11:31 . 2015-08-13 11:31 147032 ----a-w- c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL
2015-08-13 11:31 . 2015-08-13 11:31 14432 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\pkeyconfig.companion.dll
2015-08-13 11:31 . 2015-08-13 11:31 1274456 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\pidgenx.dll
2015-08-13 11:31 . 2015-08-13 11:31 179800 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
2015-08-13 11:31 . 2015-08-13 11:31 1653336 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL
2015-08-12 10:15 . 2015-07-30 13:13 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 10:15 . 2015-07-30 13:13 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 05:18 . 2015-07-15 18:11 362496 ----a-w- c:\windows\system32\wow64win.dll
2015-08-12 05:17 . 2015-07-30 18:06 41984 ----a-w- c:\windows\system32\lpk.dll
2015-08-10 23:59 . 2015-08-10 23:59 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-03 08:18 . 2015-06-19 01:23 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2015-09-03 08:17 . 2015-06-27 08:35 2877080 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-09-03 08:17 . 2015-06-27 08:35 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-08-13 01:22 . 2014-06-04 00:04 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-13 01:22 . 2014-06-04 00:04 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-08-12 10:01 . 2013-11-07 19:28 132483416 ----a-w- c:\windows\system32\MRT.exe
2015-08-12 08:45 . 2015-06-27 08:35 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2015-08-12 08:45 . 2015-06-19 01:23 2877080 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-08-12 08:45 . 2015-06-19 01:23 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-08-06 18:43 . 2015-08-06 18:43 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2015-08-06 18:43 . 2015-08-06 18:43 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2015-07-15 17:54 . 2015-08-12 05:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-07-11 02:33 . 2015-07-11 02:33 4587520 ----a-w- c:\windows\SysWow64\GPhotos.scr
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-07-04 18:07 . 2015-07-15 15:12 2087424 ----a-w- c:\windows\system32\ole32.dll
2015-07-04 17:48 . 2015-07-15 15:12 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-02 13:18 . 2014-06-12 21:20 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-06-19 01:23 . 2015-06-19 01:23 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2015-06-17 17:47 . 2015-07-15 15:13 404992 ----a-w- c:\windows\system32\gdi32.dll
2015-06-17 17:37 . 2015-07-15 15:13 312320 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-17 08:01 . 2015-06-17 08:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-06-15 21:50 . 2015-07-15 15:12 112064 ----a-w- c:\windows\system32\consent.exe
2015-06-15 21:45 . 2015-07-15 15:12 3242496 ----a-w- c:\windows\system32\msi.dll
2015-06-15 21:45 . 2015-07-15 15:12 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-06-15 21:45 . 2015-07-15 15:12 1941504 ----a-w- c:\windows\system32\authui.dll
2015-06-15 21:45 . 2015-07-15 15:12 70656 ----a-w- c:\windows\system32\appinfo.dll
2015-06-15 21:44 . 2015-07-15 15:12 128000 ----a-w- c:\windows\system32\msiexec.exe
2015-06-15 21:43 . 2015-07-15 15:12 2364416 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-15 21:43 . 2015-07-15 15:12 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-06-15 21:43 . 2015-07-15 15:12 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-06-15 21:42 . 2015-07-15 15:12 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-15 21:42 . 2015-07-15 15:12 25088 ----a-w- c:\windows\system32\msimsg.dll
2015-06-15 21:37 . 2015-07-15 15:12 25088 ----a-w- c:\windows\SysWow64\msimsg.dll
2015-06-11 17:56 . 2015-07-15 15:12 1112576 ----a-w- c:\windows\system32\rdpcorets.dll
2015-06-11 17:16 . 2015-07-15 15:12 162816 ----a-w- c:\windows\system32\rdpudd.dll
2015-06-11 17:15 . 2015-07-15 15:12 20992 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-08-26 23:39 1585760 ----a-w- c:\users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-08-26 23:39 1585760 ----a-w- c:\users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-08-26 23:39 1585760 ----a-w- c:\users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-08-26 23:39 1585760 ----a-w- c:\users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-08-26 23:39 1585760 ----a-w- c:\users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-08-21 02:15 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-08-21 02:15 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-08-21 02:15 1729752 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 189464 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2014-02-09 20:34 194896 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2014-02-09 20:37 194896 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dropbox Update"="c:\users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe" [2015-06-16 134512]
"OneDrive"="c:\users\Mike\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2015-08-26 404064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"PowerPDF Registry Controller"="c:\program files (x86)\Nuance\Power PDF\RegistryController.exe" [2014-09-06 193560]
.
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-4 39175960]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Nuance Cloud Connector.lnk - c:\program files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe [2014-2-9 88400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S2 Agent;VPDAgent;c:\windows\VPDAgent_x64.exe;c:\windows\VPDAgent_x64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 GladFileMonSvc;GladFileMonSvc;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe;c:\program files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [x]
S2 Neat Startup Service;Neat Startup Service;c:\program files (x86)\Neat\exec\NeatStartupService.exe;c:\program files (x86)\Neat\exec\NeatStartupService.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-14 00:37 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-04 01:22]
.
2015-09-04 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2009372603-1806460082-3326059286-1000Core.job
- c:\users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 04:07]
.
2015-09-07 c:\windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2009372603-1806460082-3326059286-1000UA.job
- c:\users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-16 04:07]
.
2015-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08 03:37]
.
2015-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08 03:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-08-26 23:39 1636040 ----a-w- c:\users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2015-08-26 23:39 1636040 ----a-w- c:\users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2015-08-26 23:39 1636040 ----a-w- c:\users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-08-26 23:39 1636040 ----a-w- c:\users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-08-26 23:39 1636040 ----a-w- c:\users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-08-21 02:15 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-08-21 02:15 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-08-21 02:15 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt1"]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt2"]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt3"]
@="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt4"]
@="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt5"]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt6"]
@="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt7"]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\"DropboxExt8"]
@="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
2015-08-14 08:16 226328 ----a-w- c:\users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2014-02-09 20:34 208208 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2014-02-09 20:38 195920 ----a-w- c:\program files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-08-13 170256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;*.local;localhost
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Open with Convert Assistant - c:\program files (x86)\Nuance\Power PDF\cnvres_eng.dll /100
IE: Open with Power PDF - c:\program files (x86)\Nuance\Power PDF\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-09-07  17:12:50
ComboFix-quarantined-files.txt  2015-09-08 00:12
ComboFix2.txt  2014-06-05 22:27
.
Pre-Run: 1,641,839,620,096 bytes free
Post-Run: 1,641,651,646,464 bytes free
.
- - End Of File - - CE3B7050DDC4041FD057D01681C52707
A36C5E4F47E84449FF07ED3517B43A31
 


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 10 September 2015 - 05:01 PM

Greetings TCShavasu and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

This is the second time you have run Combofix. Was the first time recently or was it last year?

Why was it necessary to run Combofix now? What problems were you having?

Please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:folderfind
*Qoobox* /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply or, if necessary zip and attach the file.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Reply to questions
  • SystemLook report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 TCShavasu

TCShavasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 11 September 2015 - 11:03 AM

This is a friends PC, I didn't know he had ever run ComboFix or knew what it was.

I ran it because Malwarebytes found some infections and I knew ComboFix would look deeper and might find something that Malware bytes didn't.

After it finished all the files and folders on the desktop were gone, all that was left were the Icons for installed programs.

I looked in the User folder and the Desktop Folder was missing. I did a search and found it in the C;\ComboFix folder.

It was empty and so I moved the location back to C:\Users\Mike folder and told it to move all contents also.

Unfortunately it was still empty. I then told him we need to contact someone for help.

 

Thanks in advance.

 

Here is the SystemLook log and a screen shot of the Qoobox folder

 

SystemLook 30.07.11 by jpshortstuff
Log created at 08:40 on 11/09/2015 by Mike
Administrator - Elevation successful
 
========== folderfind ==========
 
Searching for "*Qoobox* /s"
No folders found.
 
-= EOF =-
 
Qoobox.png


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 11 September 2015 - 11:27 AM

That is what I was afraid of. Shall I assume once you were done you uninstalled Combofix and if so how did you do it?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 TCShavasu

TCShavasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 11 September 2015 - 11:30 AM

I have not uninstalled combofix... only searched for missing files and folders so far.

Really didn't know you can install combofix, Last time I ran it on a PC was a few years ago.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 11 September 2015 - 11:45 AM

I need to try to figure out what happened and what options we have, if any. Please allow me some time to do some testing on my own computers to try to recreate what might have gone wrong then test to see if there is anything we can do about it.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 11 September 2015 - 12:10 PM

Could you copy and paste the Combofix-quarantined-files.txt document in the screen shot in your reply?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 TCShavasu

TCShavasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 11 September 2015 - 12:45 PM

Here it is

 

2014-06-05 22:27:50 . 2014-06-05 22:27:50              512 ----a-w-  C:\Qoobox\Quarantine\MBR_HardDisk0.mbr
2014-06-05 22:27:00 . 2014-06-05 22:27:00              173 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat
2014-06-05 22:26:58 . 2014-06-05 22:26:58              377 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47}.reg.dat
2014-06-05 22:26:51 . 2014-06-05 22:26:51              179 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-HP Software Update.reg.dat
2014-06-05 22:26:50 . 2015-09-08 00:11:37              104 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat
2014-06-05 22:26:50 . 2014-06-05 22:26:50              898 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-BHO-{47F3EB15-C230-4A0B-BE4B-D527FF483B48}.reg.dat
2014-06-05 22:24:54 . 2015-09-08 00:08:25            7,656 ----a-w-  C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2014-06-05 22:20:17 . 2015-09-08 00:02:33              102 ----a-w-  C:\Qoobox\Quarantine\catchme.log
2014-05-21 23:24:40 . 2014-05-21 23:24:40              147 ----a-w-  C:\Qoobox\Quarantine\C\Users\Desiree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlnkahpbdjgibmlifdiomcnojgdcmogp\2.2\background.html.vir
2014-05-21 23:24:40 . 2014-05-21 23:24:40              505 ----a-w-  C:\Qoobox\Quarantine\C\Users\Desiree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlnkahpbdjgibmlifdiomcnojgdcmogp\2.2\manifest.json.vir
2014-05-21 23:24:40 . 2014-05-21 23:24:40              144 ----a-w-  C:\Qoobox\Quarantine\C\Users\Desiree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlnkahpbdjgibmlifdiomcnojgdcmogp\2.2\content.js.vir
2014-05-21 23:24:40 . 2014-05-21 23:24:40              531 ----a-w-  C:\Qoobox\Quarantine\C\Users\Desiree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlnkahpbdjgibmlifdiomcnojgdcmogp\2.2\lsdb.js.vir
2014-04-23 22:48:14 . 2014-04-23 22:48:14              149 ----a-w-  C:\Qoobox\Quarantine\C\Users\Desiree\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoomiogmoocmnimjmngeilidhjjdchlg\1.0\background.html.vir
2014-04-23 22:48:14 . 2014-04-23 22:48:14              504 ----a-w-  C:\Qoobox\Quarantine\C\Users\Desiree\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoomiogmoocmnimjmngeilidhjjdchlg\1.0\manifest.json.vir
2014-04-23 22:48:14 . 2014-04-23 22:48:14              144 ----a-w-  C:\Qoobox\Quarantine\C\Users\Desiree\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoomiogmoocmnimjmngeilidhjjdchlg\1.0\content.js.vir
2014-04-23 22:48:14 . 2014-04-23 22:48:14              531 ----a-w-  C:\Qoobox\Quarantine\C\Users\Desiree\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoomiogmoocmnimjmngeilidhjjdchlg\1.0\lsdb.js.vir
2014-04-23 22:35:38 . 2014-04-23 22:35:38          152,720 ----a-w-  C:\Qoobox\Quarantine\C\ProgramData\MovieMode\up\2.6.78\MovieMode64.exe.vir
2013-12-14 12:28:13 . 2014-05-21 23:24:40           89,987 ----a-w-  C:\Qoobox\Quarantine\C\Users\Desiree\AppData\Local\Google\Chrome\User Data\Default\Preferences.vir
2013-02-16 13:58:07 . 2013-02-16 13:58:16        1,386,329 ----a-w-  C:\Qoobox\Quarantine\C\Users\Mike\Documents\~WRD0000.tmp.vir
1997-06-25 21:24:16 . 1997-06-25 21:24:16           40,448 ----a-w-  C:\Qoobox\Quarantine\C\Windows\SysWOW64\regobj.dll.vir


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 11 September 2015 - 02:13 PM

Thank you,

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST report
  • Addition report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 TCShavasu

TCShavasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 11 September 2015 - 02:24 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Mike (administrator) on MIKE-PC (11-09-2015 12:20:46)
Running from C:\Users\Mike\Desktop
Loaded Profiles: Mike (Available Profiles: Mike & Rio)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Two Pilots) C:\Windows\VPDAgent_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Users\Mike\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [PowerPDF Registry Controller] => C:\Program Files (x86)\Nuance\Power PDF\RegistryController.exe [193560 2014-09-06] (Nuance Communications, Inc.)
HKU\S-1-5-21-2009372603-1806460082-3326059286-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53655680 2015-07-28] (Skype Technologies S.A.)
HKU\S-1-5-21-2009372603-1806460082-3326059286-1000\...\Run: [Dropbox Update] => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-15] (Dropbox, Inc.)
HKU\S-1-5-21-2009372603-1806460082-3326059286-1000\...\Run: [OneDrive] => C:\Users\Mike\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-26] (Microsoft Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon.dll [2014-02-09] (Gladinet, INC)
ShellIconOverlayIdentifiers: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU.dll [2014-02-09] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [GladinetIconOverlay] -> {3C3DC57A-7535-48AF-BB9E-C3576A4F34D0} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIcon32.dll [2014-02-09] (Gladinet, INC)
ShellIconOverlayIdentifiers-x32: [GladinetUploading] -> {959A18D3-9CC9-41e8-B76F-34ED9A89D4EA} => C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GlOverlayIconU32.dll [2014-02-09] (Gladinet, INC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-11-07]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nuance Cloud Connector.lnk [2015-02-12]
ShortcutTarget: Nuance Cloud Connector.lnk -> C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladLauncher.exe ()
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-01-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-07-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.1.1
Tcpip\..\Interfaces\{02C0F99A-E930-4B74-9CD5-32B2A0A45454}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{726C421D-CACF-4C75-9E0E-671B82D4A67B}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{F5CE8F75-9282-4DA4-9A48-FFB75832EE9A}: [DhcpNameServer] 208.180.42.68 208.180.42.100 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2009372603-1806460082-3326059286-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000 -> {A485DE34-6B12-4389-BA14-4236C62E0CCF} URL = hxxps://www.google.com/search?q={searchTerms}
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-20] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-20] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\Power PDF\bin\nppdf.dll [2014-03-07] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-2009372603-1806460082-3326059286-1000: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin HKU\S-1-5-21-2009372603-1806460082-3326059286-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-18] (Unity Technologies ApS)
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home6876\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode424\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release619\ff [not found]
 
Chrome: 
=======
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-07]
CHR Extension: (No Name) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcpjemfpcjonokgbnadafdmdpmplgfej [2015-07-30]
CHR Extension: (No Name) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmiakgaclgjjplnkanffafceihbhhild [2015-08-23]
CHR Extension: (No Name) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-07]
CHR Profile: C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-07]
CHR Extension: (Google Drive) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-09-07]
CHR Extension: (YouTube) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-07]
CHR Extension: (Google Search) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-07]
CHR Extension: (Google Sheets) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]
CHR Extension: (Gmail) - C:\Users\Mike\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-11-14] (Two Pilots) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-05-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [30032 2014-02-09] (Gladinet, INC)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [25600 2015-01-16] (The Neat Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [116736 2010-01-28] (ATI Technologies, Inc.) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 12:20 - 2015-09-11 12:21 - 00021591 _____ C:\Users\Mike\Desktop\FRST.txt
2015-09-11 12:20 - 2015-09-11 12:20 - 00000000 ____D C:\FRST
2015-09-11 12:20 - 2015-09-11 12:15 - 02190848 _____ (Farbar) C:\Users\Mike\Desktop\FRST64.exe
2015-09-11 12:19 - 2015-09-11 12:19 - 00000000 ___HD C:\OneDriveTemp
2015-09-11 08:40 - 2015-09-11 09:04 - 00000432 _____ C:\SystemLook.txt
2015-09-11 08:38 - 2015-09-10 18:37 - 00165376 _____ C:\SystemLook_x64.exe
2015-09-10 21:02 - 2015-08-17 18:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-10 21:02 - 2015-08-17 18:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-10 21:02 - 2015-08-14 23:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-10 21:02 - 2015-08-14 23:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-10 21:02 - 2015-08-14 23:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-10 21:02 - 2015-08-14 23:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-10 21:02 - 2015-08-14 23:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-10 21:02 - 2015-08-14 23:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-10 21:02 - 2015-08-14 23:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-10 21:02 - 2015-08-14 23:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-10 21:02 - 2015-08-14 23:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-10 21:02 - 2015-08-14 23:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-10 21:02 - 2015-08-14 23:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-10 21:02 - 2015-08-14 23:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-10 21:02 - 2015-08-14 23:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-10 21:02 - 2015-08-14 23:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-10 21:02 - 2015-08-14 23:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-10 21:02 - 2015-08-14 23:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-10 21:02 - 2015-08-14 23:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-10 21:02 - 2015-08-14 23:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-10 21:02 - 2015-08-14 22:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-10 21:02 - 2015-08-14 22:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-10 21:02 - 2015-08-14 22:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-10 21:02 - 2015-08-14 22:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-10 21:02 - 2015-08-14 22:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-10 21:02 - 2015-08-14 22:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-10 21:02 - 2015-08-14 22:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-10 21:02 - 2015-08-14 22:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-10 21:02 - 2015-08-14 22:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-10 21:02 - 2015-08-14 22:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-10 21:02 - 2015-08-14 22:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-10 21:02 - 2015-08-14 22:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-10 21:02 - 2015-08-14 22:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-10 21:02 - 2015-08-14 22:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-10 21:02 - 2015-08-14 22:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-10 21:02 - 2015-08-14 22:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-10 21:02 - 2015-08-14 22:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-10 21:02 - 2015-08-14 22:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-10 21:02 - 2015-08-14 22:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-10 21:02 - 2015-08-14 22:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-10 21:02 - 2015-08-14 22:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-10 21:02 - 2015-08-14 22:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-10 21:02 - 2015-08-14 22:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-10 21:02 - 2015-08-14 22:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-10 21:02 - 2015-08-14 22:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-10 21:02 - 2015-08-14 22:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-10 21:02 - 2015-08-14 22:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-10 21:02 - 2015-08-14 22:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-10 21:02 - 2015-08-14 22:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-10 21:02 - 2015-08-14 22:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-10 21:02 - 2015-08-14 22:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-10 21:02 - 2015-08-14 22:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-10 21:02 - 2015-08-14 22:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-10 21:02 - 2015-08-14 22:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-10 21:02 - 2015-08-14 22:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-10 21:02 - 2015-08-14 21:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-10 21:02 - 2015-08-14 21:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-10 21:02 - 2015-08-14 21:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-10 21:02 - 2015-08-14 21:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-10 21:02 - 2015-08-14 21:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-10 21:02 - 2015-08-05 10:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-10 21:02 - 2015-08-05 10:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-10 21:02 - 2015-08-05 10:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-10 21:02 - 2015-08-05 10:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-10 21:02 - 2015-08-04 11:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-09-10 21:02 - 2015-08-04 11:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-09-10 21:02 - 2015-08-04 10:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-10 21:02 - 2015-08-04 10:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-10 21:02 - 2015-08-04 10:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-10 21:02 - 2015-08-04 10:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-10 21:02 - 2015-08-04 10:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-10 21:02 - 2015-08-04 10:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-10 21:02 - 2015-08-04 09:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-10 21:02 - 2015-07-14 20:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-10 21:02 - 2015-07-14 19:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-10 21:01 - 2015-09-01 20:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-10 21:01 - 2015-09-01 20:04 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-10 21:01 - 2015-09-01 20:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-10 21:01 - 2015-09-01 20:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-10 21:01 - 2015-09-01 19:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-10 21:01 - 2015-09-01 19:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-10 21:01 - 2015-09-01 19:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-10 21:01 - 2015-09-01 19:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-10 21:01 - 2015-09-01 18:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-10 21:01 - 2015-09-01 18:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-10 21:01 - 2015-09-01 18:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-10 21:01 - 2015-08-26 11:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-10 21:01 - 2015-08-26 11:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-10 21:01 - 2015-08-26 11:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-10 21:01 - 2015-08-26 11:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-10 21:01 - 2015-08-26 11:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-10 21:01 - 2015-08-26 11:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-10 21:01 - 2015-08-26 11:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-10 21:01 - 2015-08-26 11:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-10 21:01 - 2015-08-26 11:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-10 21:01 - 2015-08-26 11:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-10 21:01 - 2015-08-26 11:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-10 21:01 - 2015-08-26 10:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-10 21:01 - 2015-08-26 10:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-10 21:01 - 2015-08-26 10:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-10 21:01 - 2015-08-26 10:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-10 21:01 - 2015-08-26 10:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-08 08:40 - 2015-09-08 08:42 - 00000000 ____D C:\Program Files (x86)\PowerDataRecovery
2015-09-08 08:40 - 2015-09-08 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery 6.6
2015-09-07 20:00 - 2015-09-07 20:00 - 00000000 ____D C:\Users\Mike\Desktop\Cindy's stuff
2015-09-07 19:55 - 2015-09-07 20:00 - 00000000 ____D C:\Users\Mike\Desktop\Cindys Samsung S3
2015-09-07 19:54 - 2015-09-07 19:54 - 00000000 ____D C:\Users\Mike\Desktop\House warming Party
2015-09-07 19:48 - 2015-09-07 19:48 - 00000000 ____D C:\Users\Mike\Desktop\Costa Rica pics
2015-09-07 19:47 - 2015-09-07 19:47 - 00000000 ____D C:\Users\Mike\Desktop\Microsoft Office 2013
2015-09-07 19:47 - 2015-09-07 19:47 - 00000000 ____D C:\Users\Mike\Desktop\Desiree
2015-09-07 19:47 - 2015-09-07 19:47 - 00000000 ____D C:\Users\Mike\Desktop\Cavitation Lipo research 2
2015-09-07 19:47 - 2015-09-07 18:46 - 00182272 ___SH C:\Users\Mike\Desktop\Thumbs.db
2015-09-07 19:47 - 2015-08-20 19:15 - 00002413 _____ C:\Users\Mike\Desktop\Word 2013.lnk
2015-09-07 19:47 - 2015-05-18 14:44 - 00001599 _____ C:\Users\Mike\Desktop\Financial - Shortcut.lnk
2015-09-07 19:47 - 2015-05-12 10:34 - 00001053 _____ C:\Users\Mike\Desktop\Dropbox.lnk
2015-09-07 19:47 - 2015-03-13 11:14 - 00000892 _____ C:\Users\Mike\Desktop\Downloads.lnk
2015-09-07 19:47 - 2015-01-11 19:06 - 00002004 _____ C:\Users\Mike\Desktop\Kindle.lnk
2015-09-07 19:47 - 2014-06-23 14:57 - 00001443 _____ C:\Users\Mike\Desktop\UninstallNeat - Shortcut.lnk
2015-09-07 19:47 - 2014-06-06 11:03 - 00001549 _____ C:\Users\Mike\Desktop\Internet Explorer.lnk
2015-09-07 19:47 - 2013-12-30 06:37 - 00001474 _____ C:\Users\Mike\Desktop\Advanced Ultrasound docs - Shortcut.lnk
2015-09-07 19:47 - 2013-12-05 15:35 - 00009177 _____ C:\Users\Mike\Desktop\Advanced Ultrasound docs - Shortcut (2).lnk
2015-09-07 19:47 - 2013-11-07 13:33 - 00002693 _____ C:\Users\Mike\Desktop\Microsoft Office Outlook 2007.lnk
2015-09-07 19:47 - 2013-11-07 13:33 - 00002655 _____ C:\Users\Mike\Desktop\Microsoft Office Excel 2007.lnk
2015-09-07 19:47 - 2013-11-07 13:33 - 00002645 _____ C:\Users\Mike\Desktop\Microsoft Office PowerPoint 2007.lnk
2015-09-07 19:47 - 2013-03-27 12:17 - 00001129 _____ C:\Users\Mike\Desktop\Desirees documents - Shortcut.lnk
2015-09-07 19:47 - 2012-12-28 17:39 - 00001771 _____ C:\Users\Mike\Desktop\eDiving.lnk
2015-09-07 18:05 - 2015-09-07 18:05 - 00398752 _____ (Bleeping Computer, LLC) C:\unhide.exe
2015-09-07 17:12 - 2015-09-07 17:12 - 00043250 _____ C:\ComboFix.txt
2015-09-07 13:57 - 2015-09-07 13:58 - 00000000 ____D C:\AdwCleaner
2015-09-07 13:46 - 2015-09-07 19:38 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-07 13:45 - 2015-09-07 13:46 - 05635119 _____ (Swearware) C:\Users\Mike\Downloads\ComboFix.exe
2015-09-07 13:45 - 2015-09-07 13:45 - 00000000 ____D C:\Program Files (x86)\GUMC3BB.tmp
2015-09-07 13:44 - 2015-09-07 13:44 - 01799392 _____ (Malwarebytes Corporation) C:\Users\Mike\Downloads\JRT.exe
2015-09-07 13:44 - 2015-09-07 13:44 - 01654784 _____ C:\Users\Mike\Downloads\AdwCleaner.exe
2015-09-07 13:41 - 2015-09-11 12:19 - 00000684 _____ C:\Windows\setupact.log
2015-09-07 13:41 - 2015-09-07 13:59 - 00474606 _____ C:\Windows\PFRO.log
2015-09-07 13:41 - 2015-09-07 13:41 - 00000000 _____ C:\Windows\setuperr.log
2015-09-07 11:09 - 2015-09-11 12:03 - 00518078 _____ C:\Windows\WindowsUpdate.log
2015-09-07 11:06 - 2015-09-07 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-09-07 11:06 - 2015-09-07 11:06 - 00000000 ____D C:\Program Files\CCleaner
2015-09-07 11:05 - 2015-09-07 11:05 - 06667640 _____ (Piriform Ltd) C:\Users\Mike\Downloads\ccsetup509.exe
2015-09-07 11:04 - 2015-09-07 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-07 11:04 - 2015-09-07 11:08 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-07 11:04 - 2015-09-07 11:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-07 11:04 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-07 11:04 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-09-07 11:04 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-09-07 11:03 - 2015-09-07 11:03 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Mike\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-06 03:05 - 2015-09-06 16:05 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2015-09-03 07:07 - 2015-09-03 07:07 - 00709960 _____ C:\Users\Mike\Downloads\SetupStart.exe
2015-08-23 21:32 - 2015-08-23 21:32 - 00001857 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-23 21:32 - 2015-08-23 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-23 21:32 - 2015-08-23 21:32 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-08-23 21:31 - 2015-08-23 21:31 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-23 21:31 - 2015-08-23 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-23 21:30 - 2015-08-23 21:31 - 00000000 ____D C:\Program Files\iTunes
2015-08-23 21:30 - 2015-08-23 21:30 - 00000000 ____D C:\Program Files\iPod
2015-08-23 21:30 - 2015-08-23 21:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-20 19:20 - 2015-09-11 12:19 - 00000000 ____D C:\Users\Mike\OneDrive
2015-08-20 19:20 - 2015-08-26 16:39 - 00002168 _____ C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-08-20 19:20 - 2015-08-20 19:20 - 00002116 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-08-20 19:20 - 2015-08-20 19:20 - 00002116 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-08-20 19:20 - 2015-08-20 19:20 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-20 19:20 - 2015-08-20 19:20 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-08-20 19:14 - 2015-08-20 19:14 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-08-20 19:12 - 2015-08-20 19:12 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-20 19:11 - 2015-08-20 19:11 - 01102520 _____ (Microsoft Corporation) C:\Users\Mike\Downloads\Setup.X86.en-us_O365BusinessRetail_b6e2748c-70c1-4535-affe-1e31a839f6ae_TX_PR_.exe
2015-08-20 08:22 - 2015-08-20 08:22 - 00945523 _____ C:\Users\Mike\Downloads\SoftwareUpdater2015 (1).zip
2015-08-20 08:18 - 2015-08-20 08:18 - 00945401 _____ C:\Users\Mike\Downloads\SoftwareUpdater2015.zip
2015-08-17 20:30 - 2015-08-17 20:31 - 01178272 _____ (Magical Jelly Bean ) C:\Users\Mike\Downloads\KeyFinderInstaller (1).exe
2015-08-17 19:44 - 2015-08-17 20:31 - 00001098 _____ C:\Users\Public\Desktop\KeyFinder.lnk
2015-08-17 19:44 - 2015-08-17 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2015-08-17 19:44 - 2015-08-17 20:31 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean
2015-08-17 19:43 - 2015-08-17 19:43 - 01178272 _____ (Magical Jelly Bean ) C:\Users\Mike\Downloads\KeyFinderInstaller.exe
2015-08-17 15:10 - 2015-08-17 15:10 - 00026112 _____ C:\Users\Mike\Downloads\Price Sheet A Sculpted 10 8-17-2015.xls
2015-08-17 11:00 - 2015-08-17 11:00 - 00000000 ____D C:\Users\Mike\Downloads\.picasaoriginals
2015-08-12 03:15 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 03:15 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 12:20 - 2015-04-07 22:03 - 00000000 ___RD C:\Users\Mike\Dropbox
2015-09-11 12:20 - 2015-02-16 12:35 - 00000000 ____D C:\Users\Mike\AppData\Local\gladinet
2015-09-11 12:20 - 2015-01-06 09:49 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Dropbox
2015-09-11 12:20 - 2014-02-17 09:19 - 00000000 ____D C:\Users\Mike\AppData\Roaming\Skype
2015-09-11 12:19 - 2013-11-07 20:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-11 12:19 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-11 12:03 - 2013-11-07 12:28 - 00000000 ____D C:\Windows\system32\MRT
2015-09-11 11:48 - 2013-11-07 20:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-11 11:22 - 2014-06-03 17:04 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-11 11:17 - 2015-06-15 21:07 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2009372603-1806460082-3326059286-1000UA.job
2015-09-11 10:49 - 2009-07-13 21:45 - 00024096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-11 10:49 - 2009-07-13 21:45 - 00024096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-11 10:46 - 2009-07-13 22:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-11 09:30 - 2009-07-13 21:45 - 00441536 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-11 09:28 - 2010-11-21 00:16 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-11 09:28 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-11 08:49 - 2013-11-07 13:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-10 20:49 - 2014-06-07 14:59 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-08 08:43 - 2013-11-07 20:37 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-08 08:43 - 2013-11-07 20:37 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-07 19:48 - 2014-06-05 15:20 - 00000000 ____D C:\ComboFix
2015-09-07 19:47 - 2013-11-07 12:22 - 00000000 ____D C:\Users\Mike
2015-09-07 19:39 - 2015-04-13 19:58 - 00000000 ____D C:\Users\Rio
2015-09-07 19:38 - 2014-06-05 15:20 - 00000000 ____D C:\Windows\erdnt
2015-09-07 19:38 - 2014-06-05 15:20 - 00000000 ____D C:\Qoobox
2015-09-07 19:38 - 2010-11-21 00:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-09-07 19:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2015-09-07 19:38 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2015-09-07 13:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\IME
2015-09-07 11:08 - 2014-06-14 20:21 - 00000000 ____D C:\Users\Mike\AppData\Local\CrashDumps
2015-09-07 11:08 - 2014-03-31 04:43 - 00000000 ____D C:\Windows\Minidump
2015-09-07 11:08 - 2013-11-07 12:10 - 00000000 ____D C:\Windows\Panther
2015-09-07 10:56 - 2015-04-07 22:12 - 00000000 ____D C:\Users\Mike\.android
2015-09-03 17:48 - 2014-03-28 12:33 - 00000000 ____D C:\ProgramData\TEMP
2015-09-03 17:17 - 2015-06-15 21:07 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2009372603-1806460082-3326059286-1000Core.job
2015-08-27 13:22 - 2013-11-07 17:10 - 00000000 ____D C:\Users\Public\Documents\Neat ADF Scanner
2015-08-27 13:20 - 2014-06-23 15:24 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-26 18:37 - 2013-11-07 12:28 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-26 09:04 - 2013-11-07 13:29 - 00000000 ____D C:\Users\Mike\AppData\Local\Microsoft Help
2015-08-23 21:30 - 2015-06-28 23:10 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-08-23 21:30 - 2013-11-19 17:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-21 15:16 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-08-20 22:00 - 2013-11-07 13:08 - 00111048 _____ C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-20 19:14 - 2013-11-07 13:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-08-20 19:13 - 2013-11-07 12:22 - 00000000 ____D C:\Users\Mike\AppData\Local\VirtualStore
2015-08-20 14:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-08-17 11:00 - 2015-07-28 19:40 - 00000167 _____ C:\Users\Mike\Downloads\.picasa.ini
2015-08-15 17:55 - 2014-02-17 09:19 - 00000000 ____D C:\ProgramData\Skype
2015-08-12 18:22 - 2014-06-03 17:04 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 18:22 - 2014-06-03 17:04 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 18:22 - 2014-06-03 17:04 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-12 04:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2013-12-18 11:39 - 2014-06-03 08:48 - 0000127 _____ () C:\Users\Mike\AppData\Roaming\WB.CFG
2015-06-03 17:49 - 2015-06-03 22:25 - 0013824 _____ () C:\Users\Mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-12-05 14:15 - 2013-12-05 14:15 - 0004096 _____ () C:\Users\Mike\AppData\Local\keyfile3.drm
2013-11-07 17:34 - 2014-06-04 14:46 - 0002298 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Users\Mike\DJ_AIO_06_F4500_USW_Full_Win_enu_140_175.exe
 
 
Some files in TEMP:
====================
C:\Users\Mike\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6bre8m.dll
C:\Users\Mike\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-11 09:25
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Mike (2015-09-11 12:22:03)
Running from C:\Users\Mike\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-11-07 19:22:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2009372603-1806460082-3326059286-500 - Administrator - Disabled)
Guest (S-1-5-21-2009372603-1806460082-3326059286-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2009372603-1806460082-3326059286-1004 - Limited - Enabled)
Mike (S-1-5-21-2009372603-1806460082-3326059286-1000 - Administrator - Enabled) => C:\Users\Mike
Rio (S-1-5-21-2009372603-1806460082-3326059286-1005 - Limited - Enabled) => C:\Users\Rio
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
AERIS Computer Interface 2.x (HKLM-x32\...\{3A3A4E93-2ECC-4569-99E8-C24E1BBC08B4}) (Version: 2.2.9 - AERIS)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Artweaver Plus 5 (HKLM\...\{FC83BBE7-A4B5-4A2E-A54F-0E9FA71B99F8}_is1) (Version: 5.0 - Boris Eyrich Software)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
ATI AVIVO64 Codecs (Version: 11.6.0.10524 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{3FD3FC64-DA16-318E-DFD5-57466FF5FEB5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_F4500_SW_MIN (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2009372603-1806460082-3326059286-1000\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
dsdminst (x32 Version: 1.01.0005 - Brother Industries, Ltd.) Hidden
F4500 (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HydraVision (x32 Version: 4.2.206.0 - ATI Technologies Inc.) Hidden
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2009372603-1806460082-3326059286-1000\...\OneDriveSetup.exe) (Version: 17.3.5930.0814 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Power Data Recovery (HKLM-x32\...\MiniTool Power Data Recovery_is1) (Version:  - MiniTool Solution Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.6.1.374 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.5 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.5 - The Neat Company)
Neat Core Files (x32 Version: 5.6.1.374 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.5 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.4 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nuance Cloud Connector (HKLM-x32\...\{EAA35115-7313-496C-8EEC-A281CF95B876}) (Version: 3.2.1156 - Nuance Communications, Inc.)
Nuance Power PDF Standard (HKLM\...\{060FB777-EBDB-4F02-8A6E-74A66CFC94B2}) (Version: 1.00.8406 - Nuance Communications, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-2009372603-1806460082-3326059286-1000\...\UnityWebPlayer) (Version: 4.6.3f1 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\40FDF49A126BA2F6545D5FB7793D913E7262022F) (Version: 03/30/2010 2.06.02 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (03/30/2010 2.06.02) (HKLM\...\A1621EEC54C7A6698F35386FBF38092B429F59AA) (Version: 03/30/2010 2.06.02 - FTDI)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mike\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2009372603-1806460082-3326059286-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Mike\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
07-09-2015 13:45:31 JRT Pre-Junkware Removal
07-09-2015 14:01:44 JRT Pre-Junkware Removal
07-09-2015 20:31:32 JRT Pre-Junkware Removal
10-09-2015 21:04:59 Windows Update
11-09-2015 08:41:19 Windows Update
11-09-2015 11:58:50 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2014-06-05 15:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0584E862-E132-4205-AF5B-C783870F29FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {1CC2A0E6-B19D-478B-9E56-BAAB1E4BD5FF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {2128EBCE-6D05-477F-B588-E3E4CB834FDA} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2009372603-1806460082-3326059286-1000Core => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-15] (Dropbox, Inc.)
Task: {320D9C89-3CB0-444B-BAB6-177207D58045} - \DriverUpdate Scan -> No File <==== ATTENTION
Task: {3233D057-C9D2-4DF6-9E8F-043B757F9AA2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {401A4DEF-2A9A-42A1-A2E6-9B68061965C7} - \DriverUpdate Startup -> No File <==== ATTENTION
Task: {4A6A0312-663B-4439-BE64-44A5D9F1D997} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {55CA954F-341D-4734-B113-6359B8181D68} - System32\Tasks\{4337DEA7-127A-4543-9776-656AA4755C11} => pcalua.exe -a C:\ProgramData\MovieMode\uninstall.exe -c /kb=y /ic=1
Task: {7BD8C60D-44CB-4F19-8803-6B2DE55DCDA6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A72006E2-47A3-4FFF-9DDC-DAF4FDB79D23} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-08-20] (Microsoft Corporation)
Task: {BC4F7FB7-30C5-403C-8859-B4AB01D5CD22} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {C9247DDF-6264-47B1-A57D-359197627C13} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2009372603-1806460082-3326059286-1000UA => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-15] (Dropbox, Inc.)
Task: {CE5ADE93-B693-445B-A91B-68E885E0628B} - System32\Tasks\{D472A2D1-B3B3-4309-9AA1-6CE60D5B7E32} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {DFC376F3-BBEC-455E-AF91-09A376A8AA9F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {E34DFAD1-A24A-40D8-8B1A-847AB5936490} - System32\Tasks\{9AADCD76-6108-45AE-85A6-8D0AAE449255} => pcalua.exe -a D:\AUTORUN.exe -d D:\
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2009372603-1806460082-3326059286-1000Core.job => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2009372603-1806460082-3326059286-1000UA.job => C:\Users\Mike\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2014-06-23 15:24 - 2013-11-14 01:05 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-20 19:12 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-02-09 13:12 - 2014-02-09 13:12 - 00222544 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
2015-08-20 19:15 - 2015-08-20 19:15 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-09 12:59 - 2014-02-09 12:59 - 00293200 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\sqlite3.dll
2014-02-09 13:00 - 2014-02-09 13:00 - 00080208 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\zlib125.dll
2014-02-09 13:00 - 2014-02-09 13:00 - 00016720 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui.dll
2015-08-20 19:12 - 2015-08-20 19:15 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-09-11 12:19 - 2015-09-11 12:19 - 00071168 _____ () c:\users\mike\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6bre8m.dll
2015-03-04 14:45 - 2015-08-04 22:26 - 00012800 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 14:45 - 2015-08-04 22:26 - 00779776 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 11:02 - 2015-08-04 22:26 - 00056320 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 14:45 - 2015-08-04 22:26 - 00012288 _____ () C:\Users\Mike\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2014-02-09 13:00 - 2014-02-09 13:00 - 00133456 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSMui_En.dll
2014-02-09 13:04 - 2014-02-09 13:04 - 00252240 _____ () C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSBr_nuance.dll
2015-08-20 19:12 - 2015-08-20 19:15 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-08-20 19:12 - 2015-08-20 19:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:F9CFE070
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2009372603-1806460082-3326059286-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.180.42.68 - 208.180.42.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{60221D42-2D09-4387-BD13-1A2F90623410}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{2103163B-F911-403F-8C89-8C2C19B47BEA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{C70B9B52-8A3E-4C41-94C5-0C8FFE722D43}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{FE6D5AC3-A5EF-40EC-8583-DA45F949708F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{E80473BB-3C9B-41B6-87BD-05341EA6C070}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{78C51C20-8E33-464B-9659-D3F7AE6CD941}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{C2BF3889-8B2E-49C0-BFAC-3B23B5B0564F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{56D78FAB-34F2-4F92-815C-5189F077ACF8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{45B53258-4621-465F-AA9B-D1CBE607BD0A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{69B28AF2-DCA1-4EBC-AC5B-C4A02F78395B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C00F1F04-8C31-4717-8E99-2C9049C3A6E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7FFD2B84-C462-4316-BAF7-7525954BDB27}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C69F67DA-8A4E-4641-9DD7-36D6FE207A9B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BC5E4DDB-A0E5-4CEE-9C23-FFCDD8BA8A41}] => (Allow) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{9F9A3992-A78F-467B-B7AB-C3695EE33F7C}] => (Allow) C:\Users\Mike\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{65E1759F-093B-4B48-866B-3240552A19CF}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFAssist.exe
FirewallRules: [{8A4C6E26-B56B-482D-96B6-8BBEA8FC8880}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFAssist.exe
FirewallRules: [{F4D7437F-BE27-467B-8769-F85F7FF33A9D}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe
FirewallRules: [{FB2DA7FF-2EE7-4F42-A96F-5520BCED6847}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\NPDFLM.exe
FirewallRules: [{58F50343-C5A5-4196-AD1B-6129727B4E7E}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\bin\NPDFCreate.exe
FirewallRules: [{1AFD885B-1DA1-4A71-882E-8EDCD236C563}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\bin\NPDFCreate.exe
FirewallRules: [{07D0905D-10EF-4028-AD86-E126EDE17DAD}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\bin\NuancePDF.exe
FirewallRules: [{14D7BD46-A4B8-4215-B280-984032A0006F}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\bin\NuancePDF.exe
FirewallRules: [{2CCD32B1-4391-45C0-AC57-8977EA17E875}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe
FirewallRules: [{3E8A2B3A-BE38-45A4-A10E-22BD0199DEFD}] => (Allow) C:\Program Files (x86)\Nuance\Power PDF\Ereg\Ereg.exe
FirewallRules: [{349926F5-6E58-4A46-B32E-3E8C3F0D5D7C}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{2219D697-91D8-4B28-ADDB-1461FD207FCF}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladinetClient.exe
FirewallRules: [{11E9672A-DDA8-4257-85B7-1C5806C14159}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{5EC6953F-2F71-4768-A00A-7D9EF77BD59F}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe
FirewallRules: [{86FC6BFB-5BFF-4DBE-83DC-F1B769FF1B4F}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [{59E26320-ADF0-4D87-B48D-5BFDF6A1FE9B}] => (Allow) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr2003.exe
FirewallRules: [TCP Query User{99CF7C54-5BFC-44D5-8080-10F65A0FA95B}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe] => (Allow) C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe
FirewallRules: [UDP Query User{B4E89B8F-7164-4AC4-80CF-F65C63868297}C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe] => (Allow) C:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe
FirewallRules: [TCP Query User{91E166A5-75F0-4D52-8BD6-F7992DBF06B6}C:\users\mike\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mike\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{CC365DE0-D8F2-4A84-B841-07499165CE48}C:\users\mike\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\mike\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{25CD4BB1-A036-4B55-9CCF-D4EE0F6E3C7D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{29DA6463-5465-4A2C-A070-1334BC212372}] => (Allow) C:\Users\Mike\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{DF97AD8C-93B0-4DF9-B29A-3F79B9E30086}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{445EABE4-D948-4D49-9D23-BADAE057C906}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP LaserJet CP1525nw
Description: HP LaserJet CP1525nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/11/2015 12:20:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/11/2015 10:42:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/11/2015 09:31:31 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/11/2015 09:26:05 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (09/11/2015 08:38:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/10/2015 09:27:06 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (09/10/2015 08:46:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/08/2015 08:38:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/07/2015 08:47:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/07/2015 07:47:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (09/11/2015 11:58:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/11/2015 09:28:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/11/2015 08:49:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (09/11/2015 08:49:31 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
 
Error: (09/08/2015 08:49:10 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/07/2015 09:06:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
 
Error: (09/07/2015 08:45:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:43:43 PM on ‎9/‎7/‎2015 was unexpected.
 
Error: (09/07/2015 08:43:43 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (09/07/2015 08:43:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
 
Error: (09/07/2015 08:32:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
 
CodeIntegrity:
===================================
  Date: 2015-09-07 17:10:02.248
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-07 17:10:02.217
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-07 17:10:02.186
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-09-07 17:10:02.154
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-05 15:25:54.530
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-06-05 15:25:54.500
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD FX™-8120 Eight-Core Processor 
Percentage of memory in use: 19%
Total physical RAM: 12270.99 MB
Available physical RAM: 9878.43 MB
Total Virtual: 24540.18 MB
Available Virtual: 22084 MB
 
==================== Drives ================================
 
Drive c: (Mike's Files) (Fixed) (Total:1863.01 GB) (Free:1524.46 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 2BD2C32A)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 11 September 2015 - 02:46 PM

Greetings,

There appears to be some backup software on the computer. Have you investigated whether or not the folders/files are in the Cloud?

You did not mention running System Restore so we are going to do that. If you already tried that to a point before running Combofix just stop and let me know.

Please do this.

===================================================

Selecting Previous System Restore Point Windows 7/Vista

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type rstrui and press Enter
  • Patiently wait for the System Restore window to appear
  • Click Next
  • If necessary check Show more restore points to expose the following Restore Point
  • Left click on a restore point dated 07-09-2015 13:45:31 JRT Pre-Junkware Removal
  • Click Next, then Finish
  • Allow your computer to reboot and complete the process
  • Check for your files/folders
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 TCShavasu

TCShavasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 11 September 2015 - 02:56 PM

Yes, the first thing I did was System Restore because JRT had created one just before running ComboFix.

I have the PC at my house and have not spoken to Mike since running combofix, so I don't know what his cloud backs up.

I will have a look at in later today. I also found some files using MIniTool Data Recovery, but I do not know if those were files and folders from the desktop until I speak with him. I do know there was a lot of PDF files on the desktop that I have not been able to find and hopefully when I get it back to him, we will be able to find the files using MinTool Data Recovery.

Even if we are able to recover the files, it still is worrisome that ComboFix moved the Desktop folder from the user files and never restored it.

I will tell anyone who is considering using ComboFix not to do so without consulting this site first. Doing a backup first might be a good step, yet the backup may contain a Malware/Virus.

 

Any other ideas on recovering the missing files?



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:34 PM

Posted 11 September 2015 - 03:13 PM

Out of curiosity, did Combofix run to completion without any hiccups, including rebooting the computer?

Yes we have one more thing I can think of but I am getting uncomfortably concerned about the prospects of successfully finding the folders/files on the computer.

I will be away from my computer for a couple of hours but in the meantime please do this.

===================================================

ShadowExplorer

--------------------
  • Download the latest version of ShadowExplorer Installer (exe) and save it to your desktop
  • Double click the icon to begin the setup process
  • Select Run, verify English is the Setup Language, then click OK
  • Click Next on the ShadowExplorer Setup Wizard
  • Click I accept the agreement then Next 4 times
  • Click Install and allow the service to start
  • Click Finish to Start ShadowExplorer now
  • In the upper left hand corner of ShadowExplorer you will see a Date dropdown list. Select the following date: (if the exact date is not listed select the closest date PRIOR to the below date)

09/07/2015 17:04:36

  • Review the Explorer window to try and find any folders/files that are now missing
  • For any entries you find right click on each folder or file and select Export
  • A Browse for Folder window will open
  • Select Desktop then OK and allow the export to complete
  • Report the results in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 TCShavasu

TCShavasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 11 September 2015 - 03:19 PM

Okay, thanks... I'll get back to you later with the results.

As for the running of ComboFix, we started the process and it was scanning when we walked away.

After returning to check the results, we found the log file on the screen opened.

Being that there is a password on the user "Mike" and we did not put it in, and there were no files on the desktop we thought in might have rebooted into the other user "Rio" which is not password protected.

Unfortunately that was not the case and it was still in the "Mike" user. So unless ComboFix can log back in to a protected user, it may not have rebooted the system.



#15 TCShavasu

TCShavasu
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 12 September 2015 - 11:56 AM

Ok, Shadow explorer worked for finding the files and folders.

It seems that the Desktop folder was moved to C:\ComboFix when he previously ran ComboFix and had been the Desktop Location ever since.

I went into the C:\Comboxfix folder and saw Desktop and everything was in it.

Thank you for your help in resolving this.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users