Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bank says I have Gozi virus


  • Please log in to reply
3 replies to this topic

#1 anonymous550022

anonymous550022

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 12 April 2016 - 02:34 PM

I have ran scans in safe mode and a PE environement with clean results.

 

I am not sure what I am missing.

 

Attached and below are the two logs from frst.exe

 

any help is appreciated

 

thanks in advance

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by paul (administrator) on NRRI-PCARONNA (12-04-2016 13:38:26)
Running from Y:\SIS\Gozi Cleanup
Loaded Profiles: paul (Available Profiles: paul & Administrator & pcaronna & QBDataServiceUser20 & QBDataServiceUser21)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent GP\winagent.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.7\EMP_UDSA.exe
(GFI Software Development Ltd.) C:\Program Files (x86)\Advanced Monitoring Agent GP\patchman\lnssatt.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\ServisFirst Bank\eServis Secure Browser\driver\amd64\drv\obskbsvc.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Sage Software) C:\Program Files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\Take Control Viewer\TeamViewer_Service.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_comm_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_system_customer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_user_customer.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
(Box, Inc.) C:\Program Files\Box\Box Sync\BoxSync.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\948\g2ax_start.exe
(AT&T) C:\Users\paul\AppData\Local\ATT Connect\Participant\ConnectLauncher.exe
(© 2015 Microsoft Corporation) C:\Users\paul\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft) C:\Program Files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.SysTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\948\g2ax_comm_expert.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(TeamViewer GmbH) C:\Program Files (x86)\Take Control Viewer\TeamViewer.exe
() C:\Program Files (x86)\Advanced Monitoring Agent GP\systray\SysTray.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBDBMgrN.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\948\g2ax_user_expert.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
(Managed Antivirus) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMTray.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(LogicNow Ltd) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Farbar) \\file-server02\Shared_Documents\SIS\Gozi Cleanup\FRST64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [698712 2013-02-21] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7469568 2012-01-18] (Dell Inc.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [371024 2013-03-05] (Wave Systems Corp.)
HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077432 2012-08-15] (Dell Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6167336 2016-03-25] (Box, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2015-12-17] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [QuickBooksDB21] => C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBDBMgrN.exe [679936 2010-04-28] (Intuit, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SageAutoUpdate] => C:\Program Files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.SysTray.exe [1082672 2013-08-27] (Microsoft)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [522744 2012-06-07] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [AdvancedMonitoringSysTray] => C:\Program Files (x86)\Advanced Monitoring Agent GP\systray\Launcher.exe [292352 2015-08-03] ()
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMTray.exe [3232152 2013-05-28] (Managed Antivirus)
HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.7\EMP_UD.exe [538728 2014-04-23] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_winlogonx64.dll (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\Run: [GoToAssist Remote Support Expert] => C:\Program Files (x86)\Citrix\GoToAssist Remote Support Expert\948\g2ax_start.exe [610528 2016-01-28] (Citrix Systems, Inc.)
HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\Run: [Launch AT&T Connect Participant application] => c:\Users\paul\AppData\Local\att connect\participant\ConnectLauncher.exe [312600 2015-04-22] (AT&T)
HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\Run: [BingSvc] => C:\Users\paul\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\Run: [HP Photosmart 6510 series (NET)] => C:\Program Files\HP\HP Photosmart 6510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\Run: [Dropbox Update] => C:\Users\paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-10-13] (Dropbox, Inc.)
HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\Run: [inertia-36] => C:\ProgramData\inertia-8\inertia-7.exe [733184 2016-04-12] ()
HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\RunOnce: [cohesion-08] => C:\Users\paul\AppData\Roaming\cohesion-44\cohesion-3.exe [687591 2016-04-12] ()
HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\MountPoints2: {45325723-887b-11e5-8e4d-f01faf61f785} - E:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\MountPoints2: {ae6ce47e-8e2c-11e3-a78a-806e6f6e6963} - D:\mri.exe
HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\Winlogon: [Shell] C:\ProgramData\lithium-8\lithium-20.exe -m,explorer.exe <==== ATTENTION
Lsa: [Authentication Packages] msv1_0 wvauth
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2013-03-05] (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2014-02-04]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2014-02-04]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\QBDataServiceUser20\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2014-02-04]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
Startup: C:\Users\QBDataServiceUser21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2014-02-04]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224 2014-12-05] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [231424 2013-09-07] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992 2009-07-13] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.4 192.168.1.5
Tcpip\..\Interfaces\{307C941B-47B8-4323-B301-159501797648}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{8590B71B-91C9-45B2-9110-87A51BA82885}: [DhcpNameServer] 192.168.1.4 192.168.1.5
Tcpip\..\Interfaces\{98F2C4D3-676D-4570-9A13-407BE90BE56B}: [DhcpNameServer] 192.168.1.4 192.168.1.5

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\Software\Microsoft\Internet Explorer\Main,Old Start Page = hxxp://www.bing.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624 -> {A1B758F1-E2CF-42A6-B1E7-D2E09882D1F8} URL =
SearchScopes: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624 -> {F4003D8B-2361-4A68-A8D1-85DD1994892D} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-15] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-15] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-02] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-02] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-22] (Google Inc.)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-12-17] (Adobe Systems Incorporated)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T29L10NSP13EP20-10086/webex/ieatgpc1.cab
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\HelpAsyncPluggableProtocol.dll [2014-02-04] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-12] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-02-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1289637537-1492190152-1960451953-1624: @citrixonline.com/appdetectorplugin -> C:\Users\paul\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-24] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-01-14]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent GP\winagent.exe [8523264 2015-10-21] (Remote Monitoring) [File not signed]
S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [36240 2016-03-04] (Box, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2828016 2016-02-09] (Microsoft Corporation)
R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2280504 2012-08-15] (Dell Inc.)
R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [231792 2013-03-11] ()
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.7\EMP_UDSA.exe [166504 2014-04-23] (SEIKO EPSON CORPORATION)
R2 gfi_lanss11_attservice; C:\Program Files (x86)\Advanced Monitoring Agent GP\patchman\lnssatt.exe [118640 2012-07-17] (GFI Software Development Ltd.)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\948\g2ax_service.exe [610528 2016-04-05] (Citrix Systems, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
R2 NetworkManagement; C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe [219288 2016-03-17] (LogicNow Ltd)
S4 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
R2 obskbsvc; C:\Program Files (x86)\ServisFirst Bank\eServis Secure Browser\driver\amd64\drv\obskbsvc.exe [86224 2015-02-10] ()
R2 PbaDrvSvc_x64; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\hapi64\pbadrvsvc.exe [21504 2013-01-21] (Dell, Inc.) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-11-09] (Intuit Inc.) [File not signed]
S4 QuickBooksDB21; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 11.0\QBDBMgrN.exe [679936 2010-04-28] (Intuit, Inc.) [File not signed]
R2 Sage.NA.AT_AU.Service; C:\Program Files (x86)\Sage\Advisor\Update\Sage.NA.AT_AU.Service.exe [39728 2013-08-27] (Sage Software)
R2 SBAMSvc; C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe [3681016 2013-05-28] (ThreatTrack Security, Inc.)
S2 tcsd_win32.exe; C:\Program Files (x86)\Security Innovation\SI TSS\bin\tcsd_win32.exe [1643520 2012-05-11] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\Take Control Viewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1773056 2013-02-26] (Wave Systems Corp.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-02-05] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6157312 2012-01-18] (Dell Inc.) [File not signed]
S2 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [254824 2013-03-08] (Wave Systems Corp.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [39016 2012-09-23] (Dell Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 EMP_MIRRUD; C:\Windows\System32\DRIVERS\EMP_MirrUD.sys [5632 2014-04-23] (Windows ® Codename Longhorn DDK provider)
R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2014-04-23] (SEIKO EPSON CORPORATION)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [40584 2015-08-27] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2015-09-23] (GFI Software)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 HidUsb; C:\Windows\SysWOW64\DRIVERS\hidusb.sys [9296 1999-04-23] (Microsoft Corporation) [File not signed]
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
R3 obskbdrv; C:\Windows\system32\drivers\obskbdrv.sys [43216 2015-02-10] ()
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2012-05-21] (STMicroelectronics)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 13:25 - 2016-04-12 13:25 - 00000000 ____D C:\ProgramData\MRI  Squad
2016-04-12 13:15 - 2016-04-12 13:38 - 00000000 ____D C:\FRST
2016-04-12 13:12 - 2016-04-12 13:12 - 00000000 ____D C:\Users\paul\AppData\Roaming\Sun
2016-04-12 11:56 - 2016-04-12 11:56 - 00002058 _____ C:\Users\paul\Desktop\Air Performance.rdp
2016-04-12 11:55 - 2016-04-12 11:55 - 00013427 _____ C:\Users\paul\Desktop\Remote Desktop.lnk
2016-04-12 11:52 - 2016-04-12 11:52 - 00003369 _____ C:\Program Files (x86)\Device Manager Uninstall Log.txt
2016-04-12 11:49 - 2016-04-12 11:49 - 00000000 ____D C:\Users\paul\AppData\Local\GWX
2016-04-12 10:21 - 2016-04-12 10:21 - 00000000 ____D C:\Users\paul\AppData\Roaming\robonaut-2
2016-04-12 10:04 - 2016-04-12 10:04 - 00000000 ____D C:\ProgramData\lithium-8
2016-04-12 10:02 - 2016-04-12 10:02 - 00000000 ____D C:\Users\paul\AppData\Roaming\cohesion-44
2016-04-12 09:59 - 2016-04-12 09:59 - 00000000 ____D C:\ProgramData\inertia-8
2016-04-05 13:48 - 2016-04-05 13:48 - 00156512 _____ C:\Users\paul\gpreport.html
2016-04-05 13:47 - 2016-04-05 13:47 - 00156512 _____ C:\Users\paul\gpreport
2016-04-05 13:24 - 2016-04-12 12:31 - 00007607 _____ C:\Users\paul\AppData\Local\Resmon.ResmonCfg
2016-04-05 11:16 - 2016-04-05 11:16 - 00001582 _____ C:\Users\paul\Desktop\GoToAssist Customer.lnk
2016-04-04 12:45 - 2016-04-04 12:45 - 00000000 ____D C:\Users\paul\AppData\Roaming\Mozilla
2016-04-04 12:44 - 2016-04-04 12:44 - 00000000 ____D C:\Users\paul\AppData\Local\BeFrugal
2016-03-30 18:47 - 2016-04-12 13:37 - 00005014 _____ C:\Windows\System32\Tasks\WSCEAA
2016-03-28 13:50 - 2016-03-28 13:50 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-28 13:50 - 2016-03-28 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-28 13:50 - 2016-03-28 13:50 - 00000000 ____D C:\Program Files\iTunes
2016-03-28 13:50 - 2016-03-28 13:50 - 00000000 ____D C:\Program Files\iPod
2016-03-28 13:50 - 2016-03-28 13:50 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-24 10:36 - 2016-03-24 10:36 - 02983936 _____ C:\Users\paul\Desktop\REFUGE (Portable).QBM
2016-03-23 14:54 - 2016-03-23 15:20 - 00000000 ____D C:\ProgramData\jh
2016-03-22 14:29 - 2016-03-22 14:29 - 00001506 _____ C:\Users\paul\Desktop\Box Sync.lnk
2016-03-22 14:29 - 2016-03-22 14:29 - 00000000 ___RD C:\Users\paul\Box Sync
2016-03-22 14:28 - 2016-04-12 13:34 - 00000000 ____D C:\Users\paul\AppData\Local\Box Sync
2016-03-22 14:28 - 2016-04-05 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2016-03-22 14:28 - 2016-03-22 14:28 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-22 14:28 - 2016-03-22 14:28 - 00000000 ____D C:\Program Files\Box
2016-03-17 08:45 - 2016-03-17 08:45 - 00000000 ____D C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-16 18:57 - 2016-03-16 18:57 - 00001738 _____ C:\Windows\SysWOW64\EmailAVConfig.xml
2016-03-15 13:43 - 2015-05-27 03:00 - 00020480 _____ (Fast Reports Inc.) C:\Users\paul\Desktop\Designer.exe
2016-03-15 13:30 - 2016-03-15 13:33 - 00114721 _____ C:\Users\paul\Desktop\TicketForm.frx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-12 13:34 - 2015-03-21 07:29 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-12 13:34 - 2014-04-21 07:47 - 00000374 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job
2016-04-12 13:34 - 2014-04-21 07:47 - 00000374 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job
2016-04-12 13:34 - 2014-02-19 11:25 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2016-04-12 13:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-12 13:33 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-12 13:33 - 2009-07-13 23:45 - 00031312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-12 13:32 - 2009-07-14 00:13 - 00803086 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-12 13:32 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-04-12 13:31 - 2015-10-02 13:20 - 00000000 ____D C:\Program Files (x86)\Advanced Monitoring Agent GP
2016-04-12 13:16 - 2015-03-21 07:29 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-12 13:13 - 2014-06-20 09:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-12 13:13 - 2014-06-20 09:38 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-12 13:11 - 2015-10-15 16:47 - 00000000 ____D C:\Users\paul\.oracle_jre_usage
2016-04-12 13:01 - 2014-02-04 23:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-12 12:43 - 2015-10-13 12:38 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1289637537-1492190152-1960451953-1624UA.job
2016-04-12 12:43 - 2015-10-13 12:38 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1289637537-1492190152-1960451953-1624Core.job
2016-04-12 12:42 - 2015-06-04 13:47 - 00000632 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1289637537-1492190152-1960451953-1624.job
2016-04-12 12:40 - 2014-03-24 14:12 - 00000536 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1289637537-1492190152-1960451953-1624.job
2016-04-12 12:00 - 2015-09-22 15:44 - 00000000 ____D C:\Windows\Patches
2016-04-12 11:52 - 2015-10-07 08:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Manager
2016-04-12 11:52 - 2015-10-07 08:30 - 00000000 ____D C:\Program Files (x86)\Device Manager
2016-04-12 11:52 - 2014-06-20 09:38 - 00000000 ____D C:\Users\paul\AppData\Local\Google
2016-04-12 11:52 - 2014-06-20 09:38 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-12 11:50 - 2014-02-19 13:07 - 00000000 ____D C:\Users\paul\AppData\Local\Deployment
2016-04-11 18:26 - 2015-09-28 18:02 - 00001378 _____ C:\Windows\SysWOW64\CountScans.XML
2016-04-08 10:01 - 2014-02-04 23:21 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-08 10:01 - 2014-02-04 23:21 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-08 10:01 - 2014-02-04 23:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-06 15:04 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-04-05 13:48 - 2014-02-19 11:27 - 00000000 ____D C:\Users\paul
2016-04-05 13:39 - 2014-02-19 11:27 - 00002566 __RSH C:\ProgramData\ntuser.pol
2016-04-05 12:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\Registration
2016-04-05 11:16 - 2014-10-31 13:32 - 00000000 ____D C:\Users\paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2016-04-05 11:16 - 2014-02-19 13:08 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-04-02 18:33 - 2014-06-20 09:38 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-03-31 10:15 - 2015-06-04 13:47 - 00003652 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1289637537-1492190152-1960451953-1624
2016-03-31 10:15 - 2014-03-24 14:12 - 00003556 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1289637537-1492190152-1960451953-1624
2016-03-30 15:55 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\NDF
2016-03-30 15:54 - 2014-10-28 08:24 - 00000000 ____D C:\Users\paul\AppData\Local\ElevatedDiagnostics
2016-03-29 10:11 - 2015-10-02 13:23 - 00000000 ____D C:\Program Files\Advanced Monitoring Agent Network Management
2016-03-28 13:50 - 2014-03-19 20:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-24 19:30 - 2015-04-06 17:43 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-24 19:30 - 2015-04-06 17:43 - 00000000 ___SD C:\Windows\system32\GWX
2016-03-21 16:56 - 2015-10-02 13:23 - 00000000 ____D C:\ProgramData\AdvancedMonitoringAgentNetworkManagement
2016-03-17 08:45 - 2014-04-03 11:24 - 00000000 ____D C:\Users\paul\AppData\Roaming\Dropbox
2016-03-17 08:20 - 2014-02-04 23:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-17 08:12 - 2014-02-12 09:09 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-16 18:56 - 2015-03-03 18:49 - 13112355 ____H C:\Users\paul\AppData\Local\IconCache.db.backup
2016-03-16 15:40 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-15 13:23 - 2015-10-14 14:25 - 00000000 ____D C:\Program Files (x86)\Take Control Viewer

==================== Files in the root of some directories =======

2015-10-07 08:30 - 2015-10-07 08:31 - 0007944 _____ () C:\Program Files (x86)\Device Manager Setup Log.txt
2016-04-12 11:52 - 2016-04-12 11:52 - 0003369 _____ () C:\Program Files (x86)\Device Manager Uninstall Log.txt
2014-11-14 10:50 - 2014-11-14 10:50 - 0000435 _____ () C:\Users\paul\AppData\Local\BICore_Trace.log
2016-04-05 13:24 - 2016-04-12 12:31 - 0007607 _____ () C:\Users\paul\AppData\Local\Resmon.ResmonCfg
2014-06-20 11:05 - 2014-06-20 11:05 - 0000057 _____ () C:\ProgramData\Ament.ini

Files to move or delete:
====================
C:\Users\paul\cisrep.dat
C:\Users\paul\g2ax_customer_downloadhelper_win32_x86.exe
C:\Users\paul\gosetup.exe

Some files in TEMP:
====================
C:\Users\paul\AppData\Local\Temp\libeay32.dll
C:\Users\paul\AppData\Local\Temp\msvcr120.dll
C:\Users\paul\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-08 08:54

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by paul (2016-04-12 13:38:47)
Running from Y:\SIS\Gozi Cleanup
Windows 7 Professional Service Pack 1 (X64) (2014-02-12 14:01:16)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3214332768-2224184880-1307666074-500 - Administrator - Enabled)
Guest (S-1-5-21-3214332768-2224184880-1307666074-501 - Limited - Disabled)
pcaronna (S-1-5-21-3214332768-2224184880-1307666074-1000 - Administrator - Enabled) => C:\Users\pcaronna
QBDataServiceUser20 (S-1-5-21-3214332768-2224184880-1307666074-1001 - Limited - Enabled) => C:\Users\QBDataServiceUser20
QBDataServiceUser21 (S-1-5-21-3214332768-2224184880-1307666074-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser21

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Managed Antivirus Managed Antivirus (Enabled - Up to date) {FFE93D16-FD09-0282-C7D3-8B1731B6A051}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Managed Antivirus Managed Antivirus (Enabled - Up to date) {4488DCF2-DB33-0D0C-FD63-B0654A31EAEC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.15 - Adobe Systems)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Advanced Monitoring Agent GP (HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\Advanced Monitoring Agent GP) (Version: 1.0.0 - Remote Monitoring Services)
Advanced Monitoring Agent GP (x32 Version: 1.0 - InstallAware Software Corporation) Hidden
Advanced Monitoring Agent GP (x32 Version: 1.0.0 - Remote Monitoring Services) Hidden
Advanced Monitoring Agent Network Management (HKLM\...\{F88FE7C0-2B64-405B-9197-25F8BE135460}_is1) (Version: 19.0.0.816 - LogicNow, Ltd.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Conferencing Outlook Add-in v10.5.15 (HKLM-x32\...\{B13278C5-66E9-4BE6-97A5-C025CDC2F6BA}) (Version: 10.5.15 - AT&T Inc.)
AT&T Connect Participant Application v11.1.205 (HKLM-x32\...\{500C89CE-400B-4C33-9AF6-50BE8C512EEA}) (Version: 11.1.205 - AT&T Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Box Sync (HKLM\...\{D368743E-19BC-4455-92AE-322D50412286}) (Version: 4.0.7318.0 - Box, Inc.)
Box Sync (x32 Version: 4.0.7255.0 - Box Inc.) Hidden
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.08057 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.08057 - Cisco Systems, Inc.) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Crystal Reports XI Release 2 for Sage (HKLM-x32\...\{94FB0978-D094-40C7-91D7-834D39220D4A}) (Version: 11.5.8.82627 - Business Objects)
Custom (Version: 01.00.00.002 - Wave Systems Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.3.00003.072 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{B96348BD-6B0D-42E3-80B1-FA6718067BFE}) (Version: 2.8.1000.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.127 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
DellAccess (Version: 01.03.00.078 - Wave Systems Corp.) Hidden
Documents To Go Desktop for iOS (HKLM-x32\...\DTGDesktop) (Version: 5.0000.013 - DataViz, Inc.)
Dropbox (HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.100.82.124 - Dell Inc.)
Easy Phone Tunes (HKLM-x32\...\{9E1A4454-7AD4-46D8-B5AC-A95973F1C7A5}) (Version: 156 - Easy Phone Tunes)
EMBASSY Client Core (Version: 01.03.00.123 - Wave Systems Corp.) Hidden
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.70.000 - SEIKO EPSON CORPORATION)
ERAS Connector (Version: 02.09.05.0335 - Wave Systems Corp) Hidden
Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
GemPcCCID (Version: 2.0.1 - Gemalto) Hidden
GFI LanGuard 11 Agent (x32 Version: 11.0.2012.0717 - GFI Software Ltd) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Plug-in (HKLM-x32\...\{ADA8583A-C20B-414B-8CB7-3AA7A89F7952}) (Version: 7.1.4.1529 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToAssist Customer 2.6.0.948 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.6.0.948 - Citrix Online)
GoToAssist Expert 2.6.0.948 (HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\GoToAssist Remote Support Expert) (Version: 2.6.0.948 - Citrix Online)
GoToMeeting 7.15.0.4732 (HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\GoToMeeting) (Version: 7.15.0.4732 - CitrixOnline)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photosmart 6510 series Basic Device Software (HKLM\...\{1952AED6-2908-418F-B9D8-AC359651F92D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6510 series Help (HKLM-x32\...\{A2F95F8C-CDA9-4B08-BAD1-CA9656E4EC14}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 6510 series Product Improvement Study (HKLM\...\{57CA7C8A-39E1-4CB5-B312-3E45B54AF51A}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.2.8.17 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
iExplorer 3.2.5.6 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.2.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Interact 5.3.0.27 (HKLM-x32\...\Interact) (Version: 5.3.0.27 - Advanced Weighing Systems, Inc.)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
join.me (HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\JoinMe) (Version: 1.15.0.136 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Managed Antivirus (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 6.2.5528 - GFI Software)
Managed Antivirus (x32 Version: 6.2.5528 - GFI Software) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2013 - en-us (HKLM\...\AccessRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4805.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{2180B33F-3225-423E-BBC1-7798CFD3CD1F}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Module SDK (HKLM-x32\...\{AE5D0144-A524-4A89-99E8-B8D93C4779D2}) (Version: 1.0.1 - Sage Payment Solutions)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyHarmony (HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4805.1003 - Microsoft Corporation) Hidden
PBA Driver-x64 (Version: 1.0.1.8 - Dell Inc.) Hidden
Preboot Manager (Version: 03.05.00.043 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.03.00.032 - Wave Systems Corp.) Hidden
QuickBooks (x32 Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Enterprise Solutions 11.0 (HKLM-x32\...\{11E0AC7D-6828-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Required Runtimes (x32 Version: 13.0.0.0 - SAP BusinessObjects) Hidden
Sage 100 ERP Intelligence Report Designer Add-in (HKLM-x32\...\{DB9DA161-41F6-413A-A96D-EEB20AD102C8}) (Version: 1.00.0000 - Sage)
Sage 100 ERP Intelligence Reporting (HKLM-x32\...\{227ECD43-3B24-4869-848F-7C67095EB40E}) (Version: 5.00.7140.017 - Sage Software, Inc.)
Sage 100 Standard ERP 2014 Workstation (HKLM-x32\...\{AF2CB90D-B248-408D-9288-794C4A1F2014}) (Version: 5.10.0.0 - Sage)
Sage Advisor Update (HKLM-x32\...\{17DB325F-F921-4033-A297-EA643548FE7C}) (Version: 2.2.1.0 - Sage Software, Inc.)
Sage Exchange (HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\f269fca5d8764803) (Version: 1.0.6.31 - Sage Payment Solutions)
Sage Fixed Assets - Depreciation - Network (HKLM-x32\...\InstallShield_{DCAE105F-5AEC-43D1-8B07-139D43BCAC9F}) (Version: 15.1.0.601 - Sage Software, Inc.)
Sage Fixed Assets - Depreciation - Network (x32 Version: 15.1.0.601 - Sage Software, Inc.) Hidden
Sage Fixed Assets - Planning - Network (HKLM-x32\...\InstallShield_{245401B6-B816-4F74-A960-39831AE86E42}) (Version: 12.1.1.0 - Sage Software, Inc.)
Sage Fixed Assets - Planning - Network (x32 Version: 12.1.1.0 - Sage Software, Inc.) Hidden
Sage Fixed Assets - Tracking - Network (HKLM-x32\...\InstallShield_{94BFA9F8-613B-4B05-B90D-A5A7E1784AB8}) (Version: 12.1.1.0 - Sage Software, Inc.)
Sage Fixed Assets - Tracking - Network (x32 Version: 12.1.1.0 - Sage Software, Inc.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
ServisFirst Bank eServis Secure Browser (HKLM-x32\...\6244-9108-6298-2948-servis1st_msb) (Version: 3.9.0 - Online Banking Solutions)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Sharepod 4.0.1.1 (HKLM-x32\...\{085BCFB8-F6FB-4600-AFAB-1F6DBC7F5F99}_is1) (Version:  - Macroplant LLC)
SI TSS (Version: 2.1.41 - Security Innovation) Hidden
SketchUp 2014 (HKLM-x32\...\{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}) (Version: 14.0.4900 - Trimble Navigation Limited)
SMS Pivot Tables Install (HKLM-x32\...\{D4FD52AE-4679-4C57-9F7C-45B80C86DF7F}) (Version: 1.00.0000 - Creative Information Systems)
SMSTurbo.NET  (HKLM-x32\...\{F35041B6-72A8-4803-ACE8-215FC1593254}) (Version: 1.00.0000 - Creative Information Systems)
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
SPP-R200II Unified Mobile Utility (HKLM-x32\...\{53D00CFC-143E-4C54-B00E-956024374C47}) (Version: 3.1.1 - BIXOLON)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0036 - ST Microelectronics)
State/Federal eFiling and Reporting (HKLM-x32\...\InstallShield_{766A5138-0401-4467-A496-5C7A36BF3907}) (Version: 12.3.7 - Sage Software)
State/Federal eFiling and Reporting (x32 Version: 12.3.7 - Sage Software) Hidden
Take Control Viewer 9.0 (HKLM-x32\...\Take Control Viewer_is1) (Version:  - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
The Rosetta Stone (HKLM-x32\...\The Rosetta Stone) (Version:  - )
toolkit32for64bit (x32 Version: 7.70.13.0001 - Wave Systems Corp) Hidden
Topaz e-Signatures SigPlus 4.4.0.22 (HKLM-x32\...\Topaz e-Signatures SigPlus 4.4.0.22) (Version: 4.4.0.22 - Topaz Systems, Inc.)
Topaz SigPlusNET 2.0.0.36 (HKLM-x32\...\Topaz SigPlusNET 2.0.0.36) (Version: 2.0.0.36 - Topaz Systems, Inc.)
Trusted Drive Manager (Version: 5.0.2.24 - Wave Systems Corp.) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Wave Crypto Runtime 2.0.9.0 x64 (Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Crypto Runtime 2.0.9.0 x86 (x32 Version: 02.00.09.0000 - Wave Systems Corp) Hidden
Wave Infrastructure Installer (Version: 07.70.13.0001 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.15.00.024 - Wave Systems Corp) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\paul\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\paul\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2031\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\paul\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06448BB7-15DA-46F1-934A-95FA7DFC5DBF} - System32\Tasks\AVG-Secure-Search-Update_0414c_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {16A941DE-AA7A-484D-8543-68DCEB87322B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-11] (Hewlett-Packard)
Task: {1C200578-0B21-48D0-99A2-C0179AB6BAD8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {1DC36F39-C8E0-4A27-9C72-21FAA2233516} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {1DCA85C8-A2C2-406C-BBE5-C7FA8699E828} - System32\Tasks\WSCEAA => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\RemoteManagement\WSCEAA.exe [2012-11-28] (Wave Systems Corp.)
Task: {209B8A41-2D3F-4094-8EE9-5F54D5E7635A} - System32\Tasks\G2MUploadTask-S-1-5-21-1289637537-1492190152-1960451953-1624 => C:\Program Files (x86)\Citrix\GoToMeeting\4732\g2mupload.exe [2016-03-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {291664EF-72ED-45EE-AF0D-3981DBEA15CD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1289637537-1492190152-1960451953-1624Core => C:\Users\paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-13] (Dropbox, Inc.)
Task: {316856B8-18FA-49BB-BDBE-C1AF0600B655} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1289637537-1492190152-1960451953-1624UA => C:\Users\paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-10-13] (Dropbox, Inc.)
Task: {3EC42B1F-1342-4162-997F-1036699DF2D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {4DDE5903-B624-4685-9D13-2C2E08112800} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {53ACF076-DC6D-448A-A29A-954BC6AB906F} - System32\Tasks\Open Chrome => Chrome.exe --new-window hxxp://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=en
Task: {55D8838A-5B74-4122-8240-0E9C1CCAC416} - System32\Tasks\HPCustParticipation HP Photosmart 6510 series => C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {70411138-095C-435F-B149-5C28924F97B2} - System32\Tasks\G2MUpdateTask-S-1-5-21-1289637537-1492190152-1960451953-1624 => C:\Program Files (x86)\Citrix\GoToMeeting\4732\g2mupdate.exe [2016-03-31] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {824B2076-0DB7-456F-B4FE-C2C8EEE17C43} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {8298267C-5415-47B1-B274-EED5E41C07D5} - System32\Tasks\AVG-Secure-Search-Update_0414c_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: {96CE5E50-B6AB-4D25-B9CF-D83A8A1454FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {B4D902FF-21FD-4567-BD9A-0D1F96C5AE22} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-28] (Microsoft Corporation)
Task: {B817EFC8-3FE9-43F7-B394-47A00DD788FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {FCDAB3AF-A7B7-4E8D-921C-90BC70035A99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {FED2C60B-5916-43C1-96E0-C949B0497B12} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_0414c_rmv.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0414c.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1289637537-1492190152-1960451953-1624Core.job => C:\Users\paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1289637537-1492190152-1960451953-1624UA.job => C:\Users\paul\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1289637537-1492190152-1960451953-1624.job => C:\Program Files (x86)\Citrix\GoToMeeting\4732\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1289637537-1492190152-1960451953-1624.job => C:\Program Files (x86)\Citrix\GoToMeeting\4732\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exeF--new-window hxxp:/toolbar.avg.com/

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-04-18 03:28 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-03-11 11:05 - 2013-03-11 11:05 - 00231792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
2013-03-11 11:04 - 2013-03-11 11:04 - 00039280 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
2012-05-11 10:47 - 2012-05-11 10:47 - 00003072 _____ () C:\Program Files (x86)\Security Innovation\SI TSS\bin\TspPopup_ENU.dll
2015-02-11 19:07 - 2015-02-10 22:38 - 00086224 _____ () C:\Program Files (x86)\ServisFirst Bank\eServis Secure Browser\driver\amd64\drv\obskbsvc.exe
2015-02-11 19:07 - 2015-02-10 22:38 - 00041680 _____ () C:\Program Files (x86)\ServisFirst Bank\eServis Secure Browser\driver\amd64\drv\obskbapi.dll
2014-02-05 00:48 - 2012-02-01 16:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-10 12:28 - 2014-12-10 12:28 - 01152000 _____ () C:\Program Files\Box\Box Sync\_hashlib.pyd
2015-11-17 12:58 - 2015-11-17 12:58 - 00128512 _____ () C:\Program Files\Box\Box Sync\win32api.pyd
2015-11-17 12:58 - 2015-11-17 12:58 - 00137728 _____ () C:\Program Files\Box\Box Sync\pywintypes27.dll
2015-11-17 12:58 - 2015-11-17 12:58 - 00503808 _____ () C:\Program Files\Box\Box Sync\pythoncom27.dll
2014-12-10 12:28 - 2014-12-10 12:28 - 00112128 _____ () C:\Program Files\Box\Box Sync\_ctypes.pyd
2014-12-10 12:28 - 2014-12-10 12:28 - 00047616 _____ () C:\Program Files\Box\Box Sync\_socket.pyd
2014-12-10 12:28 - 2014-12-10 12:28 - 01745920 _____ () C:\Program Files\Box\Box Sync\_ssl.pyd
2015-11-17 13:34 - 2015-11-17 13:34 - 00044544 _____ () C:\Program Files\Box\Box Sync\_psutil_windows.pyd
2014-12-10 12:28 - 2014-12-10 12:28 - 00689664 _____ () C:\Program Files\Box\Box Sync\unicodedata.pyd
2015-11-17 13:31 - 2015-11-17 13:31 - 00003584 _____ () C:\Program Files\Box\Box Sync\clr.pyd
2015-11-17 13:31 - 2015-11-17 13:31 - 00103424 _____ () C:\Program Files\Box\Box Sync\Python.Runtime.dll
2015-11-17 13:34 - 2015-11-17 13:34 - 00027136 _____ () C:\Program Files\Box\Box Sync\ujson.pyd
2014-12-10 12:28 - 2014-12-10 12:28 - 00010752 _____ () C:\Program Files\Box\Box Sync\select.pyd
2014-12-10 12:28 - 2014-12-10 12:28 - 00166912 _____ () C:\Program Files\Box\Box Sync\_elementtree.pyd
2014-12-10 12:28 - 2014-12-10 12:28 - 00164352 _____ () C:\Program Files\Box\Box Sync\pyexpat.pyd
2015-11-17 12:58 - 2015-11-17 12:58 - 00438784 _____ () C:\Program Files\Box\Box Sync\win32com.shell.shell.pyd
2015-11-17 12:58 - 2015-11-17 12:58 - 00023040 _____ () C:\Program Files\Box\Box Sync\win32event.pyd
2016-03-04 13:45 - 2016-03-04 13:45 - 00059392 _____ () C:\Program Files\Box\Box Sync\_sqlite3.pyd
2015-11-17 12:58 - 2015-11-17 12:58 - 00149504 _____ () C:\Program Files\Box\Box Sync\win32file.pyd
2015-11-17 12:58 - 2015-11-17 12:58 - 00136192 _____ () C:\Program Files\Box\Box Sync\win32security.pyd
2015-11-17 12:58 - 2015-11-17 12:58 - 00044032 _____ () C:\Program Files\Box\Box Sync\win32process.pyd
2015-11-17 12:58 - 2015-11-17 12:58 - 00030720 _____ () C:\Program Files\Box\Box Sync\win32cred.pyd
2015-11-17 13:34 - 2015-11-17 13:34 - 00030208 _____ () C:\Program Files\Box\Box Sync\Crypto.Cipher._AES.pyd
2015-11-17 13:34 - 2015-11-17 13:34 - 00008192 _____ () C:\Program Files\Box\Box Sync\Crypto.Util.strxor.pyd
2015-11-17 13:34 - 2015-11-17 13:34 - 00010752 _____ () C:\Program Files\Box\Box Sync\Crypto.Random.OSRNG.winrandom.pyd
2015-11-17 13:34 - 2015-11-17 13:34 - 00011264 _____ () C:\Program Files\Box\Box Sync\Crypto.Util._counter.pyd
2015-11-17 12:58 - 2015-11-17 12:58 - 00053760 _____ () C:\Program Files\Box\Box Sync\win32service.pyd
2015-11-17 13:35 - 2015-11-17 13:35 - 00026112 _____ () C:\Program Files\Box\Box Sync\_yappi.pyd
2014-12-10 12:28 - 2014-12-10 12:28 - 00031744 _____ () C:\Program Files\Box\Box Sync\_multiprocessing.pyd
2015-11-17 12:58 - 2015-11-17 12:58 - 00021504 _____ () C:\Program Files\Box\Box Sync\win32clipboard.pyd
2015-11-17 12:58 - 2015-11-17 12:58 - 00223232 _____ () C:\Program Files\Box\Box Sync\win32gui.pyd
2016-02-29 08:56 - 2016-02-29 08:56 - 00068096 _____ () C:\Program Files\Box\Box Sync\SystemWrapper.dll
2015-10-05 08:24 - 2015-08-03 09:39 - 00292352 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\systray\SysTray.exe
2016-03-25 15:18 - 2016-03-25 15:18 - 00030608 _____ () C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe
2015-10-02 13:23 - 2016-03-17 12:25 - 00243864 _____ () C:\Program Files\Advanced Monitoring Agent Network Management\agentCommon.dll
2015-10-02 13:23 - 2016-03-17 12:25 - 00091800 _____ () C:\Program Files\Advanced Monitoring Agent Network Management\agentCloudCommon.dll
2015-10-02 13:23 - 2016-03-17 12:25 - 00082072 _____ () C:\Program Files\Advanced Monitoring Agent Network Management\agentCloudSharedCode.dll
2015-10-02 13:23 - 2016-03-17 12:25 - 00444056 _____ () C:\Program Files\Advanced Monitoring Agent Network Management\DiscoveryLibrary.dll
2015-10-02 13:23 - 2016-03-17 12:25 - 00030360 _____ () C:\Program Files\Advanced Monitoring Agent Network Management\CannonballSocket.dll
2015-10-02 13:23 - 2016-03-17 12:25 - 00254616 _____ () C:\Program Files\Advanced Monitoring Agent Network Management\websocket-sharp.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-07-17 17:20 - 2012-07-17 17:20 - 00305520 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\patchman\apistrings.dll
2012-07-17 17:24 - 2012-07-17 17:24 - 00159600 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\patchman\modlop.dll
2012-07-23 07:32 - 2012-07-23 07:32 - 00099184 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\patchman\httpserverattplugin.dll
2013-05-23 09:05 - 2013-05-23 09:05 - 02021240 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\patchman\crmimodule.dll
2015-04-16 06:57 - 2015-04-16 06:57 - 00208496 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\patchman\patchautodownload.dll
2009-07-13 16:03 - 2009-07-13 20:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2013-01-21 07:05 - 2013-01-21 07:05 - 00183672 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\patchman\scanmngsys.dll
2012-07-17 17:29 - 2012-07-17 17:29 - 00049520 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\patchman\schedcompactdb.dll
2012-07-17 17:29 - 2012-07-17 17:29 - 00054640 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\patchman\schedupdates.dll
2015-04-22 13:06 - 2015-04-22 13:06 - 00041472 _____ () C:\Users\paul\AppData\Local\ATT Connect\Participant\IwRegVC90.dll
2015-04-22 12:25 - 2015-04-22 12:25 - 01121792 _____ () C:\Users\paul\AppData\Local\ATT Connect\Participant\ACE.dll
2015-10-02 13:28 - 2015-06-26 03:13 - 00184184 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\Definitions\libBase64.dll
2015-10-02 13:28 - 2015-06-26 03:13 - 00175992 _____ () C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\Definitions\libMachoUniv.dll
2013-11-12 11:04 - 2013-11-12 11:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-02-11 09:40 - 2016-02-11 09:40 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e35052408b5c7226c75f65831ba2d378\IsdiInterop.ni.dll
2014-02-04 23:31 - 2012-05-30 14:55 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-02-04 23:27 - 2013-09-12 16:55 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\citrixonline.com -> hxxps://download.citrixonline.com
IE trusted site: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\regions.com -> hxxps://www.regions.com
IE trusted site: HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\...\wausaudl.com -> hxxps://wausaudl.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-11-10 13:55 - 00000902 ____A C:\Windows\system32\Drivers\etc\hosts

192.168.1.6 file-server02
192.168.1.8  term01
192.168.1.8  term01.nrri.local

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1289637537-1492190152-1960451953-1624\Control Panel\Desktop\\Wallpaper -> C:\Users\paul\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.4 - 192.168.1.5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{3D4D5854-09CF-4F57-B456-BC2B5A5766EF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CCC778A4-3032-4FDA-8A26-7ED5C465A38A}] => (Allow) LPort=2869
FirewallRules: [{799A1DE8-2399-47ED-99C2-19C52B207350}] => (Allow) LPort=1900
FirewallRules: [{313C6DFF-DE99-453E-9D39-A136DAFB65DD}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CD449336-D96F-4B7C-A01C-3A46C0930AF7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{1DB51C98-1615-45DB-8983-AE9F9565DA22}] => (Allow) C:\Users\pcaronna\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{3F63744B-1F00-4680-AD86-5B88D158E2AC}C:\program files (x86)\intuit\quickbooks enterprise solutions 11.0\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks enterprise solutions 11.0\qbdbmgrn.exe
FirewallRules: [UDP Query User{0268460C-87E3-4A86-B602-6E47E1950101}C:\program files (x86)\intuit\quickbooks enterprise solutions 11.0\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks enterprise solutions 11.0\qbdbmgrn.exe
FirewallRules: [TCP Query User{597E56B5-A891-415C-90DF-50DD54628D76}C:\program files (x86)\intuit\quickbooks enterprise solutions 11.0\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks enterprise solutions 11.0\qbdbmgrn.exe
FirewallRules: [UDP Query User{B300C608-303B-4D2B-977C-D96CAE2D42B3}C:\program files (x86)\intuit\quickbooks enterprise solutions 11.0\qbdbmgrn.exe] => (Allow) C:\program files (x86)\intuit\quickbooks enterprise solutions 11.0\qbdbmgrn.exe
FirewallRules: [{F04F5179-8426-477D-9E02-F97E580F27BA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AD2F537E-4A35-4C14-B3C9-8F4A5B8F811A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50FA6A24-0395-4230-A474-8077B4A331A7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E093E437-B3C9-4908-A2D8-1F79B5006B7F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66038E68-B270-41D1-8D57-67A4B345A27B}] => (Allow) C:\Program Files (x86)\Jump Desktop\JumpWinClient.exe
FirewallRules: [{E973141A-E518-49E3-96E1-DE5A36CA00F6}] => (Allow) C:\Program Files (x86)\Jump Desktop\JumpWinClient.exe
FirewallRules: [{D3E02DAB-8175-42FE-9954-1054141731A9}] => (Allow) C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
FirewallRules: [{3C5EF465-A0D7-488B-936D-BABF5A8F0B6A}] => (Allow) C:\Program Files (x86)\Jump Desktop\JumpDesktop.exe
FirewallRules: [{D7FA6497-E991-4550-BAB2-64670F6CA136}] => (Allow) C:\Program Files (x86)\Jump Desktop\JumpService.exe
FirewallRules: [{6A15FAB7-5BB6-4256-A6DE-89BA8DB46B21}] => (Allow) C:\Program Files (x86)\Jump Desktop\JumpService.exe
FirewallRules: [{063CF47E-4FAC-4E08-A49F-2AE04B1CBE9A}] => (Allow) C:\Users\paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{407D5BFD-BAAA-478E-9A68-9FCEA646F60B}] => (Allow) C:\Users\paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{488E982C-2604-42CA-B65F-3C0A28E1EEF4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{C5F9CE19-51DF-4336-B5CA-69E3AEC055A7}] => (Allow) C:\Users\paul\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{FE30667C-8F38-462F-8C0D-BA911EE5CE44}C:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{18DA9114-41BD-4954-A38D-9380A30D0055}C:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{B7C4BFDA-3DD1-45B7-BDB1-733B178E82A8}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\DeviceSetup.exe
FirewallRules: [{1B251BC4-E72F-41E9-B277-F85B54BB3C03}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{FE6BB399-EFF6-45CA-B5BB-C5956CC18C15}] => (Allow) C:\Program Files\HP\HP Photosmart 6510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{A9AF2C2E-3971-4866-BF31-140FE8DF88D1}C:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{CDF7970F-AEC7-4198-893D-B8C09AF38E22}C:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\paul\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{9C383EAE-2DC0-4CD9-B6F5-207309206105}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{C6AD9A1F-6B32-4705-A292-E6F61A5761E1}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{E65BD815-C962-4E64-8457-CD4333D51671}] => (Allow) LPort=80
FirewallRules: [{B97BDEC2-0742-41E3-B991-802C26B873EF}] => (Allow) LPort=1433
FirewallRules: [{4F1ABBB2-782C-4EFE-96D6-E8F490527EAC}] => (Allow) LPort=1434
FirewallRules: [{A9D6D33E-E6BC-46C3-8F7E-0B48B3E046A3}] => (Allow) LPort=4022
FirewallRules: [{6D66EC81-106F-4D6B-A2D4-75D8EB048A57}] => (Allow) LPort=135
FirewallRules: [{6000BDBD-E973-4B2D-8446-7060A74353CA}] => (Allow) LPort=2383
FirewallRules: [{189D0A49-3D62-46DC-8666-45DF175098F5}] => (Allow) LPort=2382
FirewallRules: [{B6548256-FF14-4F0E-BF68-4A980C23B8D6}] => (Allow) LPort=80
FirewallRules: [{FF84F221-00C6-4244-B4CF-6A0DBD001C41}] => (Allow) LPort=443
FirewallRules: [{B3C83C64-1B04-4746-85F5-DA9CE437D9E2}] => (Allow) LPort=1434
FirewallRules: [{043A9FF2-0FBC-4AE1-B6AD-14D18A0CD57C}] => (Allow) C:\Users\paul\AppData\Local\Temp\ShowMyPC\-acceleratedpaySupport3521\SMPCSetup.exe
FirewallRules: [{83838CB7-2E7C-4F3D-B2F4-3CDDF362B248}] => (Allow) C:\Users\paul\AppData\Local\Temp\ShowMyPC\-acceleratedpaySupport3521\tvnserver.exe
FirewallRules: [{11217DC7-9907-4B22-AD30-D97BDD070F86}] => (Allow) C:\Users\paul\AppData\Local\Temp\ShowMyPC\-acceleratedpaySupport3521\smwinvnc.exe
FirewallRules: [{F51518AA-698A-474A-9895-B2002D5FB723}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{56DB4CA3-D17C-495D-AB13-830BCA007656}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
FirewallRules: [{6B7A8C22-1F11-49F1-9AC2-075483A43F51}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{3A7E6D6D-7F12-4218-807A-8B1B0CE0825F}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe
FirewallRules: [{98BBE7CF-CC9C-433A-BBE8-1C581906E1DD}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
FirewallRules: [{17CF77D2-90D1-4D22-B8BF-C1421F792996}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
FirewallRules: [{06AD6C57-7DF6-48E3-B985-FE8D4267FB65}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{3D308470-F911-44D5-8451-15C6A3D2750C}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
FirewallRules: [{7112642D-09DB-4008-8B63-EFB5B328D639}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{881C5517-16BF-4B62-BF4C-7CD4683141F7}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{958A2BAA-7D29-4BAA-AEC4-45D7E834F22C}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{350BEF7C-9036-41E6-95C8-0E8521C0C1BD}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{51A14D0A-12E1-4CF3-9095-2538C5C61F2A}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{482D245B-9FEF-4826-869A-31F38A18BC6F}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
FirewallRules: [{81F6E26A-FBF6-47C2-8FA5-1232BD3A6010}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
FirewallRules: [{4BED749F-12FA-4A0A-9F45-6C57389D1807}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
FirewallRules: [{9F04A1DC-1255-4D8A-8FB9-36432BCA9BA9}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
FirewallRules: [{0CED77CD-1144-4472-B0CF-132C7E554378}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
FirewallRules: [{6DDD26DB-011A-476E-98FE-2F038774DC4B}] => (Allow) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
FirewallRules: [{057F632F-AB6B-4801-B4E1-A8E0B2E140CE}] => (Allow) C:\Program Files\Advanced Monitoring Agent Network Management\NetworkManagement.exe
FirewallRules: [TCP Query User{A1D0862C-5F3E-4D03-9DD0-5FFE47B5CF6D}C:\program files (x86)\device manager\devicemanage.exe] => (Allow) C:\program files (x86)\device manager\devicemanage.exe
FirewallRules: [UDP Query User{553B5F0C-DC13-4CC9-968C-92B3008FB8BF}C:\program files (x86)\device manager\devicemanage.exe] => (Allow) C:\program files (x86)\device manager\devicemanage.exe
FirewallRules: [{5B94EA7F-50B7-4403-9C73-08C6711DB554}] => (Allow) C:\Program Files (x86)\Take Control Viewer\TeamViewer.exe
FirewallRules: [{2BB9ED7A-D190-4E68-BD7D-09ADAB01A2A1}] => (Allow) C:\Program Files (x86)\Take Control Viewer\TeamViewer.exe
FirewallRules: [{64299B4B-A582-4845-A104-DF62A4C8EA0F}] => (Allow) C:\Program Files (x86)\Take Control Viewer\TeamViewer_Service.exe
FirewallRules: [{6AE3BB2A-911C-42D8-9203-1854DB7D6549}] => (Allow) C:\Program Files (x86)\Take Control Viewer\TeamViewer_Service.exe
FirewallRules: [{DE5CF726-3BFE-430C-8113-4A0DEA19A5F6}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
FirewallRules: [{FE40CBCD-DE3B-4BE4-8B9B-482C25A96F22}] => (Allow) C:\Program Files (x86)\Advanced Monitoring Agent GP\managedav\SBAMSvc.exe
FirewallRules: [{03B1EE4B-E716-4996-87D8-32D8908CBB7A}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

12-04-2016 13:11:30 Removed Java 8 Update 51
12-04-2016 13:11:55 Removed Java 8 Update 60
12-04-2016 13:12:16 Removed Java 8 Update 65
12-04-2016 13:12:28 Removed Java 8 Update 66
12-04-2016 13:12:53 Removed Java 8 Update 71
12-04-2016 13:13:09 Removed Java 8 Update 73
12-04-2016 13:20:26 Mike SIS

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/12/2016 01:34:20 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 01:25:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 11:49:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 11:24:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 10:01:02 AM) (Source: NetworkManagement) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (04/12/2016 09:58:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/12/2016 08:41:00 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/11/2016 08:06:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2016 11:44:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18231 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2944

Start Time: 01d191b1f25f777d

Termination Time: 47

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 2949a1e9-fda9-11e5-8941-f01faf61f785

Error: (04/08/2016 08:05:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (04/12/2016 01:36:42 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8590B71B-91C9-45B2-9110-87A51BA82885}.
The backup browser is stopping.

Error: (04/12/2016 01:34:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The WvPCR service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (04/12/2016 01:34:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The SI TSS v1.2.1.41 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (04/12/2016 01:33:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Advanced Monitoring Agent Network Management service failed to start due to the following error:
%%109

Error: (04/12/2016 01:33:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/12/2016 01:33:41 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/12/2016 01:33:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\bcmihvsrv64.dll

Error: (04/12/2016 01:33:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/12/2016 01:33:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Advanced Monitoring Agent Network Management service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 20000 milliseconds: Restart the service.

Error: (04/12/2016 01:33:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2014-11-20 08:16:24.695
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-20 08:16:24.664
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-19 10:33:00.652
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-11-19 10:33:00.559
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-30 10:03:21.512
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-30 10:03:21.481
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-30 09:59:18.884
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-30 09:59:18.861
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-09 12:48:48.751
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-09 12:48:48.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgfwd6a.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3540M CPU @ 3.00GHz
Percentage of memory in use: 60%
Total physical RAM: 6015.02 MB
Available physical RAM: 2405.43 MB
Total Virtual: 12028.24 MB
Available Virtual: 8648.58 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:173.24 GB) NTFS
Drive i: () (Network) (Total:242.88 GB) (Free:78.79 GB) NTFS
Drive l: () (Network) (Total:1843.2 GB) (Free:1513.58 GB)
Drive n: () (Network) (Total:1843.2 GB) (Free:1513.58 GB)
Drive r: (Files) (Network) (Total:1716.96 GB) (Free:1456.89 GB) NTFS
Drive s: () (Network) (Total:242.88 GB) (Free:78.79 GB) NTFS
Drive w: () (Network) (Total:1843.2 GB) (Free:1513.58 GB)
Drive x: () (Network) (Total:1843.2 GB) (Free:1513.58 GB)
Drive y: () (Network) (Total:1843.2 GB) (Free:1513.58 GB)
Drive z: () (Network) (Total:1843.2 GB) (Free:1513.58 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 0EEBC544)
Partition 1: (Not Active) - (Size=40 MB) - (Type=DE)
Partition 2: (Active) - (Size=751 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=465 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 


Edited by hamluis, 12 April 2016 - 02:47 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 12 April 2016 - 03:36 PM

Hello anonymous550022 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
     

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by paul (administrator) on NRRI-PCARONNA (12-04-2016 13:38:26)
Running from Y:\SIS\Gozi Cleanup
Loaded Profiles: paul (Available Profiles: paul & Administrator & pcaronna & QBDataServiceUser20 & QBDataServiceUser21)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal

1- The FRST software, did you ran from the Y driver? You must be run from the desktop
2-Running from Y:\SIS
Do you know the SIS folder and Is there any information about it?
 

 ==================== Accounts: =============================

Administrator (S-1-5-21-3214332768-2224184880-1307666074-500 - Administrator - Enabled)
Guest (S-1-5-21-3214332768-2224184880-1307666074-501 - Limited - Disabled)
pcaronna (S-1-5-21-3214332768-2224184880-1307666074-1000 - Administrator - Enabled) => C:\Users\pcaronna
QBDataServiceUser20 (S-1-5-21-3214332768-2224184880-1307666074-1001 - Limited - Enabled) => C:\Users\QBDataServiceUser20
QBDataServiceUser21 (S-1-5-21-3214332768-2224184880-1307666074-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser21

3- Ran by paul (administrator) =====>>  QBDataServiceUser20 These users, Is that you created ??
 

==================== Drives ================================
Drive c: (OS) (Fixed) (Total:464.99 GB) (Free:173.24 GB) NTFS
Drive i: () (Network) (Total:242.88 GB) (Free:78.79 GB) NTFS
Drive l: () (Network) (Total:1843.2 GB) (Free:1513.58 GB)
Drive n: () (Network) (Total:1843.2 GB) (Free:1513.58 GB)
Drive r: (Files) (Network) (Total:1716.96 GB) (Free:1456.89 GB) NTFS

Drive s: () (Network) (Total:242.88 GB) (Free:78.79 GB) NTFS
Drive w: () (Network) (Total:1843.2 GB) (Free:1513.58 GB)
Drive x: () (Network) (Total:1843.2 GB) (Free:1513.58 GB)
Drive y: () (Network) (Total:1843.2 GB) (Free:1513.58 GB)
Drive z: () (Network) (Total:1843.2 GB) (Free:1513.58 GB)

4- Did you create the drivers thes and do you have information ?
 
==================================================================================
I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.
 
Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 anonymous550022

anonymous550022
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:49 AM

Posted 12 April 2016 - 04:09 PM

1- The FRST software, did you ran from the Y driver? You must be run from the desktop
2-Running from Y:\SIS
Do you know the SIS folder and Is there any information about it?

3- Ran by paul (administrator) =====>>  QBDataServiceUser20 These users, Is that you created ??

4- Did you create the drivers thes and do you have information ?

 

 

1. Y drive happens to be a network share. I will re run from local folder

 

2. SIS folder i created to store troubleshooting tools

 

3. We have quickbooks installed on this pc and it creates its own service accounts

 

4. the drives are network shares.

C is the only local drive though the network shares are all trusted



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:49 PM

Posted 12 April 2016 - 06:12 PM

Hi again,

C:\Program Files (x86)\Device Manager Setup Log.txt
C:\Program Files (x86)\Device Manager Uninstall Log.txt

What are these files ?

 

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
 
C:\Program Files (x86)\Device Manager Setup Log.txt
C:\Program Files (x86)\Device Manager Uninstall Log.txt

 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.

===================================================================================

=============================================================================================
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

=====================================================================================

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

=====================================================================================

ComboFix run:
Please be sure to run our tools with administrator rights.
* IMPORTAN: 1   Place ComboFix.exe on your Desktop
* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

=====================================================================================

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users