Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HP Pavilion dv7 Infected with Viknok.A


  • This topic is locked This topic is locked
7 replies to this topic

#1 Roswell76

Roswell76

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 10 January 2016 - 12:12 AM

My HP Pavilion dv7 laptop is infected with the Viknok.A virus.  I am using Microsoft Security Essentials (MSE) for malware protection.  MSE detects the virus "Virus:Win64/Viknok.A" and attempts to remove the virus.  MSE indicates 'Your actions were applied successfully", but the 'Status' indicates than an Error was encountered; the error message follows:

 

"The following error occurred:  Error code 0x800704ec.  This program is blocked by group policy.  For more information, contact your system administrator.

 

The contents of the FRST.txt log follow:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-01-2015
Ran by Jim (administrator) on MOMSPUTER (09-01-2016 23:45:28)
Running from C:\Users\Jim\Downloads
Loaded Profiles: Debbie & Kyler Monster & Jim & DYLAN & Guest (Available Profiles: Debbie & Kyler Monster & Jim & DYLAN & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-09-14] (IDT, Inc.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-08-31] ()
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-09-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [584760 2010-09-28] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [273544 2011-05-04] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2844608 2012-10-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-11-07] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [503392 2013-06-25] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863840 2013-06-25] (SEIKO EPSON CORPORATION)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\DigitalPersona\Bin\DPAgent.exe,
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\...\Run: [ZumoDrive] => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk [2080 2011-01-18] ()
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\...\MountPoints2: {404cc528-f6d7-11e1-b124-d3dcc4fc8f9b} - F:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\...\MountPoints2: {65c0c8c9-b931-11e0-83aa-889ffa700e5a} - F:\HPLauncher.exe
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3144660529-1424076712-2258578271-1004\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-3144660529-1424076712-2258578271-1005\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-3144660529-1424076712-2258578271-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3144660529-1424076712-2258578271-1005\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-01] (SUPERAntiSpyware)
HKU\S-1-5-21-3144660529-1424076712-2258578271-1008\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-3144660529-1424076712-2258578271-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-3144660529-1424076712-2258578271-1009.bak\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKU\S-1-5-21-3144660529-1424076712-2258578271-1009.bak\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3144660529-1424076712-2258578271-501\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
Lsa: [Notification Packages] DPPassFilter scecli
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-22] (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-22] (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-22] (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-22] (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll [2010-09-22] (Versionate Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2015-01-13]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2015-01-13]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2015-01-13]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2015\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2011-01-18]
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-07-11]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-07-22]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Kyler Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-10-25]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Kyler Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-07-01]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{3F719A2D-EA1A-4635-BCB0-A40424395076}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{44ECE313-0E2D-4698-AA5A-326A05FCC5A2}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{AD90E0EA-D41A-474B-A6D7-B6F1FE759DF0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{CCF74BE4-9B3A-44DE-B1D3-6170B7F5D36E}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3144660529-1424076712-2258578271-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://notdoppler.com/
HKU\S-1-5-21-3144660529-1424076712-2258578271-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3144660529-1424076712-2258578271-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3144660529-1424076712-2258578271-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3144660529-1424076712-2258578271-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3144660529-1424076712-2258578271-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3144660529-1424076712-2258578271-1009.bak\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3144660529-1424076712-2258578271-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.foxnews.com/
HKU\S-1-5-21-3144660529-1424076712-2258578271-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT/1
HKU\S-1-5-21-3144660529-1424076712-2258578271-501\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.skype.com/intl/en-us/campaigns/toolbar/?intcmp=toolbar-complete&lang=EN
URLSearchHook: [S-1-5-21-3144660529-1424076712-2258578271-1001_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3144660529-1424076712-2258578271-1004_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3144660529-1424076712-2258578271-1008_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3144660529-1424076712-2258578271-1009.bak_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3144660529-1424076712-2258578271-501_classes] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Notebooks
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> DefaultScope {981C3A68-CBED-48BC-89AE-3F95E2776EF1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> {981C3A68-CBED-48BC-89AE-3F95E2776EF1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1004 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1004 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1004 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1005 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1008 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1009.bak -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1009.bak -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-501 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-501 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-501 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-05-04] (RealPlayer)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-20] (Oracle Corporation)
BHO-x32: IEHlprObj Class -> {8CA5ED52-F3FB-4414-A105-2E3491156990} -> C:\Program Files (x86)\Pogo Games\iWinGamesHookIE.dll [2012-01-04] (iWin Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-20] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {18C3FD15-74F6-4280-9C98-3590C966B7B8} hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: HKLM-x32 {3107C2A8-9F0B-4404-A58B-21BD85268FBC} hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab
DPF: HKLM-x32 {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2014-12-07] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\qs5m7ihc.default
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/%26cd%3D2XzuyEtN2Y1L1Qzuzz0Ezy0F0F0AyBtDtD0EyD0AtAyCyC0FtN0D0Tzu0StCtCyByBtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyDtBtBzzyD0DtAtGzz0Azy0BtGtB0B0EtDtGyB0EtBzztGyC0D0CyBtByC0EtCtAzztDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzyzzyCtD0DtBzztG0Fzy0B0AtGyE0Dzy0AtGzy0F0EzztGyDyDtC0EyDyCyByCyDtByCyB2QtN0A0LzuyE%26cr%3D1162094763%26a%3Dwny_dnldstr_15_13%26os%3DWindows 7 Home Premium
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll [2011-11-28] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2011-11-28] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2010-08-18] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll [2011-05-24] (Oberon-Media )
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2011-05-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2011-05-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2011-05-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=12.0.1.647 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2011-05-04] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.647 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll [2011-05-04] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3144660529-1424076712-2258578271-1004: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-3144660529-1424076712-2258578271-1005: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-3144660529-1424076712-2258578271-1008: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-3144660529-1424076712-2258578271-1009.bak: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin HKU\S-1-5-21-3144660529-1424076712-2258578271-501: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll [2010-04-09] (Hulu LLC)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2015-12-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2015-12-23] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-23]
CHR Extension: (Google Docs) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-23]
CHR Extension: (Google Drive) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-23]
CHR Extension: (YouTube) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-23]
CHR Extension: (Google Search) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-23]
CHR Extension: (Google Sheets) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-23]
CHR Extension: (Google Docs Offline) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-23]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-09-20]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-08-27]
CHR Extension: (Chrono Download Manager) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2015-12-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-23]
CHR Extension: (Gmail) - C:\Users\Jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-27]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-05-04]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-09-21] (CyberLink)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [524288 2010-11-20] () [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-08-16] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-07-17] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519888 2012-01-04] (iWin Inc.)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-07] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-11-07] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-11-07] (Intuit Inc.) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [524288 2010-11-20] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-09 23:45 - 2016-01-09 23:46 - 00036825 _____ C:\Users\Jim\Downloads\FRST.txt
2016-01-09 23:43 - 2016-01-09 23:45 - 00000000 ____D C:\FRST
2016-01-09 23:42 - 2016-01-09 23:42 - 02370560 _____ (Farbar) C:\Users\Jim\Downloads\FRST64.exe
2016-01-09 23:08 - 2016-01-09 23:16 - 00000000 ____D C:\Users\Jim\Documents\Backups
2016-01-09 22:59 - 2016-01-09 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-01-09 22:59 - 2016-01-09 22:59 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-01-09 22:56 - 2016-01-09 22:56 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\Jim\Downloads\cbSetup.exe
2016-01-09 22:40 - 2016-01-09 22:41 - 24369736 _____ (SUPERAntiSpyware) C:\Users\Jim\Downloads\SUPERAntiSpyware (1).exe
2016-01-09 22:20 - 2016-01-09 22:20 - 00000000 ____D C:\Users\Jim\AppData\Roaming\SUPERAntiSpyware.com
2016-01-09 22:19 - 2016-01-09 22:20 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-09 22:19 - 2016-01-09 22:19 - 00001808 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-01-09 22:19 - 2016-01-09 22:19 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-09 22:19 - 2016-01-09 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-09 22:03 - 2016-01-09 22:04 - 24369736 _____ (SUPERAntiSpyware) C:\Users\Jim\Downloads\SUPERAntiSpyware.exe
2015-12-29 08:15 - 2015-12-29 08:15 - 251589424 ____N C:\Users\Jim\Documents\Registry Backup.reg
2015-12-29 07:43 - 2015-12-29 07:43 - 00524288 ____N C:\Windows\system32\rpcss.dllA61D6331
2015-12-28 22:57 - 2015-12-28 22:57 - 00016396 ____N C:\Users\Jim\Documents\cc_20151228_225701.reg
2015-12-28 22:56 - 2015-12-28 22:56 - 00523024 ____N C:\Users\Jim\Documents\cc_20151228_225602.reg
2015-12-28 19:53 - 2015-12-28 19:53 - 00000000 ____D C:\ProgramData\WRData
2015-12-24 07:26 - 2015-12-24 07:26 - 00000082 ____N C:\Users\Jim\Documents\cc_20151224_072647.reg
2015-12-23 21:01 - 2015-12-23 21:01 - 50584792 _____ (Microsoft Corporation) C:\Users\Jim\Downloads\Windows-KB890830-x64-V5.31.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-09 23:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-09 23:43 - 2015-03-23 11:43 - 00000308 _____ C:\Windows\Tasks\UpdaterEX.job
2016-01-09 23:40 - 2014-09-20 08:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-09 23:12 - 2015-01-15 16:12 - 00000911 _____ C:\Windows\Tasks\EPSON WF-7620 Series Update {9C1A930B-106C-4795-8FBA-0617855DD108}.job
2016-01-09 23:12 - 2015-01-15 16:12 - 00000725 _____ C:\Windows\Tasks\EPSON WF-7620 Series Invitation {9C1A930B-106C-4795-8FBA-0617855DD108}.job
2016-01-09 22:40 - 2012-09-27 21:56 - 00000000 ____D C:\Users\Jim\AppData\Local\CrashDumps
2016-01-09 22:40 - 2011-01-18 04:18 - 00000000 ____D C:\ProgramData\WildTangent
2016-01-09 22:40 - 2011-01-18 04:18 - 00000000 ____D C:\Program Files (x86)\HP Games
2016-01-09 22:40 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-01-09 22:04 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-09 22:04 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-09 21:56 - 2014-09-20 08:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-09 21:56 - 2012-09-04 18:23 - 00000000 ____D C:\Temp
2016-01-09 21:55 - 2011-06-29 20:40 - 00000000 ____D C:\ProgramData\Kodak
2016-01-09 21:55 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-09 20:45 - 2014-06-17 06:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-09 20:42 - 2015-03-26 12:19 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-09 20:41 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Help
2016-01-09 19:34 - 2015-04-13 09:17 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-09 19:34 - 2014-06-17 06:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-09 19:34 - 2014-06-17 06:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-29 07:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2015-12-29 07:05 - 2015-01-01 21:56 - 00002768 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-12-28 23:09 - 2015-01-13 17:01 - 00000000 ____D C:\Users\Logo Lodge\Documents\Quickbooks
2015-12-28 20:49 - 2009-07-14 00:13 - 00778842 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-23 09:29 - 2011-03-09 08:07 - 00000000 ____D C:\Users\Guest
2015-12-23 09:28 - 2015-01-13 16:57 - 00000000 ____D C:\Users\Logo Lodge
2015-12-23 09:28 - 2013-08-28 18:06 - 00000000 ____D C:\Users\DYLAN
2015-12-23 09:28 - 2011-05-17 19:30 - 00000000 ____D C:\Users\Kyler Monster
2015-12-23 09:28 - 2011-03-08 15:51 - 00000000 ____D C:\Users\Debbie
2015-12-23 09:27 - 2011-07-11 08:11 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-12-23 09:27 - 2011-03-29 07:23 - 00000000 ____D C:\Windows\system32\SPReview
2015-12-23 09:27 - 2011-03-22 11:29 - 00000000 ____D C:\Windows\system32\EventProviders
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\zh-Hant
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\zh-Hans
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\tr
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\sv
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\sl
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\ru
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\ro
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\pl
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\no
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\nl
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\ko
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\ja
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\it
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\hu
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\gl-ES
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\fr
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\fi
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\eu-ES
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\es
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\el
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\de
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\da
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\cs
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\ca-ES
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\SysWOW64\bg
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\zh-Hant
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\zh-Hans
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\tr
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\sv
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\sl
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\ru
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\ro
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\pl
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\no
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\nl
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\ko
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\ja
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\it
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\hu
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\gl-ES
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\fr
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\fi
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\eu-ES
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\es
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\el
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\de
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\da
2015-12-23 09:27 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\cs
2015-12-23 09:27 - 2011-01-18 03:52 - 00000000 ____D C:\Windows\system32\nn-NO
2015-12-23 09:27 - 2011-01-18 03:50 - 00000000 ____D C:\Windows\system32\SRSLabs
2015-12-23 09:27 - 2010-10-23 13:02 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2015-12-23 09:27 - 2010-10-23 12:41 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2015-12-23 09:27 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-12-23 09:27 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Offline Web Pages
2015-12-23 09:27 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2015-12-23 09:27 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-12-23 09:27 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-12-23 09:27 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-12-23 09:27 - 2009-07-13 22:20 - 00000000 __RSD C:\Windows\Media
2015-12-23 09:27 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-23 09:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\TAPI
2015-12-23 09:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\sysprep
2015-12-23 09:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2015-12-23 09:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\Msdtc
2015-12-23 09:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\ias
2015-12-23 09:27 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\GroupPolicy
2015-12-23 09:26 - 2015-03-31 12:34 - 00000000 ____D C:\Users\Jim\AppData\Local\Intuit
2015-12-23 09:26 - 2015-01-13 17:53 - 00000000 ____D C:\Users\Logo Lodge\AppData\Local\Intuit
2015-12-23 09:26 - 2015-01-13 16:58 - 00000000 ____D C:\Users\Logo Lodge\AppData\Roaming\PictureMover
2015-12-23 09:26 - 2015-01-13 16:57 - 00000000 ____D C:\Users\Logo Lodge\AppData\Roaming\Motorola Mobility
2015-12-23 09:26 - 2015-01-13 16:57 - 00000000 ____D C:\Users\Logo Lodge\AppData\Local\HuluDesktop
2015-12-23 09:26 - 2015-01-03 17:55 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Stellarium
2015-12-23 09:26 - 2015-01-02 23:09 - 00000000 ____D C:\Users\Jim\Documents\Astronomy
2015-12-23 09:26 - 2012-11-22 11:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Motorola Mobility
2015-12-23 09:26 - 2012-10-28 14:21 - 00000000 ____D C:\Users\Kyler Monster\AppData\Roaming\Motorola Mobility
2015-12-23 09:26 - 2012-10-01 16:23 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Skype
2015-12-23 09:26 - 2012-09-26 11:24 - 00000000 ____D C:\Users\Jim\AppData\Roaming\Motorola Mobility
2015-12-23 09:26 - 2012-09-26 11:24 - 00000000 ____D C:\Users\Jim\AppData\Local\HuluDesktop
2015-12-23 09:26 - 2012-06-24 05:28 - 00000000 ____D C:\Windows\en
2015-12-23 09:26 - 2011-08-04 21:44 - 00000000 ____D C:\Users\Kyler Monster\AppData\Roaming\Skype
2015-12-23 09:26 - 2011-05-17 19:32 - 00000000 ____D C:\Users\Kyler Monster\AppData\Roaming\PictureMover
2015-12-23 09:26 - 2011-05-17 19:30 - 00000000 ____D C:\Users\Kyler Monster\AppData\Local\HuluDesktop
2015-12-23 09:26 - 2011-03-09 08:09 - 00000000 ____D C:\Users\Guest\AppData\Roaming\PictureMover
2015-12-23 09:26 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\ca-ES
2015-12-23 09:26 - 2011-01-18 04:24 - 00000000 ____D C:\Windows\system32\bg
2015-12-23 09:26 - 2011-01-18 03:52 - 00000000 ____D C:\Windows\Hewlett-Packard
2015-12-23 09:26 - 2009-07-13 23:45 - 00000000 ____D C:\Windows\Setup
2015-12-23 09:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\security
2015-12-23 09:26 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2015-12-23 09:25 - 2015-03-13 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3dCart - Quickbooks
2015-12-23 09:25 - 2015-02-16 10:46 - 00000000 ____D C:\Users\Debbie\AppData\Local\Intuit
2015-12-23 09:25 - 2015-01-15 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2015-12-23 09:25 - 2015-01-15 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-12-23 09:25 - 2015-01-01 21:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-12-23 09:25 - 2014-09-20 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-23 09:25 - 2014-01-29 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-12-23 09:25 - 2013-09-03 08:08 - 00000000 ____D C:\Users\Debbie\Desktop\OpenOffice 4.0.0 (en-US) Installation Files
2015-12-23 09:25 - 2013-08-28 18:08 - 00000000 ____D C:\Users\DYLAN\AppData\Roaming\PictureMover
2015-12-23 09:25 - 2013-08-28 18:06 - 00000000 ____D C:\Users\DYLAN\AppData\Roaming\Motorola Mobility
2015-12-23 09:25 - 2013-08-28 18:06 - 00000000 ____D C:\Users\DYLAN\AppData\Local\HuluDesktop
2015-12-23 09:25 - 2013-06-04 06:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-23 09:25 - 2013-05-03 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-12-23 09:25 - 2013-05-03 20:47 - 00000000 ____D C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
2015-12-23 09:25 - 2012-11-12 20:42 - 00000000 ____D C:\ProgramData\Visan
2015-12-23 09:25 - 2012-09-04 18:23 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Motorola Mobility
2015-12-23 09:25 - 2012-09-03 10:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2015-12-23 09:25 - 2012-03-08 08:28 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-12-23 09:25 - 2012-03-07 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PogoDGC
2015-12-23 09:25 - 2012-03-07 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
2015-12-23 09:25 - 2012-01-01 23:00 - 00000000 ____D C:\Users\Debbie\Desktop\Wommack
2015-12-23 09:25 - 2011-11-19 06:29 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Catalina Marketing Corp
2015-12-23 09:25 - 2011-11-19 06:28 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp
2015-12-23 09:25 - 2011-07-25 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FamilySearch
2015-12-23 09:25 - 2011-06-29 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
2015-12-23 09:25 - 2011-05-15 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-12-23 09:25 - 2011-04-18 19:06 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\ZumoDrive
2015-12-23 09:25 - 2011-03-21 13:31 - 00000000 ____D C:\Users\Debbie\Documents\redist
2015-12-23 09:25 - 2011-03-21 13:31 - 00000000 ____D C:\Users\Debbie\Documents\java
2015-12-23 09:25 - 2011-03-09 08:07 - 00000000 ____D C:\Users\Guest\AppData\Local\HuluDesktop
2015-12-23 09:25 - 2011-03-08 18:51 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\Skype
2015-12-23 09:25 - 2011-03-08 18:51 - 00000000 ____D C:\ProgramData\Skype
2015-12-23 09:25 - 2011-03-08 15:59 - 00000000 ____D C:\Users\Debbie\AppData\Roaming\PictureMover
2015-12-23 09:25 - 2011-01-18 04:17 - 00000000 ____D C:\ProgramData\Norton
2015-12-23 09:25 - 2011-01-18 04:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2015-12-23 09:25 - 2011-01-18 04:14 - 00000000 ____D C:\ProgramData\RoxioNow
2015-12-23 09:25 - 2011-01-18 04:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star
2015-12-23 09:25 - 2011-01-18 04:10 - 00000000 ____D C:\Users\Default\AppData\Local\HuluDesktop
2015-12-23 09:25 - 2011-01-18 04:10 - 00000000 ____D C:\Users\Default User\AppData\Local\HuluDesktop
2015-12-23 09:25 - 2011-01-18 04:08 - 00000000 __HDC C:\ProgramData\{05971B75-B620-4D64-9985-7971BEF763A2}
2015-12-23 09:25 - 2011-01-18 04:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-12-23 09:25 - 2011-01-18 03:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2015-12-23 09:25 - 2011-01-18 03:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-12-23 09:25 - 2010-10-23 12:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-23 09:25 - 2010-10-23 12:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-12-23 09:25 - 2010-10-23 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media
2015-12-23 09:25 - 2010-10-23 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel VideoStudio Pro X3
2015-12-23 09:25 - 2010-10-23 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Photo Pro X3
2015-12-23 09:25 - 2010-10-23 12:46 - 00000000 ____D C:\ProgramData\Ulead Systems
2015-12-23 09:25 - 2010-10-23 12:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-12-23 09:25 - 2010-10-23 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-23 09:25 - 2010-10-23 12:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-12-23 09:25 - 2010-10-23 12:40 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2015-12-23 09:25 - 2010-10-23 12:40 - 00000000 ____D C:\ProgramData\Temp
2015-12-23 09:25 - 2010-10-23 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media & Games
2015-12-23 09:25 - 2010-07-18 11:52 - 00000000 ___RD C:\Users\Debbie\Desktop\Jim III
2015-12-23 09:25 - 2009-09-06 19:40 - 00000000 ___HD C:\SYSTEM.SAV
2015-12-23 09:25 - 2009-08-01 19:06 - 00000000 ___RD C:\Users\Debbie\Desktop\misc
2015-12-23 09:25 - 2008-09-28 15:03 - 00000000 __RSD C:\Users\Debbie\Documents\My Stationery
2015-12-23 09:25 - 2006-11-02 10:07 - 00000000 ___RD C:\Users\Debbie\Desktop\Games
2015-12-23 09:24 - 2015-03-13 16:12 - 00000000 ____D C:\ProgramData\3dCart
2015-12-23 09:24 - 2015-01-03 17:53 - 00000000 ____D C:\Program Files\Stellarium
2015-12-23 09:24 - 2014-01-29 10:04 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-12-23 09:24 - 2012-06-24 05:25 - 00000000 ____D C:\Program Files\Windows Live
2015-12-23 09:24 - 2012-01-22 17:27 - 00000000 ____D C:\ProgramData\FLEXnet
2015-12-23 09:24 - 2011-01-18 03:49 - 00000000 ____D C:\Program Files\IDT
2015-12-23 09:24 - 2010-10-23 12:59 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-12-23 09:24 - 2010-10-23 12:51 - 00000000 ____D C:\ProgramData\CyberLink
2015-12-23 09:24 - 2010-10-23 12:40 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-12-23 09:24 - 2010-10-23 12:37 - 00000000 ____D C:\Program Files\Hewlett-Packard
2015-12-23 09:24 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-12-23 09:24 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-12-23 09:23 - 2015-03-31 10:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-23 09:23 - 2015-01-15 16:12 - 00000000 ____D C:\Program Files\Common Files\EPSON
2015-12-23 09:23 - 2015-01-15 16:07 - 00000000 ____D C:\Program Files (x86)\epson
2015-12-23 09:23 - 2015-01-01 21:56 - 00000000 ____D C:\Program Files\CCleaner
2015-12-23 09:23 - 2014-01-29 09:48 - 00000000 ____D C:\Program Files (x86)\Origin
2015-12-23 09:23 - 2013-06-04 06:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-23 09:23 - 2012-09-03 10:24 - 00000000 ____D C:\Program Files (x86)\RosettaStoneLtdServices
2015-12-23 09:23 - 2012-06-20 19:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-12-23 09:23 - 2012-05-13 19:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-23 09:23 - 2012-03-07 21:16 - 00000000 ____D C:\Program Files (x86)\Pogo Games
2015-12-23 09:23 - 2011-06-29 20:40 - 00000000 ____D C:\Program Files (x86)\Kodak
2015-12-23 09:23 - 2011-05-15 20:11 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-12-23 09:23 - 2011-05-04 19:46 - 00000000 ____D C:\Program Files (x86)\Real
2015-12-23 09:23 - 2010-10-23 12:59 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2015-12-23 09:23 - 2010-10-23 12:57 - 00000000 ____D C:\Program Files (x86)\HP Documentation
2015-12-23 09:23 - 2010-10-23 12:43 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-12-23 09:23 - 2010-10-23 12:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-23 09:23 - 2010-10-23 12:41 - 00000000 ___RD C:\Program Files (x86)\Online Services
2015-12-23 09:23 - 2010-10-23 12:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-23 09:23 - 2010-10-23 12:38 - 00000000 ____D C:\Program Files (x86)\PlayReady
2015-12-23 09:23 - 2010-10-23 12:37 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-12-23 09:23 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-23 09:22 - 2015-03-13 15:55 - 00000000 ____D C:\Program Files (x86)\3dCart - Quickbooks
2015-12-23 09:22 - 2015-01-13 18:20 - 00000000 ____D C:\Program Files (x86)\Browny02
2015-12-23 09:22 - 2015-01-13 18:20 - 00000000 ____D C:\Brother
2015-12-23 09:22 - 2011-05-15 20:10 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-12-23 09:22 - 2011-01-18 03:51 - 00000000 ____D C:\Program Files (x86)\Atheros
2015-12-23 09:22 - 2010-10-23 12:51 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-12-23 09:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2015-12-23 08:59 - 2014-09-20 08:59 - 00000000 ____D C:\Users\Jim\AppData\Local\Google
2015-12-23 08:35 - 2014-09-20 08:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-23 08:35 - 2014-09-20 08:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-23 08:32 - 2012-09-26 11:24 - 00000000 ____D C:\Users\Jim
2015-12-23 08:30 - 2015-08-27 19:36 - 00000000 ____D C:\Program Files (x86)\GUM759C.tmp
2015-12-23 08:30 - 2015-01-13 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickBooks
2015-12-23 08:30 - 2015-01-03 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stellarium
2015-12-23 08:30 - 2013-09-03 08:13 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0
2015-12-23 08:30 - 2011-05-04 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
 
==================== Files in the root of some directories =======
 
2011-03-08 18:53 - 2011-03-08 18:53 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-03-21 13:21 - 2011-03-21 13:21 - 0000848 ___SH () C:\ProgramData\KGyGaAvL.sys
2011-01-18 04:13 - 2011-01-18 04:13 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-10-23 12:56 - 2010-10-23 12:57 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-01-18 04:12 - 2011-01-18 04:12 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-10-23 12:51 - 2010-10-23 12:52 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-01-18 04:12 - 2011-01-18 04:12 - 0000032 _____ () C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
2011-01-18 04:13 - 2011-01-18 04:13 - 0000032 _____ () C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
2010-10-23 12:51 - 2010-10-23 12:51 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2010-10-23 12:52 - 2010-10-23 12:56 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2010-10-23 12:57 - 2011-01-18 04:13 - 0000105 _____ () C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3144660529-1424076712-2258578271-1001\$5b4f705d841e2806feeab3a87cf58df7
 
ZeroAccess:
C:\Users\Debbie\AppData\Local\{5b4f705d-841e-2806-feea-b3a87cf58df7}
 
Files to move or delete:
====================
C:\Users\Debbie\AppData\Roaming\skype.ini
 
 
Some files in TEMP:
====================
C:\Users\Debbie\AppData\Local\Temp\AskSLib.dll
C:\Users\Debbie\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe
C:\Users\Debbie\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Debbie\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Debbie\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Debbie\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Debbie\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Debbie\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Debbie\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Debbie\AppData\Local\Temp\MotoCast_Installer_2.0228.exe
C:\Users\Debbie\AppData\Local\Temp\Resource.exe
C:\Users\Debbie\AppData\Local\Temp\SCC.dll
C:\Users\Debbie\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Debbie\AppData\Local\Temp\SP52619.exe
C:\Users\Debbie\AppData\Local\Temp\SP53546.exe
C:\Users\Debbie\AppData\Local\Temp\SP53998.exe
C:\Users\Debbie\AppData\Local\Temp\SP54001.exe
C:\Users\Debbie\AppData\Local\Temp\sp54373.exe
C:\Users\Debbie\AppData\Local\Temp\swt-gdip-win32-3448.dll
C:\Users\Debbie\AppData\Local\Temp\swt-win32-3448.dll
C:\Users\Debbie\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Debbie\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Logo Lodge\AppData\Local\Temp\Abspdf.exe
C:\Users\Logo Lodge\AppData\Local\Temp\acfpdfu.dll
C:\Users\Logo Lodge\AppData\Local\Temp\acfpdfuamd64.dll
C:\Users\Logo Lodge\AppData\Local\Temp\acfpdfui.dll
C:\Users\Logo Lodge\AppData\Local\Temp\acfpdfuia64.dll
C:\Users\Logo Lodge\AppData\Local\Temp\acfpdfuiamd64.dll
C:\Users\Logo Lodge\AppData\Local\Temp\acfpdfuiia64.dll
C:\Users\Logo Lodge\AppData\Local\Temp\cdintf.dll
C:\Users\Logo Lodge\AppData\Local\Temp\PDFPRT400.exe
C:\Users\Logo Lodge\AppData\Local\Temp\xmllite.dll
C:\Users\Logo Lodge\AppData\Local\Temp\_isAAB6.exe
C:\Users\Logo Lodge\AppData\Local\Temp\_isAF43.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll
[2011-03-29 07:20] - [2010-11-20 08:27] - 0524288 ____N () D41D8CD98F00B204E9800998ECF8427E
 
C:\Windows\system32\rpcss.dll => no Company Name <===== ATTENTION
 
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-24 06:08
 
==================== End of FRST.txt ============================
Attached File  Addition.txt   58.64KB   2 downloads


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:35 PM

Posted 10 January 2016 - 05:22 PM

Hello 

Roswell76

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

 

 

We need to find a replacement file on your system

Please do the following:
 

  •     
  • Run FRST64.

       
  • Type the following   rpcss.dll   in the edit box after "Search:" so it looks like this:

        Search: rpcss.dll


    Click Search button and post the log it makes to your reply.


Edited by fireman4it, 10 January 2016 - 05:23 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Roswell76

Roswell76
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 10 January 2016 - 05:45 PM

Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by Jim (2016-01-10 17:39:14)
Running from C:\Users\Jim\Downloads
Boot Mode: Normal
 
================== Search Files: "rpcss.dll" =============
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-03-29 07:20][2010-11-20 08:27] 0512000 ____A () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 19:00][2009-07-13 20:41] 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027 [File is digitally signed]
 
C:\Windows\System32\rpcss.dll
[2011-03-29 07:20][2010-11-20 08:27] 0524288 ____N () D41D8CD98F00B204E9800998ECF8427E [File not signed]
 
====== End of Search ======


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:35 PM

Posted 11 January 2016 - 08:54 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Attached File  fixlist.txt   5.93KB   2 downloads

 

 

 

Let me know how the machine is running after this fix.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Roswell76

Roswell76
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 11 January 2016 - 10:46 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:09-01-2015
Ran by Jim (2016-01-11 22:32:02) Run:1
Running from C:\Users\Jim\Downloads
Loaded Profiles: Jim (Available Profiles: Debbie & Kyler Monster & Jim & DYLAN & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll C:\Windows\System32\rpcss.dll
Task: {4D179454-0E53-42D9-8238-4AF8ABEEE7E5} - System32\Tasks\UpdaterEX => C:\Users\LOGOLO~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\LOGOLO~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:1901337E
AlternateDataStreams: C:\ProgramData\Temp:3F03D90F
C:\Users\Debbie\AppData\Roaming\skype.ini
EmptyTemp:
C:\$Recycle.Bin\S-1-5-21-3144660529-1424076712-2258578271-1001\$5b4f705d841e2806feeab3a87cf58df7
C:\Users\Debbie\AppData\Local\{5b4f705d-841e-2806-feea-b3a87cf58df7}
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2015-12-23] [not signed]
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/%26cd%3D2XzuyEtN2Y1L1Qzuzz0Ezy0F0F0AyBtDtD0EyD0AtAyCyC0FtN0D0Tzu0StCtCyByBtN1L2XzutAtFzytFyEtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyDyDtBtBzzyD0DtAtGzz0Azy0BtGtB0B0EtDtGyB0EtBzztGyC0D0CyBtByC0EtCtAzztDtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DzyzzyCtD0DtBzztG0Fzy0B0AtGyE0Dzy0AtGzy0F0EzztGyDyDtC0EyDyCyByCyDtByCyB2QtN0A0LzuyE%26cr%3D1162094763%26a%3Dwny_dnldstr_15_13%26os%3DWindows 7 Home Premium
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://aolsvc.aol.com/onlinegames/popinsaniquarium/popcaploader_v10.cab
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> DefaultScope {981C3A68-CBED-48BC-89AE-3F95E2776EF1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> {981C3A68-CBED-48BC-89AE-3F95E2776EF1} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1001 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1004 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1004 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1004 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1005 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1008 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1009.bak -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-1009.bak -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-501 -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-501 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = 
SearchScopes: HKU\S-1-5-21-3144660529-1424076712-2258578271-501 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = 
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
URLSearchHook: [S-1-5-21-3144660529-1424076712-2258578271-1001_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3144660529-1424076712-2258578271-1004_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3144660529-1424076712-2258578271-1008_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3144660529-1424076712-2258578271-1009.bak_classes] ATTENTION => Default URLSearchHook is missing
URLSearchHook: [S-1-5-21-3144660529-1424076712-2258578271-501_classes] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
HKU\S-1-5-21-3144660529-1424076712-2258578271-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://notdoppler.com/
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-07-11]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-07-22]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Kyler Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk [2011-10-25]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Users\Kyler Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013-07-01]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Hosts:
 
 
*****************
 
C:\Windows\System32\rpcss.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D179454-0E53-42D9-8238-4AF8ABEEE7E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D179454-0E53-42D9-8238-4AF8ABEEE7E5}" => key removed successfully
C:\Windows\System32\Tasks\UpdaterEX => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX" => key removed successfully
C:\Windows\Tasks\UpdaterEX.job => moved successfully
C:\ProgramData\Temp => ":1901337E" ADS removed successfully.
C:\ProgramData\Temp => ":3F03D90F" ADS removed successfully.
C:\Users\Debbie\AppData\Roaming\skype.ini => moved successfully
C:\$Recycle.Bin\S-1-5-21-3144660529-1424076712-2258578271-1001\$5b4f705d841e2806feeab3a87cf58df7 => moved successfully
C:\Users\Debbie\AppData\Local\{5b4f705d-841e-2806-feea-b3a87cf58df7} => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\otis@digitalpersona.com => value removed successfully
C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt => moved successfully
Firefox "homepage" removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found. 
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{981C3A68-CBED-48BC-89AE-3F95E2776EF1} => key not found. 
HKCR\CLSID\{981C3A68-CBED-48BC-89AE-3F95E2776EF1} => key not found. 
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found. 
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found. 
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found. 
HKU\S-1-5-21-3144660529-1424076712-2258578271-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. 
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found. 
HKU\S-1-5-21-3144660529-1424076712-2258578271-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3144660529-1424076712-2258578271-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
HKU\S-1-5-21-3144660529-1424076712-2258578271-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found. 
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found. 
HKU\S-1-5-21-3144660529-1424076712-2258578271-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-3144660529-1424076712-2258578271-1008\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3144660529-1424076712-2258578271-1009.bak\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3144660529-1424076712-2258578271-1009.bak\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => key not found. 
HKCR\CLSID\{8CDE19E6-71C2-4B46-89B7-35F6A18C571A} => key not found. 
HKU\S-1-5-21-3144660529-1424076712-2258578271-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3144660529-1424076712-2258578271-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
HKCR\CLSID\{d43b3890-80c7-4010-a95d-1e77b5924dc3} => key not found. 
HKU\S-1-5-21-3144660529-1424076712-2258578271-501\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found. 
HKCR\CLSID\{d944bb61-2e34-4dbf-a683-47e505c587dc} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-3144660529-1424076712-2258578271-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk => moved successfully
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe => not found.
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk => moved successfully
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe => not found.
C:\Users\Kyler Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk => moved successfully
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe => not found.
C:\Users\Kyler Monster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk => moved successfully
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe => not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 3.8 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 22:34:19 ====
 
I let the machine run a few minutes before I posted this to see if Microsoft Security Essentials detected the Viknok.A virus or not.  The laptop has been running for a few minutes after the fix, and so far MSE has not detected the virus.  Normally it would only take a minute or two before Viknok.A was detected.  So far, so good.


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:35 PM

Posted 12 January 2016 - 11:21 AM

Good Job! Lets check for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)
  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)
  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

2.

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

 

Let me know how the machine is running after these two scans.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Roswell76

Roswell76
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 12 January 2016 - 11:43 PM

Thanks for all of your hard work, but I have a bit of bad news to report.  I have been unable to reboot my laptop since running the fixlist.txt script.  It rebooted fine immediately after running fixlist.txt, but after shutting the laptop down for the night, I have been unable to get the machine to boot up.  I suspect I may have a hardware problem - in the days leading up to my asking you and your team for help on this virus, my boot screen had been acting strangely.  Hard to explain, but the imagery was pixelated and distorted - I could hardly read the boot messages.  However, once Windows started, everything cleared up and all images were crisp.  At first I suspected the Viknok virus, but I'm not sure now.  When my computer rebooted after running fixlist.txt, the boot screen was its usual jumbled mess, but I caught a glimpse of a message that I had not seen before stating that there was something wrong with my battery.  I've since tried rebooting several times to no avail (with power cord plugged in just in case).  The machine powers up (fan is running, etc.) and the keyboard LEDs are lit, but the screen is black.  The PC has apparently decided to retire.  Not sure what to do next short of taking the laptop in for a hardware checkup.



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:11:35 PM

Posted 13 January 2016 - 02:25 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users