Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

outlook keeps creating spam emails


  • This topic is locked This topic is locked
10 replies to this topic

#1 bel85742

bel85742

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 22 October 2015 - 08:15 AM

ran all the tools I can think of and have malwarebytes full version and use ms security av but outlook keeps creating spam emails from my primary account to my gmail account which is not even in outlook. pleas help. thanks

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-10-2015 01
Ran by Madonna (administrator) on OFFICE2 (22-10-2015 06:09:23)
Running from C:\Users\Madonna\Downloads
Loaded Profiles: Madonna & LogMeInRemoteUser (Available Profiles: Madonna & LogMeInRemoteUser)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\ramaint.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\MDM.EXE
(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Renesas Electronics Corporation) C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_19_0_0_226_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9726568 2011-08-30] (Realtek Semiconductor)
HKLM\...\Run: [NUSB3MON] => C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-08-30] (Renesas Electronics Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [PeachtreePrefetcher.exe] => C:\Sage Software\PeachtreePrefetcher.exe [30576 2012-10-22] (Sage Software, Inc.)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2012-10-10] (LogMeIn, Inc.)
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1102544 2015-09-09] (Carbonite, Inc.)
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2015-10-21] (SUPERAntiSpyware)
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-03] (Google Inc.)
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [10240 2009-07-13] (Microsoft Corporation)
IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-09-09] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-09-09] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-09-09] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-09-09] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-09-09] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-09-09] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-01-17]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-01-17]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-01-17]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.65
Tcpip\..\Interfaces\{CFBB3F68-74F6-4C02-A41D-F4FC02CBBDC8}: [DhcpNameServer] 192.168.0.1 205.171.2.65

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000 -> {5941bc46-57ca-4649-8c07-aef5f99313f2} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
Toolbar: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-23] (Google Inc.)
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1007
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-16] (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2010-11-04] (Microsoft Corporation)

FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Madonna\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Madonna\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Madonna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-11-02] (SUPERAntiSpyware.com)
R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [6245072 2015-09-09] (Carbonite, Inc. (www.carbonite.com))
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279000 2013-11-07] (Intel Corporation)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2013-10-04] (SEIKO EPSON CORPORATION)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S3 Peachtree SmartPosting 2012; C:\Sage Software\SmartPostingService2012.exe [44400 2012-10-22] (Sage Software, Inc.)
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435528 2011-11-05] (Pervasive Software Inc.)
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-22] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-22] (Intuit Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [102888 2012-02-21] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [315368 2012-02-21] (ASMedia Technology Inc)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-10-22] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 catchme; \??\C:\Users\Madonna\AppData\Local\Temp\catchme.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 06:09 - 2015-10-22 06:09 - 00015344 _____ C:\Users\Madonna\Downloads\FRST.txt
2015-10-22 06:09 - 2015-10-22 06:09 - 00000000 ____D C:\FRST
2015-10-22 06:08 - 2015-10-22 06:08 - 01700352 _____ (Farbar) C:\Users\Madonna\Downloads\FRST.exe
2015-10-16 15:43 - 2015-10-16 15:43 - 00016906 _____ C:\ComboFix.txt
2015-10-16 15:30 - 2015-10-16 15:43 - 00000000 ____D C:\Qoobox
2015-10-16 15:30 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2015-10-16 15:30 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2015-10-16 15:30 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-10-16 15:30 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-10-16 15:30 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-10-16 15:30 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2015-10-16 15:30 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2015-10-16 15:30 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2015-10-16 15:29 - 2015-10-16 15:42 - 00000000 ____D C:\Windows\erdnt
2015-10-16 15:19 - 2015-10-16 15:19 - 05636101 ____R (Swearware) C:\Users\Madonna\Downloads\ComboFix.exe
2015-10-14 16:12 - 2015-09-18 10:47 - 00023384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-14 16:12 - 2015-09-18 10:44 - 01120768 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-14 16:12 - 2015-09-18 10:44 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-14 16:12 - 2015-09-18 10:44 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-14 16:12 - 2015-09-18 10:44 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-14 16:12 - 2015-09-18 10:44 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-14 16:12 - 2015-09-18 10:35 - 00999936 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 03:37 - 2015-10-14 03:37 - 00397664 _____ C:\Users\Madonna\AppData\Local\census.cache
2015-10-14 03:37 - 2015-10-14 03:37 - 00153163 _____ C:\Users\Madonna\AppData\Local\ars.cache
2015-10-14 03:33 - 2015-10-14 03:33 - 00000010 _____ C:\Users\Madonna\AppData\Local\sponge.last.runtime.cache
2015-10-14 03:27 - 2015-10-14 03:27 - 00000000 ____D C:\Users\Madonna\AppData\Roaming\QuickScan
2015-10-14 03:24 - 2015-10-14 03:24 - 00000036 _____ C:\Users\Madonna\AppData\Local\housecall.guid.cache
2015-10-14 03:24 - 2015-05-29 00:43 - 00303744 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2015-10-14 03:23 - 2015-10-14 03:23 - 02073512 _____ (Trend Micro Inc.) C:\Users\Madonna\Downloads\HousecallLauncher.exe
2015-10-13 22:33 - 2015-09-28 20:05 - 03990976 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-10-13 22:33 - 2015-09-28 20:05 - 03936192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-13 22:33 - 2015-09-28 20:02 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-13 22:33 - 2015-09-28 19:59 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-13 22:33 - 2015-09-28 19:59 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-13 22:33 - 2015-09-28 19:59 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-13 22:33 - 2015-09-28 19:59 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-13 22:33 - 2015-09-28 19:59 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-13 22:33 - 2015-09-28 19:59 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-13 22:33 - 2015-09-28 19:59 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-13 22:33 - 2015-09-28 19:58 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-13 22:33 - 2015-09-28 19:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-13 22:33 - 2015-09-28 19:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-13 22:33 - 2015-09-28 19:58 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-13 22:33 - 2015-09-28 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-13 22:33 - 2015-09-28 19:58 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-13 22:33 - 2015-09-28 19:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-13 22:33 - 2015-09-28 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-13 22:33 - 2015-09-28 19:49 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-13 22:33 - 2015-09-28 19:49 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-13 22:33 - 2015-09-28 18:43 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-13 22:33 - 2015-09-28 18:43 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-13 22:33 - 2015-09-28 18:43 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-13 22:33 - 2015-09-15 10:42 - 00139096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-13 22:33 - 2015-09-15 10:42 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-13 22:33 - 2015-09-15 10:36 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-13 22:33 - 2015-09-15 10:36 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-13 22:33 - 2015-09-15 10:36 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-13 22:33 - 2015-09-15 10:36 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-13 22:33 - 2015-09-15 10:36 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-13 22:33 - 2015-09-15 10:36 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-13 22:33 - 2015-09-15 10:35 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-13 22:33 - 2015-07-18 06:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-13 22:33 - 2015-07-18 06:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 22:32 - 2015-10-01 10:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-13 22:32 - 2015-10-01 10:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-13 22:32 - 2015-10-01 10:50 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-13 22:32 - 2015-10-01 10:50 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-13 22:32 - 2015-10-01 10:50 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-13 22:32 - 2015-10-01 09:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-13 22:32 - 2015-09-25 10:59 - 02955776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-13 22:32 - 2015-09-25 10:59 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-13 22:32 - 2015-09-25 10:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-13 22:32 - 2015-09-25 10:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-13 22:32 - 2015-09-25 10:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-13 22:32 - 2015-09-25 10:59 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-13 22:32 - 2015-09-25 10:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-13 22:32 - 2015-09-25 10:58 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-13 22:32 - 2015-09-25 10:58 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-13 22:32 - 2015-09-25 10:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-13 22:32 - 2015-09-25 10:58 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-13 22:32 - 2015-09-18 11:58 - 00345688 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-13 22:32 - 2015-09-15 20:58 - 20357632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-13 22:32 - 2015-09-15 20:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-13 22:32 - 2015-09-15 20:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-10-13 22:32 - 2015-09-15 20:33 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-13 22:32 - 2015-09-15 20:33 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-13 22:32 - 2015-09-15 20:32 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-13 22:32 - 2015-09-15 20:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-10-13 22:32 - 2015-09-15 20:31 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-10-13 22:32 - 2015-09-15 20:28 - 02279936 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-13 22:32 - 2015-09-15 20:26 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-13 22:32 - 2015-09-15 20:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-13 22:32 - 2015-09-15 20:24 - 00480256 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-13 22:32 - 2015-09-15 20:23 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-10-13 22:32 - 2015-09-15 20:23 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-10-13 22:32 - 2015-09-15 20:22 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-13 22:32 - 2015-09-15 20:22 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-10-13 22:32 - 2015-09-15 20:18 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-10-13 22:32 - 2015-09-15 20:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-13 22:32 - 2015-09-15 20:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-10-13 22:32 - 2015-09-15 20:07 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-13 22:32 - 2015-09-15 20:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-13 22:32 - 2015-09-15 20:05 - 04527616 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-13 22:32 - 2015-09-15 20:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-13 22:32 - 2015-09-15 20:04 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-10-13 22:32 - 2015-09-15 19:58 - 12853760 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-13 22:32 - 2015-09-15 19:58 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-10-13 22:32 - 2015-09-15 19:56 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-13 22:32 - 2015-09-15 19:56 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-13 22:32 - 2015-09-15 19:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-13 22:32 - 2015-09-15 19:55 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-10-13 22:32 - 2015-09-15 19:37 - 02011136 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-13 22:32 - 2015-09-15 19:34 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-13 22:32 - 2015-09-15 19:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-10-13 22:32 - 2015-08-06 10:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-13 22:32 - 2015-08-06 10:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-13 22:06 - 2015-10-13 22:06 - 00000000 ____D C:\ProgramData\Emsisoft
2015-10-13 20:01 - 2015-10-14 03:22 - 00000000 ____D C:\ProgramData\HitmanPro
2015-10-13 19:57 - 2015-10-14 03:19 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-10-13 19:50 - 2015-10-13 19:50 - 02870984 _____ (ESET) C:\Users\Madonna\Downloads\esetsmartinstaller_enu.exe
2015-10-13 19:44 - 2015-10-16 15:25 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2015-10-13 19:44 - 2015-03-24 00:17 - 00111368 _____ (Emsisoft GmbH) C:\Windows\system32\Drivers\epp32.sys
2015-10-12 14:41 - 2015-10-12 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-22 05:42 - 2012-08-10 14:52 - 00000000 ____D C:\ProgramData\LogMeIn
2015-10-22 05:23 - 2012-09-09 13:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-22 05:18 - 2011-10-03 10:03 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-22 04:44 - 2014-11-02 06:00 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-10-22 04:00 - 2011-08-27 11:01 - 01623538 _____ C:\Windows\WindowsUpdate.log
2015-10-22 02:30 - 2009-07-13 21:34 - 00021008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-22 02:30 - 2009-07-13 21:34 - 00021008 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-21 16:18 - 2011-10-03 10:03 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-21 14:02 - 2013-10-09 10:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-17 12:01 - 2013-01-17 14:03 - 00000000 ____D C:\ProgramData\SQL Anywhere 11
2015-10-16 23:23 - 2012-09-09 13:59 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-10-16 23:23 - 2011-08-27 09:37 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-10-16 18:02 - 2014-01-03 16:24 - 72335864 _____ C:\Users\Madonna\Downloads\PS6520_1315.exe
2015-10-16 16:11 - 2014-01-28 03:21 - 00000974 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-10-16 16:11 - 2014-01-28 03:21 - 00000958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-10-16 16:10 - 2011-08-27 12:49 - 00744240 _____ C:\Windows\PFRO.log
2015-10-16 16:10 - 2009-07-13 21:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-16 16:10 - 2009-07-13 21:39 - 00027967 _____ C:\Windows\setupact.log
2015-10-16 15:43 - 2009-07-13 19:37 - 00000000 ___RD C:\Users\Public
2015-10-16 15:42 - 2009-07-13 19:04 - 00000215 _____ C:\Windows\system.ini
2015-10-15 11:52 - 2013-03-18 14:28 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-15 11:18 - 2011-10-14 11:22 - 00000000 ____D C:\Users\Madonna\AppData\Local\CrashDumps
2015-10-15 08:20 - 2012-09-14 14:47 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-15 03:01 - 2014-12-10 03:23 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-15 03:01 - 2014-05-06 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-14 13:57 - 2009-07-13 19:37 - 00000000 ____D C:\Windows\rescache
2015-10-14 03:13 - 2011-09-14 15:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-14 03:11 - 2013-08-14 03:04 - 00000000 ____D C:\Windows\system32\MRT
2015-10-14 03:07 - 2011-08-27 09:42 - 141105520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-10-13 19:42 - 2014-11-02 05:59 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-10-13 13:22 - 2009-07-13 21:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-13 13:12 - 2014-11-02 06:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-13 13:12 - 2014-11-02 05:59 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-10-13 13:12 - 2012-11-02 11:23 - 00001064 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-12 14:41 - 2015-04-14 22:00 - 00002106 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2015-10-08 06:49 - 2015-04-04 03:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-10-07 10:35 - 2012-07-24 09:43 - 00000000 ____D C:\Users\Madonna\Documents\CHIPS AND CHAT
2015-10-05 09:50 - 2014-11-02 05:59 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2012-07-23 11:52 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-10-01 08:39 - 2015-08-25 13:32 - 00000971 _____ C:\Users\Madonna\Desktop\Tucson, AZ - MSN Weather.url
2015-09-29 13:46 - 2011-10-03 10:03 - 00000000 ____D C:\Users\Madonna\AppData\Local\Google
2015-09-22 10:20 - 2012-12-14 17:10 - 00000000 ____D C:\Program Files\LogMeIn
2015-09-22 10:19 - 2012-12-14 17:10 - 00103296 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-09-22 10:19 - 2012-12-14 17:10 - 00098152 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-09-22 10:19 - 2012-12-14 17:10 - 00031592 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll

==================== Files in the root of some directories =======

2015-10-14 03:37 - 2015-10-14 03:37 - 0153163 _____ () C:\Users\Madonna\AppData\Local\ars.cache
2015-10-14 03:37 - 2015-10-14 03:37 - 0397664 _____ () C:\Users\Madonna\AppData\Local\census.cache
2014-11-17 09:30 - 2015-02-25 08:54 - 0005120 _____ () C:\Users\Madonna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-10-14 03:24 - 2015-10-14 03:24 - 0000036 _____ () C:\Users\Madonna\AppData\Local\housecall.guid.cache
2015-10-14 03:33 - 2015-10-14 03:33 - 0000010 _____ () C:\Users\Madonna\AppData\Local\sponge.last.runtime.cache
2014-01-03 16:27 - 2014-01-03 16:27 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-21 00:13

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-10-2015 01
Ran by Madonna (2015-10-22 06:09:52)
Running from C:\Users\Madonna\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2011-08-27 03:00:02)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2945136807-2336749786-4136830491-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2945136807-2336749786-4136830491-1004 - Limited - Enabled)
Guest (S-1-5-21-2945136807-2336749786-4136830491-501 - Limited - Enabled)
LogMeInRemoteUser (S-1-5-21-2945136807-2336749786-4136830491-1005 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
Madonna (S-1-5-21-2945136807-2336749786-4136830491-1000 - Administrator - Enabled) => C:\Users\Madonna

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.8.0 - Asmedia Technology)
Carbonite (HKLM\...\{003CAED4-63E2-4D51-B166-DEA06D6EC15D}) (Version: 5.8.1 build 5386 (Sep-08-2015) - Carbonite)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Crystal Reports 2008 Runtime SP1 (HKLM\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.1.0.882 - Business Objects)
Epson Connect (HKLM\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Frosty Goes Skiing Screen Saver (HKLM\...\Frosty Goes Skiing Screen Saver) (Version: 2.3 - Acez Software LLC)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)
Google Earth (HKLM\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{D9B4150C-9EF6-4861-902F-5F5CB760D7ED}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{DF711F5A-C9E4-4241-9A83-58532C99DB28}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
LogMeIn (HKLM\...\{5C5778DB-3E5A-499D-865D-740E67D1F165}) (Version: 4.1.2600 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Ultimate 2007 (HKLM\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Peachtree Accounting 2012 (HKLM\...\InstallShield_{B4FDAA4D-37BD-4DF4-8531-B4F7ABC74E62}) (Version: 19.00.00 - Sage Software, Inc.)
Peachtree Accounting 2012 (Version: 19.00.00 - Sage Software, Inc.) Hidden
Peachtree Signature Ready Forms (Version: 6.14.24 - Sage Software SB, Inc.) Hidden
Pervasive PSQL v10 SP2 Workgroup (32-bit) (HKLM\...\Pervasive PSQL v10 SP2 Workgroup (32-bit)) (Version: 10.10.126 - Pervasive Software)
Pervasive PSQL v10 SP2 Workgroup (32-bit) (Version: 10.20.034 - Pervasive Software) Hidden
QuickBooks (Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4005.2305 - Intuit Inc.)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Sage Integration Services (HKLM\...\Integration Services) (Version: 2.2.2240 - Sage Technology)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1040 - SUPERAntiSpyware.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{23CEE673-F947-4d94-9D54-F4BA00C8B73D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{3CDEA288-D759-4C3B-B07F-7AFBCC842D98}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2013\qbw32.exe (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)

==================== Restore Points =========================

14-10-2015 03:00:55 Windows Update
14-10-2015 03:21:14 Checkpoint by HitmanPro
15-10-2015 03:00:12 Windows Update
18-10-2015 16:21:45 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:04 - 2015-10-16 15:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2FC25B54-6891-4D17-A83F-602736B05FD9} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {666E686D-8336-4328-BE66-C57C072271A6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {8D40683D-74BB-4FDC-A1B5-0342D0358259} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {B25C7E93-C2CD-4817-BD81-D1D5D2D2980B} - System32\Tasks\{8227A912-5A76-47A2-8994-28E99B798D54} => pcalua.exe -a "C:\Users\Madonna\Pictures\Desktop Themes\frostyski.exe" -d "C:\Users\Madonna\Pictures\Desktop Themes"
Task: {D78AE60C-205E-49F4-B01E-198ED46DC57B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F0CF5D55-89A8-4683-BCA9-B345AD9DE6C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {FDC127F9-9478-46AA-BC9B-536F0F24F194} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-03-26 00:28 - 2011-03-26 00:28 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2014-01-16 11:04 - 2014-01-16 11:04 - 00269128 _____ () C:\Program Files\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Madonna\Documents\Fw_ This is such a Cool email; Oldies.eml:OECustomProperty
AlternateDataStreams: C:\Users\Madonna\Documents\Hello.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2945136807-2336749786-4136830491-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Madonna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1 - 205.171.2.65
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{03457711-140B-4525-ACE5-A17C91D260DD}] => (Allow) C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
FirewallRules: [{6BBBF7B8-C895-4F7F-8587-48F2B0205A80}] => (Allow) LPort=1583
FirewallRules: [{365672C0-C515-4D75-881C-21685BE73B75}] => (Allow) LPort=3351
FirewallRules: [TCP Query User{450D52FE-B00D-4F82-9EA5-FB3F1AB9FA8D}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{BC1D7DC7-3C75-4616-ACD5-D488AE511BFC}C:\program files\epson software\event manager\eeventmanager.exe] => (Block) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [{1500D171-8B66-4450-A40B-FB907E7E4162}] => (Allow) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [{1C51E0F0-92CA-4D14-9E5F-5E30B84E4162}] => (Allow) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
FirewallRules: [TCP Query User{35C9D20B-664A-4E48-8CA1-66D6090079B8}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{1AD02E77-7DFE-4D60-AA54-F03020616A53}C:\program files\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{11BDBE7D-0DCA-4B3A-AE89-F1C1543E20C8}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{365F1032-06AE-45A9-8209-E057FC66D07C}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{88576441-D8E4-4F12-9154-FBD27FDF88DB}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{FABC2069-D4D8-446E-BC6E-0F891E357EA1}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
FirewallRules: [{176EB23F-D86C-4271-A5F1-8816D8741104}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{CDFAF925-162A-4B56-B7C0-26B98A3D943E}] => (Allow) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{78EA85ED-F3B0-40F5-A07F-4F4BC14F5A91}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{110B6DA0-E458-4EDF-B242-CCED9C78AFD7}] => (Allow) C:\Program Files\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{4EA1D47D-2BC3-4FE7-B2A7-5D3BAE9A5252}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{C8197391-4B84-43C5-A4D2-B94C1CA0E43A}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{8F276F57-8048-44EE-B579-A6E182172C59}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{5CC03E70-E3A9-44E8-AD99-9ABD8CCF1899}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{0E500BB9-57E4-497A-92FC-BE3CB0E7D7F3}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{772CAA28-DAE7-4D20-947E-FD1A30B4B15D}] => (Allow) C:\Program Files\IncrediMail\Bin\IncMail.exe
FirewallRules: [{6BC76FCE-47B4-48A7-A522-2CF42461D19C}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{ABB1360F-A018-40D2-95A2-A46EFB821536}] => (Allow) C:\Program Files\IncrediMail\Bin\ImApp.exe
FirewallRules: [{E6ABD894-5B34-499E-BB45-8358974FFF05}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/16/2015 09:07:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: carboniteservice.exe, version: 5.8.1.5386, time stamp: 0x55ef9080
Faulting module name: ntdll.dll, version: 6.1.7601.19018, time stamp: 0x5609fdaf
Exception code: 0xc0000374
Fault offset: 0x000c3f83
Faulting process id: 0xd08
Faulting application start time: 0xcarboniteservice.exe0
Faulting application path: carboniteservice.exe1
Faulting module path: carboniteservice.exe2
Report Id: carboniteservice.exe3

Error: (10/15/2015 01:16:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18057 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1cb4

Start Time: 01d10785ea616023

Termination Time: 27

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (10/15/2015 11:51:37 AM) (Source: MsiInstaller) (EventID: 1023) (User: OFFICE2)
Description: Product: Adobe Reader XI (11.0.12) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011013}' could not be installed. Error code 1625. Additional information is available in the log file C:\Users\Madonna\AppData\Local\Temp\MSIa987.LOG.

Error: (10/15/2015 11:18:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18057, time stamp: 0x55f8d3e4
Faulting module name: jscript9.dll, version: 11.0.9600.18057, time stamp: 0x55f8dc6c
Exception code: 0xc0000005
Fault offset: 0x0013550b
Faulting process id: 0x12b0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (10/14/2015 07:14:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00CAEC34.64).  hr = 0x80070005, Access is denied.
.

Error: (10/14/2015 07:14:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00CAEC34.64).  hr = 0x80070005, Access is denied.
.

Error: (10/14/2015 07:14:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000009d4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssapiPublisher,0,REG_BINARY,0572FD34.64).  hr = 0x80070005, Access is denied.
.

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (10/14/2015 07:14:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000204,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,014FF220.64).  hr = 0x80070005, Access is denied.
.

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (10/14/2015 07:14:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000204,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,014FF220.64).  hr = 0x80070005, Access is denied.
.

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (10/14/2015 07:14:35 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f4,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,014FF1C8.64).  hr = 0x80070005, Access is denied.
.

Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

System errors:
=============
Error: (10/17/2015 02:40:57 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056

Error: (10/17/2015 02:39:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CarboniteService service terminated unexpectedly.  It has done this 164 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/17/2015 02:39:00 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056

Error: (10/17/2015 02:38:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CarboniteService service terminated unexpectedly.  It has done this 163 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/17/2015 02:37:05 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056

Error: (10/17/2015 02:36:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CarboniteService service terminated unexpectedly.  It has done this 162 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/17/2015 02:33:36 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056

Error: (10/17/2015 02:32:36 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CarboniteService service terminated unexpectedly.  It has done this 161 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/17/2015 02:29:37 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error:
%%1056

Error: (10/17/2015 02:28:37 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CarboniteService service terminated unexpectedly.  It has done this 160 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 63%
Total physical RAM: 2985.23 MB
Available physical RAM: 1090.76 MB
Total Virtual: 5968.78 MB
Available Virtual: 2916.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:596.07 GB) (Free:499.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 1A82815B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 AM

Posted 25 October 2015 - 09:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Your are Running the Farbar program from the C:\Users\Madonna\Downloads folder.

Please move or copy the program to your Desktop.
Place the Fixlist file you will create on the Desktop also. This will ensure that the fix will be accomplished.
==


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000 -> {5941bc46-57ca-4649-8c07-aef5f99313f2} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
S3 catchme; \??\C:\Users\Madonna\AppData\Local\Temp\catchme.sys [X]
S4 LMIRfsClientNP; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
AlternateDataStreams: C:\Users\Madonna\Documents\Fw_ This is such a Cool email; Oldies.eml:OECustomProperty
AlternateDataStreams: C:\Users\Madonna\Documents\Hello.eml:OECustomProperty

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 bel85742

bel85742
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 26 October 2015 - 06:09 PM

ok thanks for the reply. I did what you said. the fabar tool locked up the first time so I killed it after 2 hours and had to run the fix again but this time it completed in a few minutes and made me reboot the computer. computer booted up fine. as for outlook, I will leave it open and see what happens. thanks, brad

 

copy of Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x86) Version:25-10-2015 02
Ran by Madonna (2015-10-26 15:56:41) Run:2
Running from C:\Users\Madonna\Desktop
Loaded Profiles: Madonna & LogMeInRemoteUser (Available Profiles: Madonna & LogMeInRemoteUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

IFEO\ehshell.exe: [Debugger] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" -MceShellRedirect
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000 -> {5941bc46-57ca-4649-8c07-aef5f99313f2} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
S3 catchme; \??\C:\Users\Madonna\AppData\Local\Temp\catchme.sys [X]
S4
LMIRfsClientNP; no ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common
Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID:
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 ->
C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
CustomCLSID: HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File
CustomCLSID:
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File
AlternateDataStreams: C:\Users\Madonna\Documents\Fw_ This is such a Cool email; Oldies.eml:OECustomProperty
AlternateDataStreams: C:\Users\Madonna\Documents\Hello.eml:OECustomProperty

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ehshell.exe => key not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5941bc46-57ca-4649-8c07-aef5f99313f2} => key not found.
HKCR\CLSID\{5941bc46-57ca-4649-8c07-aef5f99313f2} => key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found.
catchme => service not found.
S4 => Error: No automatic fix found for this entry.
LMIRfsClientNP; no ImagePath => Error: No automatic fix found for this entry.
Synth3dVsc => service not found.
tsusbhub => service not found.
VGPU => service not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C} => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B} => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176} => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C} => key not found.
Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B} => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9} => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9} => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9} => key not found.
CustomCLSID: => key could not remove. ErrorCode: 0xC000003B
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64} => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71} => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708} => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537} => key not found.
"C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File" => not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375} => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D} => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D} => key not found.
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F} => key not found.
CustomCLSID: => key could not remove. ErrorCode: 0xC000003B
HKU\S-1-5-21-2945136807-2336749786-4136830491-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File => Error: No automatic fix found for this entry.
C:\Users\Madonna\Documents\Fw_ This is such a Cool email; Oldies.eml => ":OECustomProperty" ADS removed successfully..
C:\Users\Madonna\Documents\Hello.eml => ":OECustomProperty" ADS removed successfully..
EmptyTemp: => 1.2 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 15:57:46 ====


Edited by bel85742, 26 October 2015 - 06:10 PM.


#4 bel85742

bel85742
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 26 October 2015 - 08:05 PM

2 more spam emails have arrived in the outlook outbox



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 AM

Posted 27 October 2015 - 07:59 AM

Are the SPAM coming from your Account?

I do on occasions get SPAM not from my account but undesirable sender.
My Norton gives me an option to mark them as SPAM and direct them to a SPAM folder that I can empty when I want.

#6 bel85742

bel85742
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 27 October 2015 - 08:04 AM

yes the spam is being sent from my primary account to my gmail account which outlook doesn't even check. not sure how outlook even knows that address. thanks, brad



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 AM

Posted 27 October 2015 - 08:24 AM

When you send a message with Outlook a copy is kept in your Sent folder.

Do you see these SPAMS messages in your sent folder?

#8 bel85742

bel85742
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 27 October 2015 - 09:15 AM

when it was allowed to send they did appear in the sent items folder. 6748 messages were sent in 1 day which shut the mail server down.



#9 bel85742

bel85742
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:50 AM

Posted 27 October 2015 - 09:17 AM

i was just looking at it again and it is forwarding the mail coming into the inbox on madonna website domain name to a madonna gmail account. an ad for officedepot was just forwarded. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 AM

Posted 27 October 2015 - 01:58 PM


Your e-mail address as been spoofed. Read this article.

https://askleo.com/why-does-my-account-keep-sending-out-spam/

Look also at the links under the Read more:


===


If all fails then I can only suggest you start a new topic in the All Other Applications forum
http://www.bleepingcomputer.com/forums/f/57/all-other-applications/


Someone may have other solutions to offer.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:50 AM

Posted 02 November 2015 - 09:35 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users