Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Issues?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Issues?

Unread postby clintonefree » February 5th, 2015, 12:22 pm

Hello!

I am an IT worker at a church and one of our computers (we think) may have some Malware on it. This computer seems to have been running a little slow in general the last few weeks. But, specifically Google Chrome is slow to open up. Firefox is better, but still not normal.

I ran a Malwarebytes scan, and that seemed to help. But I still suspect there is some malware or something that is slowing down this computer.

Here are the logs

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17496
Run by Office Manager at 10:15:14 on 2015-02-05
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.1481 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\KineticCloud Backup for PCs\svcmgr.exe
C:\Program Files\KineticCloud Backup for PCs\nts.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\KineticCloud Backup for PCs\control.exe
C:\Program Files\KineticCloud Backup for PCs\startup.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\KineticCloud Backup for PCs\backup.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\Marybeth Giddings\AppData\Local\Akamai\netsession_win.exe
C:\Users\Marybeth Giddings\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files\KineticCloud Backup for PCs\starter.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\KineticCloud Backup for PCs\status.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\4Team Corporation\ShareO\ShareX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.msn.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Billeo: {465E08E7-F005-4389-980F-1D8764B3486C} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} -
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} -
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: kikin Plugin: {E601996F-E400-41CA-804B-CD6373A7EEE2} -
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
TB: Billeo: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Billeo: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} -
TB: Avery Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
uRun: [Akamai NetSession Interface] "c:\users\marybeth giddings\appdata\local\akamai\netsession_win.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [BackgroundContainerV2] "c:\windows\system32\rundll32.exe" "c:\users\marybeth giddings\appdata\local\conduit\backgroundcontainer\BackgroundContainer.dll",DllRun
mRun: [NWEReboot] <no file>
dRun: [Bomgar_Cleanup_ZD21677825509] cmd.exe /C rd /S /Q "c:\programdata\bomgar-scc-51780e82" & reg delete hkcu\software\microsoft\windows\currentversion\Run /v Bomgar_Cleanup_ZD21677825509 /f
StartupFolder: c:\users\marybe~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ftrwiz~1.lnk - c:\program files\kineticcloud backup for pcs\ftrwizard.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kineticd.lnk - c:\program files\data deposit box\starter.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2011\QBW32.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\starter.lnk - c:\program files\kineticcloud backup for pcs\starter.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smartprint\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} -
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} - hxxp://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} - hxxp://www.freehandmusic.com/update/biblionet.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.2
TCP: Interfaces\{C72DD4E9-4681-4014-BCF5-7F803217CE3A} : DHCPNameServer = 192.168.1.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - c:\program files\intuit\quickbooks 2011\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
AppInit_DLLs= c:\progra~1\google\google~1\GO36F4~1.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\40.0.2214.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\marybeth giddings\appdata\roaming\mozilla\firefox\profiles\rdhb0wkr.default\
FF - plugin: c:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-6 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-6 192352]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-11-6 26136]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2013-11-6 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-11-6 414520]
R1 FAMv4;FAMv4;c:\windows\system32\drivers\FAMv4.sys [2013-4-4 134888]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 219136]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-4 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-6 67824]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2014-1-8 71944]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-8-4 50344]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
R2 HP LaserJet Service;HP LaserJet Service;c:\program files\hp\hplaserjetservice\HPLaserJetService.exe [2009-11-12 136192]
R2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2014-4-14 100256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2015-1-27 1871160]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2015-1-27 969016]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2011-1-26 573224]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-6-24 65856]
R2 Online Backup Control;Online Backup Control;c:\program files\kineticcloud backup for pcs\svcmgr.exe -n"online backup control" -e"control" --> c:\program files\kineticcloud backup for pcs\svcmgr.exe -nOnline Backup Control [?]
R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-6-30 1248256]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2012-11-6 84992]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-8-24 20504]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-1-27 23256]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-1-27 114904]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-1-27 51928]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2011-11-2 23608]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 Online Backup RDP Service;Online Backup RDP Service;c:\program files\kineticcloud backup for pcs\svcmgr.exe -n"online backup rdp service" -e"rdpsrv" --> c:\program files\kineticcloud backup for pcs\svcmgr.exe -nOnline Backup RDP Service [?]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe [2011-3-23 1527900]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-8-23 30192]
S3 GSService;GSService;c:\windows\system32\GSService.exe [2011-11-2 452096]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-12-10 102912]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2011-11-2 244736]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-9 52224]
S3 UPnPService;UPnPService;c:\program files\common files\magix shared\upnpservice\UPnPService.exe [2011-3-23 544768]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-24 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2015-02-04 09:20:21 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ebab6ab7-ffc6-4ad0-9138-9fdc02dffaaf}\offreg.dll
2015-02-03 13:44:51 9054624 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ebab6ab7-ffc6-4ad0-9138-9fdc02dffaaf}\mpengine.dll
2015-01-28 15:09:21 -------- d-----w- c:\windows\system32\MRT
2015-01-28 02:50:22 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-28 02:49:42 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-01-28 02:49:42 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-01-28 02:49:42 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-01-28 02:49:41 -------- d-----w- c:\programdata\Malwarebytes
2015-01-28 02:49:41 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-01-28 02:48:51 -------- d-----w- c:\users\marybeth giddings\appdata\local\Programs
2015-01-26 19:28:40 -------- d-----w- c:\program files\Mozilla Maintenance Service
2015-01-13 21:43:37 164864 ----a-w- c:\windows\system32\profsvc.dll
2015-01-13 21:43:34 46592 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-13 21:43:08 3971512 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-01-13 21:43:07 3916728 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-01-13 21:42:39 242688 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-13 21:42:35 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
==================== Find3M ====================
.
2015-01-06 10:36:02 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 03:33:44 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-07 00:16:54 353864 ----a-w- c:\windows\system32\msvcr71.dll
2014-12-07 00:16:53 505416 ----a-w- c:\windows\system32\msvcp71.dll
2014-11-22 02:20:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07:43 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55:14 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54:30 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48:26 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40:04 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22:49 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-21 22:18:41 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-19 10:31:16 1217192 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 02:44:45 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32:14 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45:09 2048 ----a-w- c:\windows\system32\tzres.dll
.
============= FINISH: 10:20:17.00 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 8/23/2010 12:50:58 PM
System Uptime: 2/2/2015 10:35:50 AM (72 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz | Microprocessor | 2133/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 199.32 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
K: is FIXED (NTFS) - 932 GiB total, 492.491 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP567: 1/23/2015 12:11:01 PM - Windows Update
RP569: 1/24/2015 7:19:11 AM - avast! antivirus system restore point
RP570: 1/25/2015 8:19:41 AM - Removed Avery Toolbar.
RP571: 1/27/2015 10:21:22 AM - Windows Update
RP572: 1/28/2015 9:05:25 AM - Windows Update
RP573: 2/3/2015 7:43:57 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4Team ShareO
Acrobat.com
Add-O-Matic 9
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.4.7 - CPSID_83708
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 7.0
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 7.0
Adobe Premiere Elements 7.0 Templates
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Akamai NetSession Interface
AllMusicConverter 4.2.9
AllMusicConverter Media Suite 4.2.9
Amazon MP3 Downloader 1.0.15
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Internet Security
Avery Wizard 4.0
BadCopy Pro
Bing Bar
Bing Rewards Client Installer
Bonjour
Brother P-touch Editor 5.0
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chord Pickout 1.6
Chromex
ChurchPro 2014
Color Network ScanGear Ver.2.61
ComPlay 3.5 - Rev.48
Coupish
Coupon Printer for Windows
CustomerResearchQFolder
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
Dell Driver Download Manager
DESI Labeling System
DeviceDiscovery
DeviceManagementQFolder
DONATION
Driver Detective
Dropbox
Elite Unzip
Feedback Tool
Finale SongWriter 2007
Firebird SQL Server - MAGIX Edition
Google Chrome
Google Desktop
Google Drive
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Support for R-Technics Products
High-Definition Video Playback
HP Customer Participation Program 9.0
HP LaserJet M2727 MFP Series 5.2
HP LaserJet P1000 series
HP LaserJet Professional P1100-P1560-P1600 Series
HP Update
hppFaxDrvM2727
hppFaxUtility
hppFonts
hppLaserJetService
hppLJM2727
hppManualsM2727
hppMSRedist
hppScanTo
hppSendFaxM2727
hppTLBXFXM2727
hppusgM2727
hppusgP1000
HPSSupply
hpzTLBXFX
iClone 2 SE for Magix
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 23
kikin plugin 2.9
KineticCloud Backup for PCs (remove only)
MAGIX Goya burnR 1.3.1.3 (US)
MAGIX Movie Edit Pro 14 PLUS 7.5.2.11 (US)
MAGIX PC Visit
MAGIX Photo Manager 2007 4.1.1.77 (US)
MAGIX Xtreme Photo Designer 6 6.0.24.0 (US)
Malwarebytes Anti-Malware version 2.0.4.1028
MarketResearch
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 35.0.1 (x86 en-US)
Mozilla Maintenance Service
MrvlUsgTracking
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mufin MusicFinder Base 1.0.1.240 (UK)
Musicnotes Software Suite 1.5.5
Neat Image v6 Demo (with plug-in)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NOOK for PC
novaPDF Pro v5 for DONATION (novaPDF Professional Desktop 5.5
novaPDF Pro v7 for DONATION (novaPDF 7.1 printer)
Online Backup
Paradox Runtime
PhotoshopdotcomInspirationBrowser
Picasa 3
Plus! Image
PowerISO
Product_Min_QFolder
ProModule: Christmas Shapes
ProModule: Flash Support
ProModule: Timers
ProModule: Video Chain
QuickBooks
QuickBooks Pro 2011
QuickTime
Search Toolbar
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sheet Music Plus Digital Print
SmartSound Quicktracks for Premiere Elements
Solero Music Viewer 8.0.32.2
SongShow Plus
Stamps.com
Stamps.com Address Book Support for Microsoft Outlook 97-2010
Stamps.com Application Support for Microsoft Outlook 2000-2010
Stamps.com support for Microsoft Outlook 2000-2010
Stamps.com support for Microsoft Outlook 97-2010
SupportSoft Assisted Service
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889828) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
ViewSonic Monitor Drivers
Volume Activation Management Tool 2.0
WebReg
Windows 7 Hotfix
Windows Installer Clean Up
Windows Live ID Sign-in Assistant
Windows Media Player Firefox Plugin
WordPerfect Office 12
.
==== Event Viewer Messages From Past Week ========
.
2/4/2015 2:32:16 AM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
2/2/2015 10:47:59 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.
2/2/2015 10:47:59 AM, Error: Service Control Manager [7000] - The BBUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/2/2015 10:47:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BBUpdate with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
2/2/2015 10:37:42 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/2/2015 10:37:29 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/2/2015 10:01:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP LaserJet Service service to connect.
2/2/2015 10:01:23 AM, Error: Service Control Manager [7000] - The HP LaserJet Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
clintonefree
Regular Member
 
Posts: 29
Joined: January 19th, 2015, 1:03 pm
Advertisement
Register to Remove

Re: Malware Issues?

Unread postby Cypher » February 7th, 2015, 1:31 pm

Hi and welcome back to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.


Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
Important: Save all tools i ask you to download to your Desktop, if you don't know how to do this just ask.




Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, uncheck any entries you don't want to remove, then click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems

  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply

  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware Issues?

Unread postby clintonefree » February 9th, 2015, 11:42 am

# AdwCleaner v4.110 - Logfile created 09/02/2015 at 09:35:59
# Updated 05/02/2015 by Xplode
# Database : 2015-02-05.2 [Local]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Office Manager - OFFICE1
# Running from : C:\Users\Marybeth Giddings\Downloads\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : GSService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\PC Drivers HeadQuarters
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\kikin
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Tbccint
Folder Deleted : C:\Program Files\PC Drivers HeadQuarters
Folder Deleted : C:\Program Files\EliteUnzip
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Users\MARYBE~1\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\MARYBE~1\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Marybeth Giddings\AppData\Local\Conduit
Folder Deleted : C:\Users\Marybeth Giddings\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Marybeth Giddings\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Marybeth Giddings\AppData\LocalLow\Billeo
Folder Deleted : C:\Users\Marybeth Giddings\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Marybeth Giddings\AppData\Roaming\kikin
Folder Deleted : C:\Users\Marybeth Giddings\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Marybeth Giddings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elite Unzip
Folder Deleted : C:\Users\Marybeth Giddings\Documents\Billeo
Folder Deleted : C:\Users\Marybeth Giddings\AppData\Roaming\Mozilla\Firefox\Profiles\rdhb0wkr.default\Extensions\{AA994882-F391-4D2E-806F-8908DA4814ED}
Folder Deleted : C:\Users\Marybeth Giddings\AppData\Roaming\Mozilla\Firefox\Profiles\rdhb0wkr.default\Extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
Folder Deleted : C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
File Deleted : C:\END
File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Windows\system32\GSService.exe

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [BackgroundContainerV2]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{6576EBAA-B570-4345-98E4-96153C77CF24}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]
Key Deleted : HKLM\SOFTWARE\Classes\Ahika.IEExtn.ExplrBar
Key Deleted : HKLM\SOFTWARE\Classes\Ahika.IEExtn.ExplrBar.1
Key Deleted : HKLM\SOFTWARE\Classes\Ahika.IEExtn.ToolBar
Key Deleted : HKLM\SOFTWARE\Classes\Ahika.IEExtn.ToolBar.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\IEExtn.BilleoToolbarCommand
Key Deleted : HKLM\SOFTWARE\Classes\IEExtn.BilleoToolbarCommand.1
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6576EBAA-B570-4345-98E4-96153C77CF24}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94510F77-E53C-4273-BD91-77AA8909902F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10E9E863-3913-40D0-903D-D46DEB18C982}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F9AF7E3-3853-473F-A49B-E470A3A41501}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DADF82FD-0783-4CA9-98AA-615F657A2A9E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D0D64E3C-4B40-3020-B26E-0AB9B12B38A9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6576EBAA-B570-4345-98E4-96153C77CF24}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{465E08E7-F005-4389-980F-1D8764B3486C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6576EBAA-B570-4345-98E4-96153C77CF24}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{910A0417-CE01-4EAA-A1E6-59908641692C}
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BlabbersToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Tbccint_HKLM
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainerV2
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\OpenCandy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;127.0.0.1:9421;<local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v35.0.1 (x86 en-US)


-\\ Google Chrome v40.0.2214.111


*************************

AdwCleaner[R0].txt - [10973 bytes] - [09/02/2015 09:23:48]
AdwCleaner[R1].txt - [11033 bytes] - [09/02/2015 09:30:55]
AdwCleaner[S0].txt - [11095 bytes] - [09/02/2015 09:35:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11155 bytes] ##########
clintonefree
Regular Member
 
Posts: 29
Joined: January 19th, 2015, 1:03 pm

Re: Malware Issues?

Unread postby clintonefree » February 9th, 2015, 11:48 am

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-02-2015
Ran by Office Manager (administrator) on OFFICE1 on 09-02-2015 09:43:39
Running from C:\Users\Marybeth Giddings\Downloads
Loaded Profiles: Office Manager (Available profiles: Office Manager & Assistant & canon & Support & Bookkeepers & Scanner & Administrator & Guest)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\KineticCloud Backup for PCs\svcmgr.exe
() C:\Program Files\KineticCloud Backup for PCs\nts.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\KineticCloud Backup for PCs\control.exe
(KineticD) C:\Program Files\KineticCloud Backup for PCs\startup.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\KineticCloud Backup for PCs\backup.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Akamai Technologies, Inc.) C:\Users\Marybeth Giddings\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Marybeth Giddings\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE
() C:\Program Files\KineticCloud Backup for PCs\starter.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files\KineticCloud Backup for PCs\status.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [NWEReboot] => [X]
HKLM\...\Run: [Intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [TrayServer] => C:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS\TrayServer.exe [90112 2007-12-04] (MAGIX AG)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)
HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Marybeth Giddings\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-05-29] (Google Inc.)
HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\MountPoints2: {03d84a54-c087-11e3-8f30-00188b2aa4e1} - I:\SISetup.exe
HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\MountPoints2: {6701c142-c3f4-11e0-a31f-00188b2aa4e1} - I:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [Bomgar_Cleanup_ZD21677825509] => cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-scc-51780E82" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD21677825509 /f
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-08-23] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ftrwizard.lnk
ShortcutTarget: ftrwizard.lnk -> C:\Program Files\KineticCloud Backup for PCs\ftrwizard.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\KineticD.lnk
ShortcutTarget: KineticD.lnk -> C:\Program Files\Data Deposit Box\starter.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Starter.lnk
ShortcutTarget: Starter.lnk -> C:\Program Files\KineticCloud Backup for PCs\starter.exe ()
Startup: C:\Users\Marybeth Giddings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marybeth Giddings\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marybeth Giddings\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marybeth Giddings\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marybeth Giddings\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-548281511-1607817122-2940827021-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
HKU\S-1-5-21-548281511-1607817122-2940827021-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-548281511-1607817122-2940827021-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=4xbovIB1 ... zy--QHs?q={searchTerms}
SearchScopes: HKU\S-1-5-21-548281511-1607817122-2940827021-1000 -> {76E9350E-0392-9C19-F83A-99BC015260AF} URL = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-548281511-1607817122-2940827021-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-548281511-1607817122-2940827021-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Custo ... anager.CAB
DPF: {4ED4AAA0-2CEC-4D84-AB72-74E53E092CFD} http://www.freehandmusic.com/update/biblionet.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/dim2/defaul ... der_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2

FireFox:
========
FF ProfilePath: C:\Users\Marybeth Giddings\AppData\Roaming\Mozilla\Firefox\Profiles\rdhb0wkr.default
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Musicnotes.com/Musicnotes Viewer -> C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @Sibelius.com/Scorch Plugin -> C:\Program Files\Musicnotes\npsibelius.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-548281511-1607817122-2940827021-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Marybeth Giddings\AppData\Roaming\Mozilla\Firefox\Profiles\rdhb0wkr.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-06-09]
FF Extension: ReminderFox - C:\Users\Marybeth Giddings\AppData\Roaming\Mozilla\Firefox\Profiles\rdhb0wkr.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae} [2015-01-26]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-05-29]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2014-04-14]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-11-06]

Chrome:
=======
CHR Profile: C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-02]
CHR Extension: (Google Docs) - C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-02]
CHR Extension: (Google Drive) - C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-02]
CHR Extension: (YouTube) - C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-02]
CHR Extension: (Google Search) - C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-02]
CHR Extension: (Avast Online Security) - C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-02]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-02-02]
CHR Extension: (InternetHelper3.7) - C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb [2015-02-02]
CHR Extension: (Google Wallet) - C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-02]
CHR Extension: (Gmail) - C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-02]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-04]
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-05-29]
CHR HKLM\...\Chrome\Extension: [jhbbmmgbnjalccamlaefhepnajfmgopb] - C:\Users\Marybeth Giddings\AppData\Local\CRE\jhbbmmgbnjalccamlaefhepnajfmgopb.crx [2013-11-03]
CHR HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\Chrome\Extension: [jhbbmmgbnjalccamlaefhepnajfmgopb] - C:\Users\Marybeth Giddings\AppData\Local\CRE\jhbbmmgbnjalccamlaefhepnajfmgopb.crx [2013-11-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor7.0; C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [169312 2008-09-16] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-04] (AVAST Software)
S3 FirebirdServerMAGIXInstance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-08-23] (Macrovision Europe Ltd.) [File not signed]
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-23] (Google)
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-11-12] (HP) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-11] (Hewlett-Packard Co.) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [573224 2011-01-26] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Online Backup Control; C:\Program Files\KineticCloud Backup for PCs\svcmgr.exe [1022976 2013-06-24] () [File not signed]
S2 Online Backup RDP Service; C:\Program Files\KineticCloud Backup for PCs\svcmgr.exe [1022976 2013-06-24] () [File not signed]
R2 Online Backup Service; C:\Program Files\KineticCloud Backup for PCs\nts.exe [826192 2013-11-07] ()
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-05-17] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]
S3 SMServer; C:\Windows\system32\snmvtsvc.exe [244736 2011-10-04] (SMServer) [File not signed]
S3 UPnPService; C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [544768 2006-12-14] (Magix AG) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-04] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-08-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-08-04] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-08-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-11-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-08-04] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-08-04] ()
R1 FAMv4; C:\Windows\System32\DRIVERS\FAMv4.sys [134888 2013-04-04] (Acpana Business Systems, Inc)
R3 HPFXBULK; C:\Windows\System32\drivers\hpfxbulk.sys [17432 2007-07-16] (Hewlett Packard)
R3 HPFXFAX; C:\Windows\System32\drivers\hpfxfax.sys [20504 2007-07-16] (Hewlett Packard)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MusCAudio; C:\Windows\System32\drivers\MusCAudio.sys [23608 2011-10-05] (Windows (R) Win 7 DDK provider)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [59388 2010-04-12] (PowerISO Computing, Inc.) [File not signed]
S3 yeddef; System32\Drivers\yeddef.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 09:43 - 2015-02-09 09:44 - 00024458 _____ () C:\Users\Marybeth Giddings\Downloads\FRST.txt
2015-02-09 09:43 - 2015-02-09 09:43 - 01124352 _____ (Farbar) C:\Users\Marybeth Giddings\Downloads\FRST.exe
2015-02-09 09:43 - 2015-02-09 09:43 - 00000000 ____D () C:\FRST
2015-02-09 09:26 - 2015-02-09 09:26 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-OFFICE1-Windows-7-Professional-(32-bit).dat
2015-02-09 09:23 - 2015-02-09 09:36 - 00000000 ____D () C:\AdwCleaner
2015-02-09 09:23 - 2015-02-09 09:23 - 02112512 _____ () C:\Users\Marybeth Giddings\Downloads\adwcleaner_4.110.exe
2015-02-09 09:22 - 2015-02-09 09:22 - 00000000 ____D () C:\RegBackup
2015-02-09 09:21 - 2015-02-09 09:21 - 04803888 _____ () C:\Users\Marybeth Giddings\Downloads\tweaking.com_registry_backup_setup.exe
2015-02-09 09:21 - 2015-02-09 09:21 - 00002141 _____ () C:\Users\Marybeth Giddings\Desktop\Tweaking.com - Registry Backup.lnk
2015-02-09 09:21 - 2015-02-09 09:21 - 00000000 ____D () C:\Users\Marybeth Giddings\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-09 09:21 - 2015-02-09 09:21 - 00000000 ____D () C:\Program Files\Tweaking.com
2015-02-05 10:20 - 2015-02-05 10:20 - 00020051 ____N () C:\Users\Marybeth Giddings\Desktop\dds.txt
2015-02-05 10:20 - 2015-02-05 10:20 - 00012935 ____N () C:\Users\Marybeth Giddings\Desktop\attach.txt
2015-02-05 10:11 - 2015-02-05 10:11 - 00688992 ____R (Swearware) C:\Users\Marybeth Giddings\Desktop\dds.scr
2015-02-03 12:33 - 2015-02-03 12:33 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-02 10:43 - 2015-02-05 23:40 - 00002089 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-02 10:43 - 2015-02-02 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-02 10:42 - 2015-02-02 10:42 - 00880784 ____N (Google Inc.) C:\Users\Marybeth Giddings\Downloads\ChromeSetup(3).exe
2015-02-02 10:41 - 2015-02-02 10:41 - 00880784 ____N (Google Inc.) C:\Users\Marybeth Giddings\Downloads\ChromeSetup(2).exe
2015-01-28 09:15 - 2015-01-28 09:15 - 00880784 ____N (Google Inc.) C:\Users\Marybeth Giddings\Downloads\ChromeSetup(1).exe
2015-01-28 09:09 - 2015-01-28 09:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-27 20:50 - 2015-02-09 09:39 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 20:49 - 2015-01-27 20:49 - 00001020 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-27 20:49 - 2015-01-27 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-27 20:49 - 2015-01-27 20:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-27 20:49 - 2015-01-27 20:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-27 20:49 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-27 20:49 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-27 20:49 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-27 20:47 - 2015-01-27 20:48 - 20447072 ____N (Malwarebytes Corporation ) C:\Users\Marybeth Giddings\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-26 13:36 - 2015-01-26 13:36 - 00000000 _____ () C:\install.rdf
2015-01-26 13:28 - 2015-02-08 13:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-26 13:28 - 2015-01-26 13:28 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-26 13:28 - 2015-01-26 13:28 - 00001065 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-26 13:28 - 2015-01-26 13:28 - 00000000 ____D () C:\ProgramData\Mozilla
2015-01-26 13:27 - 2015-01-26 13:27 - 00243416 ____N () C:\Users\Marybeth Giddings\Downloads\Firefox Setup Stub 35.0.exe
2015-01-21 09:24 - 2015-01-21 09:25 - 28387160 ____N (Stamps.com, Inc. ) C:\Users\Marybeth Giddings\Downloads\stamps.exe
2015-01-15 15:42 - 2015-01-22 09:30 - 00010582 ____N () C:\Users\Marybeth Giddings\Documents\Date Night Sign Up.xlsx
2015-01-13 15:43 - 2014-12-18 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 15:43 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-13 15:43 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 15:43 - 2014-12-11 11:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 15:42 - 2014-12-18 19:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 15:42 - 2014-12-05 21:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-09 09:42 - 2010-08-23 13:29 - 01297801 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 09:38 - 2014-03-06 05:36 - 02842225 _____ () C:\svcmgr.txt
2015-02-09 09:38 - 2013-12-17 19:12 - 00000000 ____D () C:\Program Files\KineticCloud Backup for PCs
2015-02-09 09:38 - 2010-08-24 09:28 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-09 09:37 - 2010-08-24 09:28 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-09 09:37 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-09 09:37 - 2009-07-13 22:39 - 00725862 _____ () C:\Windows\setupact.log
2015-02-09 09:30 - 2009-07-13 22:34 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-09 09:30 - 2009-07-13 22:34 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 15:27 - 2012-01-18 14:55 - 00000000 ____D () C:\Users\Marybeth Giddings\Documents\Outlook Files
2015-02-08 13:10 - 2010-08-23 15:35 - 01875048 _____ () C:\Windows\PFRO.log
2015-02-06 16:07 - 2013-12-17 18:52 - 00000000 ____D () C:\Users\Bookkeepers\Documents\Quickbooks Backup
2015-02-05 11:29 - 2014-07-01 11:36 - 00000000 ____D () C:\ChurchPro
2015-02-02 10:44 - 2010-08-23 12:59 - 00000000 ____D () C:\Users\Marybeth Giddings\AppData\Local\Google
2015-02-02 10:43 - 2010-08-23 12:59 - 00000000 ____D () C:\Program Files\Google
2015-01-29 09:34 - 2009-07-13 22:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-28 09:00 - 2011-06-24 10:30 - 00000000 ____D () C:\Program Files\Coupish
2015-01-28 09:00 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\L2Schemas
2015-01-27 21:52 - 2013-11-06 20:23 - 00000000 ____D () C:\Program Files\InternetHelper3.7
2015-01-27 04:30 - 2013-06-04 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 13:31 - 2010-08-23 11:56 - 00000000 ____D () C:\Users\Marybeth Giddings\AppData\Local\Mozilla
2015-01-26 13:28 - 2010-08-23 11:56 - 00000000 ____D () C:\Users\Marybeth Giddings\AppData\Roaming\Mozilla
2015-01-25 10:41 - 2010-08-23 11:54 - 00786514 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-24 07:21 - 2013-11-06 20:37 - 00002073 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2015-01-24 07:21 - 2013-11-06 20:37 - 00002013 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2015-01-23 11:59 - 2013-04-11 15:10 - 00000036 ____H () C:\Windows\system32\f9t.dat
2015-01-21 09:26 - 2013-04-11 15:12 - 00000000 ____D () C:\Users\Marybeth Giddings\AppData\Roaming\Stamps.com Internet Postage
2015-01-19 15:06 - 2012-04-17 09:08 - 00000000 ____D () C:\scans
2015-01-18 13:15 - 2013-11-30 13:38 - 00425168 _____ () C:\Users\Bookkeepers\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-18 13:15 - 2009-07-13 22:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-12 13:10 - 2013-08-27 08:20 - 00012004 ____N () C:\Users\Marybeth Giddings\Desktop\Loaner Key Log for Outside Entry Door.xlsx

==================== Files in the root of some directories =======

2010-09-02 13:55 - 2010-09-02 13:55 - 0012358 _____ () C:\Users\Marybeth Giddings\AppData\Roaming\PFP120JCM.{PB
2010-09-02 13:55 - 2010-09-02 13:55 - 0061678 _____ () C:\Users\Marybeth Giddings\AppData\Roaming\PFP120JPR.{PB
2011-07-11 08:29 - 2011-07-11 08:29 - 0000000 _____ () C:\Users\Marybeth Giddings\AppData\Local\{1C748DE7-24D6-491D-A956-8BEA21EEF56F}
2010-08-24 09:45 - 2010-08-24 10:07 - 0000350 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Users\Administrator\AppData\Local\Temp\mgxfonts.exe
C:\Users\Administrator\AppData\Local\Temp\qbinstal.dll
C:\Users\Administrator\AppData\Local\Temp\stlport_r50.dll
C:\Users\Administrator\AppData\Local\Temp\_is3091.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\airF765.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\DD20_fdminst.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_0ixbc.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\lowproc.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\mfc80u.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\mgxfonts.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\msvcp80.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\msvcr80.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\Netfx20TestApplication.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\Netfx40TestApplication.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\ose00000.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\owbgrxa3.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\QBInstallTool.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\Quarantine.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\Setup.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\SetupLib.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\setupverifier.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\shareo_3_50.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\ShellOpen.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\sqlite3.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\stubhelper.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\SymcPCCUInstaller.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\tmp5148.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\unwise.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\US_en_Avery_AW40.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\_isD9C8.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-03 00:18

==================== End Of Log ============================
clintonefree
Regular Member
 
Posts: 29
Joined: January 19th, 2015, 1:03 pm

Re: Malware Issues?

Unread postby clintonefree » February 9th, 2015, 11:48 am

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-02-2015
Ran by Office Manager at 2015-02-09 09:45:47
Running from C:\Users\Marybeth Giddings\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 4.1.1 - Hewlett-Packard) Hidden
4Team ShareO (HKLM\...\{DB4EE154-94A8-4BD7-851E-3DA9D3E50FB6}) (Version: 3.61.0836 - 4Team Corporation)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.3.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.3.0 - Adobe Systems Incorporated) Hidden
Add-O-Matic 9 (HKLM\...\{C31B6F46-2EA6-4E21-982A-BBA6F1260361}_is1) (Version: - Graficalicus Web & Graphics Workshop)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.4.7 - Adobe Systems)
Adobe Acrobat 9.4.7 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_947) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 (HKLM\...\PremElem70) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 Templates (HKLM\...\PremElem70Templates) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
AllMusicConverter 4.2.9 (HKLM\...\AllMusicConverter_is1) (Version: 4.2.9 - Ramka Ltd.)
AllMusicConverter Media Suite 4.2.9 (HKLM\...\{191A3E43-34AD-417C-BCA8-8D089AE59D25}_is1) (Version: 4.2.9 - Ramka Ltd.)
Amazon MP3 Downloader 1.0.15 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.15 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{3825F8BD-F784-6FBB-A5CD-857559148007}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Internet Security (HKLM\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avery Wizard 4.0 (HKLM\...\{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}) (Version: 4.0.4 - Avery)
BadCopy Pro (HKLM\...\BadCopy Pro) (Version: - )
Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother P-touch Editor 5.0 (HKLM\...\InstallShield_{DF9A6075-9308-4572-8932-A4316243C4D9}) (Version: 5.0.110 - Brother Industries, Ltd.)
Brother P-touch Editor 5.0 (Version: 5.0.110 - Brother Industries, Ltd.) Hidden
Chord Pickout 1.6 (HKLM\...\Chord Pickout) (Version: 1.6 - ChordPickout.com)
Chromex (HKLM\...\Chromex) (Version: - R-Technics, Inc.)
Chromex (Version: 1.0.0 - R-Technics, Inc.) Hidden
ChurchPro 2014 (HKLM\...\{B6B28051-35F9-400A-9958-9E5379EA156B}) (Version: 5.5.14 - Database Designs)
Color Network ScanGear Ver.2.61 (HKLM\...\{F1658760-1173-4D65-B709-A0591C104AE1}) (Version: 2.61.0000 - CANON INC.)
ComPlay 3.5 - Rev.48 (HKLM\...\InstallShield_{405B1325-3D62-4D4E-86F9-68CD785F9512}) (Version: 3.5.48.037 - HiTech Electronic Displays)
ComPlay 3.5 - Rev.48 (Version: 3.5.48.037 - HiTech Electronic Displays) Hidden
Coupish (HKLM\...\Coupish) (Version: - )
CustomerResearchQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dell Driver Download Manager (HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
DESI Labeling System (HKLM\...\DESI Labeling System) (Version: 3.1.1.0 - DESI Telephone Labels, Inc.)
DESI Labeling System (Version: 3.1.1.0 - DESI Telephone Labels, Inc.) Hidden
DeviceDiscovery (Version: 90.0.146.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DONATION (HKLM\...\DONATION) (Version: 3.31c - Dan Cooperstock)
Dropbox (HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Elite Unzip (HKLM\...\Elite Unzip) (Version: 1.1.7640.260 - Mindspark Interactive Network) <==== ATTENTION
Feedback Tool (HKLM\...\{13A5E785-5197-4EAD-8EE3-D660271E49BC}) (Version: 1.2.0 - Microsoft Corporation)
Feedback Tool (HKLM\...\{90024193-9F13-4877-89D5-A1CDF0CBBF28}) (Version: 1.1.0 - Microsoft Corporation)
Finale SongWriter 2007 (HKLM\...\Finale SongWriter 2007) (Version: 12.0.17 - MakeMusic)
Firebird SQL Server - MAGIX Edition (HKLM\...\Firebird SQL Server US) (Version: 2.0.1.13 - MAGIX AG)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Drive (HKLM\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
H.264 Support for R-Technics Products (HKLM\...\H.264 Support for R-Technics Products) (Version: - R-Technics, Inc.)
H.264 Support for R-Technics Products (Version: 1.0.4 - R-Technics) Hidden
High-Definition Video Playback (Version: 7.1.13400.42.0 - Nero AG) Hidden
HP Customer Participation Program 9.0 (HKLM\...\HPExtendedCapabilities) (Version: 9.0 - HP)
HP LaserJet M2727 MFP Series 5.2 (HKLM\...\{3A915D43-FD4F-4e4f-BEF7-B75C160B0236}) (Version: 5.2 - HP)
HP LaserJet P1000 series (HKLM\...\HP LaserJet P1000 series) (Version: - )
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
HP Update (HKLM\...\{8C6027FD-53DC-446D-BB75-CACD7028A134}) (Version: 4.000.006.002 - Hewlett-Packard)
hppFaxDrvM2727 (Version: 003.100.00001 - Hewlett-Packard) Hidden
hppFaxUtility (Version: 001.001.00017 - Hewlett-Packard) Hidden
hppFonts (Version: 001.001.00056 - Hewlett-Packard) Hidden
hppLaserJetService (Version: 001.200.00001 - Hewlett-Packard) Hidden
hppLJM2727 (Version: 000.102.00101 - Hewlett-Packard) Hidden
hppManualsM2727 (Version: 000.002.00001 - Hewlett-Packard) Hidden
hppMSRedist (Version: 1.00.0000 - Hewlett-Packard) Hidden
hppScanTo (Version: 003.103.00004 - Hewlett-Packard) Hidden
hppSendFaxM2727 (Version: 003.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXM2727 (Version: 001.005.00009 - Hewlett-Packard) Hidden
hppusgM2727 (Version: 000.000.00006 - Hewlett-Packard) Hidden
hppusgP1000 (Version: 1.1.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}) (Version: 2.2.0.0000 - Hewlett Packard Development Company L.P.)
hpzTLBXFX (Version: 005.009.00181 - Hewlett-Packard) Hidden
iClone 2 SE for Magix (HKLM\...\{580EC579-E476-469F-9EBF-F82D696FC67A}) (Version: 2.1 - Reallusion Inc.)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java(TM) 6 Update 23 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.230 - Oracle)
KineticCloud Backup for PCs (remove only) (HKLM\...\KineticCloud Backup for PCs) (Version: "1147" - Acpana)
MAGIX Goya burnR 1.3.1.3 (US) (HKLM\...\MAGIX Goya burnR US) (Version: 1.3.1.3 - MAGIX AG)
MAGIX Movie Edit Pro 14 PLUS 7.5.2.11 (US) (HKLM\...\MAGIX Movie Edit Pro 14 PLUS US) (Version: 7.5.2.11 - MAGIX AG)
MAGIX PC Visit (HKLM\...\MAGIX PC Visit US) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Photo Manager 2007 4.1.1.77 (US) (HKLM\...\MAGIX Photo Manager 2007 US) (Version: 4.1.1.77 - MAGIX AG)
MAGIX Xtreme Photo Designer 6 6.0.24.0 (US) (HKLM\...\MAGIX Xtreme Photo Designer 6 US) (Version: 6.0.24.0 - MAGIX AG)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
MrvlUsgTracking (HKLM\...\{A82D052A-0806-42DF-80CD-1730A1AC0ED3}) (Version: 1.0.7 - Marvell)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mufin MusicFinder Base 1.0.1.240 (UK) (HKLM\...\Mufin MusicFinder Base UK) (Version: 1.0.1.240 - MAGIX AG)
Musicnotes Software Suite 1.5.5 (HKLM\...\Musicnotes Combined Installer_is1) (Version: 1.5.5 - Musicnotes Inc.)
Neat Image v6 Demo (with plug-in) (HKLM\...\Neat Image_is1) (Version: - Neat Image team, ABSoft)
Nero BackItUp 10 (HKLM\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.6.11000.11.100 - Nero AG)
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero CoverDesigner 10 (HKLM\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.2.10700.7.100 - Nero AG)
Nero DiscCopy Gadget 10 (HKLM\...\{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}) (Version: 3.2.10500.7.100 - Nero AG)
Nero DiscSpeed 10 (HKLM\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10300.1.100 - Nero AG)
Nero Express 10 (HKLM\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.11100.12.100 - Nero AG)
Nero InfoTool 10 (HKLM\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.2.10300.5.100 - Nero AG)
Nero MediaHub 10 (HKLM\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.2.12300.27.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.5.10500 - Nero AG)
Nero Recode 10 (HKLM\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.8.10400.3.100 - Nero AG)
Nero RescueAgent 10 (HKLM\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.2.10600.7.100 - Nero AG)
Nero SoundTrax 10 (HKLM\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.8.10200.1.100 - Nero AG)
Nero StartSmart 10 (HKLM\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11100.10.100 - Nero AG)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10400.26.0 - Nero AG)
Nero Vision 10 (HKLM\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.2.14700.9.100 - Nero AG)
Nero WaveEditor 10 (HKLM\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.8.10400.2.100 - Nero AG)
NOOK for PC (HKLM\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
novaPDF Pro v5 for DONATION (novaPDF Professional Desktop 5.5 (HKLM\...\novaPDF Pro v5 for DONATION_is1) (Version: - Softland)
novaPDF Pro v7 for DONATION (novaPDF 7.1 printer) (HKLM\...\novaPDF Pro v7 for DONATION_is1) (Version: - Softland)
Online Backup (HKLM\...\Online Backup) (Version: - Online Backup)
Paradox Runtime (HKLM\...\{C2658D01-DC92-43AB-AD6B-04852B89F3A6}) (Version: 11.00.0000 - Corel Corporation)
PhotoshopdotcomInspirationBrowser (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
Plus! Image (HKLM\...\Plus! Image) (Version: 1.0.1.104 - Yuna Software)
PowerISO (HKLM\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
Product_Min_QFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
ProModule: Christmas Shapes (HKLM\...\ProModule: Christmas Shapes) (Version: - )
ProModule: Flash Support (HKLM\...\ProModule: Flash Support) (Version: - )
ProModule: Timers (HKLM\...\ProModule: Timers) (Version: - )
ProModule: Video Chain (HKLM\...\ProModule: Video Chain) (Version: - )
QuickBooks (Version: 21.0.4013.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4013.904 - Intuit Inc.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Search Toolbar (HKLM\...\Search Toolbar) (Version: 1.2 - Zugo Ltd) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sheet Music Plus Digital Print (HKLM\...\com.sheetmusicplus.DigitalAirPrint) (Version: v2011.09.19 - Sheet Music Plus, LLC)
Sheet Music Plus Digital Print (Version: 255.09.19 - Sheet Music Plus, LLC) Hidden
SmartSound Quicktracks for Premiere Elements (HKLM\...\InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements (Version: 3.11.3090 - SmartSound Software Inc) Hidden
Solero Music Viewer 8.0.32.2 (HKLM\...\Solero Music Viewer_is1) (Version: 8.0.32.2 - FreeHand Music, Inc.)
SongShow Plus (HKLM\...\SongShow Plus) (Version: - )
Stamps.com (HKLM\...\Stamps.com) (Version: - Stamps.com, Inc.)
Stamps.com (Version: 10.0.2.2413 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Microsoft Outlook 97-2010 (Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Outlook 2000-2010 (Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com support for Microsoft Outlook 2000-2010 (HKLM\...\Stamps.com support for Microsoft Outlook 2000-2010) (Version: - Stamps.com, Inc.)
Stamps.com support for Microsoft Outlook 97-2010 (HKLM\...\Stamps.com support for Microsoft Outlook 97-2010) (Version: - Stamps.com, Inc.)
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 2.1.0 - Tweaking.com)
ViewSonic Monitor Drivers (HKLM\...\{B4FEA924-630D-11D4-B78E-005004566E4D}) (Version: - )
Volume Activation Management Tool 2.0 (HKLM\...\{EE010C18-9A1A-4F0E-B46E-884CA113232E}) (Version: 2.0.67.0 - Microsoft Corporation)
WebReg (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Windows 7 Hotfix (HKLM\...\{F21E722A-DBFF-4F5B-AEF7-99938CED6CEE}_is1) (Version: - )
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WordPerfect Office 12 (HKLM\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.01 - Corel Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Marybeth Giddings\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{0207CA76-8233-4478-9A40-607AC304C435}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.25.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{20CD605E-CE94-4725-8BA1-BA57084C24F3}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{2B35F2CB-32B9-4C59-B029-6C50D98FDBFD}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{2BB2DE4F-FCDF-46F2-9723-5B1959E1BDE0}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{31B9CCFA-99E1-4409-BDB5-2BD75D24473C}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{32EEC571-07C1-4012-A85F-09195E30A09D}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{3E1A2BBD-5707-4646-B268-518B997DC94D}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{45C8F3CF-B221-4011-BBBF-CAA04571CD91}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{513EC6BF-260D-4CC1-8100-BC5284670814}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{56801E0A-5C58-4A04-82D5-4B4CCB8DFEA1}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{58DCE0A2-71E1-4F44-8393-783C226B5230}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Conduit\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{738CD606-129D-45db-86D6-6C9739C750CA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2009\qbw32.exe No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{79E8FD71-F54B-42d4-A4F5-E7565DB58441}\localserver32 -> "C:\Program Files\kikin\KikinBroker.exe" No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{7A13D097-41B4-463D-92DC-0CF7E8E13B3A}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{7ad3508e-238c-584c-9c26-b0d3417ae12f}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{8e2479de-6096-41f3-90ab-83be9946aa2d}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\prxtbInt2.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{8EE144A8-D539-47BF-BAF5-4E9A377F1EFB}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.24.15\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{95775FC2-FFFA-4432-A4BC-352AB1A84581}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{990D9B6F-6621-11D9-AD6A-000C29B1E318}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Roaming\Avery\Avery Wizard 4.0\AveryOAd.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{A08B2973-D555-4991-A89E-14369CD58206}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{B052E68E-A114-4480-B416-C8E617D346A9}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\prxtbInt2.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{BE892433-7479-4231-AB95-A313BDA3D409}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{BF2720C9-A743-4329-9D5C-2885F0018667}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{C2A3EED8-FA0A-467F-AEF9-5E32171DD333}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D0E9EEAE-9AC7-4204-BA07-B72DD6077E82}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Roaming\Avery\Avery Wizard 4.0\AvWizRes.dll (Avery Dennison Corporation. Envel Informationssysteme GmbH.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D14FD6B3-6A9F-4537-9460-07B836707127}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D2776BCC-5F09-4068-B4E2-7EE1202F95CF}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Roaming\Avery\Avery Wizard 4.0\EnvBCode.ocx (Envel Informationssysteme GmbH)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D34D552F-28A5-474D-B476-D05B9AE5795A}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D4A12AAF-E15E-470B-A6B6-63032186F91F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D5F4FB3E-E57F-4381-8A3B-5F082F71F3D4}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D9B9C060-0954-11D3-9E07-00104BD2BE34}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSource.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D9BC6F81-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D9BC6F84-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D9BC6F87-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\cominifile.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D9BC6FB2-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\StorageClasses.dll (Intuit, Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{DCB2B478-EFF6-48F6-B718-13E98876854E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{DFD0AF10-B86C-4AF3-B609-1348D513E565}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{E1A173E1-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{E1A173E3-D957-4C3E-A098-43756A3DB454}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{E5C1D2A5-B95D-47C6-9812-448FCD25FDDF}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{EADA914E-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{EAEF733D-5B08-4E85-8440-5A087504DF87}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{EBCA1F91-756E-415C-89D2-3837977BD857}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{F2C593CC-74B2-4F71-8556-DD4D426D0409}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{F7EC825C-BAB6-4935-B7EE-5FFEFAC788E9}\InprocServer32 -> C:\Windows\system32\mom.dll (4Team Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{FAC93D42-FFC2-11d1-9DEB-0008C7A08EBA}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{FB17915F-06D1-4214-A902-CC5EE05186E9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\Windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-548281511-1607817122-2940827021-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Marybeth Giddings\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

23-01-2015 12:11:01 Windows Update
24-01-2015 07:19:11 avast! antivirus system restore point
25-01-2015 08:19:41 Removed Avery Toolbar.
27-01-2015 10:21:22 Windows Update
28-01-2015 09:05:25 Windows Update
03-02-2015 07:43:57 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:04 - 2009-06-10 15:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {32B6B196-9683-4CD0-A42A-0314BDBAAAB6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-04] (AVAST Software)
Task: {3300D127-E805-4FD8-BC7F-B56BCAA5A8AB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-548281511-1607817122-2940827021-1005 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {3665CEB4-E1B9-4E5D-AD35-689D979B0A5D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-548281511-1607817122-2940827021-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {378BA88D-F97A-42CB-BB1D-056D00449BFE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-548281511-1607817122-2940827021-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {38B34A28-339F-47CA-908A-17F257CF426E} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-548281511-1607817122-2940827021-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {49F6727D-599A-42B2-9C06-56CE698FDFF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {50A753DA-CD2C-4918-A862-20DFDC535A41} - System32\Tasks\{517C087D-7329-4F67-8AA7-8AE47931A661} => pcalua.exe -a D:\Setup.exe
Task: {5644AB04-852F-4FF2-8BD0-1C4AA590F162} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-548281511-1607817122-2940827021-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe
Task: {5B8C8C99-6F5D-4484-9D41-B72A6BB233F1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6D5966C8-2387-4D20-89C4-CD99E5F60A45} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-548281511-1607817122-2940827021-1005 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {75816465-76EF-4C3B-83CC-5E4EABEE0E1D} - System32\Tasks\{4F625F93-5A47-4F2A-96E7-97830EE82739} => pcalua.exe -a D:\setup_assist.exe -d D:\
Task: {9853864D-9ED9-4700-B25E-E660B1FE40B6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-548281511-1607817122-2940827021-500 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {C635463D-D460-43F1-96FE-91692C75A35F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {CE697413-B40C-43D4-B550-384DE0797622} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DC3C2EB8-FDCE-49A2-97CF-646C6CC9E245} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E9598028-DC1A-4509-A138-CB9EFAFD7663} - System32\Tasks\{5B2E66E0-0130-412C-8AA0-A23445388480} => pcalua.exe -a I:\SspComplete.2011-04-27.exe -d I:\
Task: {F8603A6E-93CE-45E1-9D85-A65CE14BC8A8} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-548281511-1607817122-2940827021-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-08-04 15:41 - 2014-08-04 15:41 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-02-09 09:25 - 2015-02-09 09:25 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020900\algo.dll
2014-04-14 12:41 - 2012-08-21 15:06 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2014-04-14 12:41 - 2012-08-21 15:06 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-06-24 13:10 - 2013-06-24 13:10 - 01022976 _____ () C:\Program Files\KineticCloud Backup for PCs\svcmgr.exe
2013-11-07 13:57 - 2013-11-07 13:57 - 00826192 _____ () C:\Program Files\KineticCloud Backup for PCs\nts.exe
2013-11-07 13:57 - 2013-11-07 13:57 - 00485712 _____ () C:\Program Files\KineticCloud Backup for PCs\CrashRpt32.dll
2013-11-07 13:57 - 2013-11-07 13:57 - 01620816 _____ () C:\Program Files\KineticCloud Backup for PCs\control.exe
2013-11-07 13:57 - 2013-11-07 13:57 - 01816400 _____ () C:\Program Files\KineticCloud Backup for PCs\backup.exe
2013-11-07 13:57 - 2013-11-07 13:57 - 00557904 _____ () C:\Program Files\KineticCloud Backup for PCs\en-ca.dll
2014-08-04 15:41 - 2014-08-04 15:41 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-05-17 17:16 - 2013-05-17 17:16 - 00269128 ____N () C:\Program Files\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2013-05-17 17:16 - 2013-05-17 17:16 - 00021320 ____N () C:\Program Files\Intuit\QuickBooks 2011\QBCompressor.dll
2005-07-19 22:18 - 2005-07-19 22:18 - 00059904 ____N () C:\Program Files\Intuit\QuickBooks 2011\zlib1.dll
2013-05-17 17:16 - 2013-05-17 17:16 - 00348488 ____N () C:\Program Files\Intuit\QuickBooks 2011\BackupLib.dll
2013-05-17 17:16 - 2013-05-17 17:16 - 00126792 ____N () C:\Program Files\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2013-05-17 17:16 - 2013-05-17 17:16 - 00176968 ____N () C:\Program Files\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2013-05-17 17:16 - 2013-05-17 17:16 - 00042824 ____N () C:\Program Files\Intuit\QuickBooks 2011\mbpopup.dll
2013-11-07 13:57 - 2013-11-07 13:57 - 00850256 _____ () C:\Program Files\KineticCloud Backup for PCs\starter.exe
2013-11-07 13:57 - 2013-11-07 13:57 - 06741328 _____ () C:\Program Files\KineticCloud Backup for PCs\status.exe
2015-02-05 23:40 - 2015-02-04 03:02 - 01117512 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libglesv2.dll
2015-02-05 23:40 - 2015-02-04 03:02 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\libegl.dll
2015-02-05 23:40 - 2015-02-04 03:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-548281511-1607817122-2940827021-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marybeth Giddings\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Billeo.lnk => C:\Windows\pss\Billeo.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Intuit Data Protect.lnk => C:\Windows\pss\Intuit Data Protect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Marybeth Giddings^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: HP LaserJet M2727 MFP Series Fax => C:\Program Files\HP\hp LaserJet M2727\hppfaxprintersrv.exe "HP LaserJet M2727 MFP Series Fax"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPUsageTracking => C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\"
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
MSCONFIG\startupreg: NBAgent => "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
MSCONFIG\startupreg: ToolBoxFX => "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

==================== Accounts: =============================

Administrator (S-1-5-21-548281511-1607817122-2940827021-500 - Administrator - Enabled) => C:\Users\Administrator
Assistant (S-1-5-21-548281511-1607817122-2940827021-1005 - Administrator - Enabled) => C:\Users\Beth Lohse
Bookkeepers (S-1-5-21-548281511-1607817122-2940827021-1031 - Administrator - Enabled) => C:\Users\Bookkeepers
canon (S-1-5-21-548281511-1607817122-2940827021-1007 - Administrator - Enabled) => C:\Users\canon
Guest (S-1-5-21-548281511-1607817122-2940827021-501 - Limited - Enabled) => C:\Users\Guest
Jeff Horch (S-1-5-21-548281511-1607817122-2940827021-1006 - Administrator - Enabled)
Office Manager (S-1-5-21-548281511-1607817122-2940827021-1000 - Administrator - Enabled) => C:\Users\Marybeth Giddings
Scanner (S-1-5-21-548281511-1607817122-2940827021-1032 - Administrator - Enabled) => C:\Users\Scanner
Support (S-1-5-21-548281511-1607817122-2940827021-1029 - Administrator - Enabled) => C:\Users\Support

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/09/2015 09:39:49 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/09/2015 09:39:49 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/09/2015 09:39:49 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/09/2015 09:15:00 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/09/2015 09:15:00 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/09/2015 09:15:00 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/09/2015 01:03:45 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "NFD,type="win32",version="5.2.0.0"1".Error in manifest or policy file "NFD,type="win32",version="5.2.0.0"2" on line NFD,type="win32",version="5.2.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is NFD,type="win32",version="5.2.0.0".
Definition is NFD,type="win32",version="5.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/08/2015 01:14:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/08/2015 01:14:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (02/08/2015 01:14:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (02/09/2015 09:39:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (02/09/2015 09:39:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/09/2015 09:37:03 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (02/09/2015 09:36:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (02/09/2015 09:36:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/09/2015 09:36:33 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/09/2015 09:36:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/09/2015 09:36:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly. It has done this 1 time(s).

Error: (02/09/2015 09:36:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BBUpdate service terminated unexpectedly. It has done this 1 time(s).

Error: (02/09/2015 09:36:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Nero Update service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (02/09/2015 09:39:49 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (02/09/2015 09:39:49 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (02/09/2015 09:39:49 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (02/09/2015 09:15:00 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (02/09/2015 09:15:00 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (02/09/2015 09:15:00 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (02/09/2015 01:03:45 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: NFD,type="win32",version="5.2.0.0"NFD,type="win32",version="5.0.0.0"C:\Program Files\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.ManifestC:\Program Files\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST3

Error: (02/08/2015 01:14:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (02/08/2015 01:14:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (02/08/2015 01:14:27 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz
Percentage of memory in use: 44%
Total physical RAM: 3325.61 MB
Available physical RAM: 1846.98 MB
Total Pagefile: 6649.52 MB
Available Pagefile: 4555.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1893.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:198.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive k: (FreeAgent Drive) (Fixed) (Total:931.51 GB) (Free:492.49 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8BAF8BAF)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: EA2CB317)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================
clintonefree
Regular Member
 
Posts: 29
Joined: January 19th, 2015, 1:03 pm

Re: Malware Issues?

Unread postby Cypher » February 9th, 2015, 12:26 pm

Hi,
There are a few things in your logs that need to be removed but nothing of real concern.
Lets deal with those now, then i need you to run another scan for me.

Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Coupish
Coupon Printer for Windows <<< Remove if you don't use
Elite Unzip <<< Remove if you don't use
Search Toolbar


Next.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: select all
    • (Click the select all button next to code to select the entire script).
    Code: Select all
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [NWEReboot] => [X]
    HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
    HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\MountPoints2: {03d84a54-c087-11e3-8f30-00188b2aa4e1} - I:\SISetup.exe
    HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\MountPoints2: {6701c142-c3f4-11e0-a31f-00188b2aa4e1} - I:\LaunchU3.exe -a
    ShortcutTarget: KineticD.lnk -> C:\Program Files\Data Deposit Box\starter.exe (No File)
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
    Toolbar: HKU\S-1-5-21-548281511-1607817122-2940827021-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
    FF Plugin HKU\S-1-5-21-548281511-1607817122-2940827021-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
    2015-01-28 09:00 - 2011-06-24 10:30 - 00000000 ____D () C:\Program Files\Coupish
    C:\Users\Administrator\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
    C:\Users\Administrator\AppData\Local\Temp\mgxfonts.exe
    C:\Users\Administrator\AppData\Local\Temp\qbinstal.dll
    C:\Users\Administrator\AppData\Local\Temp\stlport_r50.dll
    C:\Users\Administrator\AppData\Local\Temp\_is3091.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\airF765.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\DD20_fdminst.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_0ixbc.dll
    C:\Users\Marybeth Giddings\AppData\Local\Temp\lowproc.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\mfc80u.dll
    C:\Users\Marybeth Giddings\AppData\Local\Temp\mgxfonts.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\msvcp80.dll
    C:\Users\Marybeth Giddings\AppData\Local\Temp\msvcr80.dll
    C:\Users\Marybeth Giddings\AppData\Local\Temp\Netfx20TestApplication.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\Netfx40TestApplication.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\ose00000.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\owbgrxa3.dll
    C:\Users\Marybeth Giddings\AppData\Local\Temp\QBInstallTool.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\Quarantine.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\SecurityScan_Release.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\Setup.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\SetupLib.dll
    C:\Users\Marybeth Giddings\AppData\Local\Temp\setupverifier.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\shareo_3_50.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\ShellOpen.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\sqlite3.dll
    C:\Users\Marybeth Giddings\AppData\Local\Temp\stubhelper.dll
    C:\Users\Marybeth Giddings\AppData\Local\Temp\SymcPCCUInstaller.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\tmp5148.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\unwise.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\US_en_Avery_AW40.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\wmpfirefoxplugin.exe
    C:\Users\Marybeth Giddings\AppData\Local\Temp\_isD9C8.exe
    AlternateDataStreams: C:\Windows:nlsPreferences
    
    EmptyTemp:
    CMD: ipconfig /flushdns
    
  • Save it next to FRST.exe to your Downloads folder as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • FRST Fixlog.txt.
  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware Issues?

Unread postby Cypher » February 12th, 2015, 6:53 am

Hi,
Do you still need help?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware Issues?

Unread postby clintonefree » February 12th, 2015, 11:14 am

Yes, I am working on it today! I will have the logs for you in the next few hours!
clintonefree
Regular Member
 
Posts: 29
Joined: January 19th, 2015, 1:03 pm

Re: Malware Issues?

Unread postby Cypher » February 12th, 2015, 11:52 am

Ok, thanks for letting me know.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware Issues?

Unread postby clintonefree » February 12th, 2015, 1:24 pm

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-02-2015 02
Ran by Office Manager at 2015-02-12 11:07:08 Run:1
Running from C:\Users\Marybeth Giddings\Downloads
Loaded Profiles: Office Manager (Available profiles: Office Manager & Assistant & canon & Support & Bookkeepers & Scanner & Administrator & Guest)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NWEReboot] => [X]
HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\MountPoints2: I - I:\LaunchU3.exe -a
HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\MountPoints2: {03d84a54-c087-11e3-8f30-00188b2aa4e1} - I:\SISetup.exe
HKU\S-1-5-21-548281511-1607817122-2940827021-1000\...\MountPoints2: {6701c142-c3f4-11e0-a31f-00188b2aa4e1} - I:\LaunchU3.exe -a
ShortcutTarget: KineticD.lnk -> C:\Program Files\Data Deposit Box\starter.exe (No File)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
Toolbar: HKU\S-1-5-21-548281511-1607817122-2940827021-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File
FF Plugin HKU\S-1-5-21-548281511-1607817122-2940827021-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll No File
2015-01-28 09:00 - 2011-06-24 10:30 - 00000000 ____D () C:\Program Files\Coupish
C:\Users\Administrator\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll
C:\Users\Administrator\AppData\Local\Temp\mgxfonts.exe
C:\Users\Administrator\AppData\Local\Temp\qbinstal.dll
C:\Users\Administrator\AppData\Local\Temp\stlport_r50.dll
C:\Users\Administrator\AppData\Local\Temp\_is3091.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\airF765.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\DD20_fdminst.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_0ixbc.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\lowproc.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\mfc80u.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\mgxfonts.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\msvcp80.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\msvcr80.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\Netfx20TestApplication.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\Netfx40TestApplication.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\ose00000.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\owbgrxa3.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\QBInstallTool.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\Quarantine.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\Setup.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\SetupLib.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\setupverifier.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\shareo_3_50.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\ShellOpen.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\sqlite3.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\stubhelper.dll
C:\Users\Marybeth Giddings\AppData\Local\Temp\SymcPCCUInstaller.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\tmp5148.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\unwise.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\US_en_Avery_AW40.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\wmpfirefoxplugin.exe
C:\Users\Marybeth Giddings\AppData\Local\Temp\_isD9C8.exe
AlternateDataStreams: C:\Windows:nlsPreferences

EmptyTemp:
CMD: ipconfig /flushdns
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot => value deleted successfully.
"HKU\S-1-5-21-548281511-1607817122-2940827021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I" => Key deleted successfully.
"HKU\S-1-5-21-548281511-1607817122-2940827021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03d84a54-c087-11e3-8f30-00188b2aa4e1}" => Key deleted successfully.
HKCR\CLSID\{03d84a54-c087-11e3-8f30-00188b2aa4e1} => Key not found.
"HKU\S-1-5-21-548281511-1607817122-2940827021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6701c142-c3f4-11e0-a31f-00188b2aa4e1}" => Key deleted successfully.
HKCR\CLSID\{6701c142-c3f4-11e0-a31f-00188b2aa4e1} => Key not found.
C:\Program Files\Data Deposit Box\starter.exe not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key deleted successfully.
HKU\S-1-5-21-548281511-1607817122-2940827021-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
"HKU\S-1-5-21-548281511-1607817122-2940827021-1000\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin" => Key deleted successfully.
C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll not found.
C:\Program Files\Coupish => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\Intuit.Spc.Map.EntitlementClient.Install.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\mgxfonts.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\qbinstal.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\stlport_r50.dll => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\_is3091.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\airF765.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\DD20_fdminst.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_0ixbc.dll => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\lowproc.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\mfc80u.dll => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\mgxfonts.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\msvcp80.dll => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\msvcr80.dll => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\Netfx20TestApplication.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\Netfx40TestApplication.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\owbgrxa3.dll => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\QBInstallTool.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\SecurityScan_Release.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\Setup.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\SetupLib.dll => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\setupverifier.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\shareo_3_50.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\ShellOpen.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\stubhelper.dll => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\SymcPCCUInstaller.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\tmp5148.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\unwise.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\US_en_Avery_AW40.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\wmpfirefoxplugin.exe => Moved successfully.
C:\Users\Marybeth Giddings\AppData\Local\Temp\_isD9C8.exe => Moved successfully.
C:\Windows => ":nlsPreferences" ADS removed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 7.6 GB temporary data.


The system needed a reboot.

==== End of Fixlog 11:17:25 ====
clintonefree
Regular Member
 
Posts: 29
Joined: January 19th, 2015, 1:03 pm

Re: Malware Issues?

Unread postby Cypher » February 12th, 2015, 2:20 pm

Hi,
I'm still waiting on the ESET log, post it in your next reply please.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware Issues?

Unread postby clintonefree » February 12th, 2015, 4:56 pm

The ESET scan is taking a very very long time. I may have to let it run overnight. It's been running for 4 hours and its not even half way done.
clintonefree
Regular Member
 
Posts: 29
Joined: January 19th, 2015, 1:03 pm

Re: Malware Issues?

Unread postby Cypher » February 13th, 2015, 6:53 am

Hi,
If you're still having problems with the ESET scan, stop it and try this scan in it's place.

Run Microsoft Safety Scanner

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to Microsoft Safety Scanner
  • Click Download Now
  • When asked to Run or Save, choose Run. (Unless it's to be run on a different PC)
  • OK the User Account Permission or the query "Do you want to run this software".
  • If you get a message saying "running this type of program could harm your computer" or similar, just ignore it and tell it to Run anyway.
  • Click the box to Accept the license agreement. Click Next.
  • Click Next to run the Scan.
  • Click the Quick Scan button. (... also Full Scan option)
  • Click Next
  • (If it finds nothing, it will just Exit. It still does create a report file.)
  • If it has found anything, check the box titled "Help Remove potentially unwanted software"
  • Click Next.
  • (The Dialog label will become "Cleaning your computer"). It may take a while.
  • After this operation completes, click Finish.
  • When removals are complete, it will report through a link, "View detailed results of the scan"
  • Clicking the link will popup a report in Notepad.
  • Please post the contents of the file in a reply.
  • The report file is also saved here: C:\Windows\debug\msert.log
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware Issues?

Unread postby clintonefree » February 13th, 2015, 9:35 am

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=27ee4ea5ca5e4d48abe7f0b790a94011
# engine=22440
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-02-13 01:26:12
# local_time=2015-02-13 07:26:12 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 90 810331 39124183 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 175378763 0 0
# scanned=588786
# found=64
# cleaned=0
# scan_time=71606
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir"
sh=6EB44109BA3308DB3C5E22454A083F52A69450A7 ft=1 fh=d2e08c0d90583dc7 vn="a variant of Win32/Toolbar.Conduit.AM potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\CT3315828\plugins\TBVerifier.dll.vir"
sh=0C4FD6AD5BC49DE7346FD8AF1C8C482A4B879609 ft=1 fh=e636ba641a7de041 vn="a variant of Win32/Toolbar.MyWebSearch.AO potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\EliteUnzip\NativeMessagingDispatcher.dll.vir"
sh=DF7577D846C56BF42C03EEECB91D87DCE679C5F0 ft=1 fh=a34ae33b84fa901e vn="a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\EliteUnzip\Verify.dll.vir"
sh=ED1A5E762C2C8A6CFBBF9303EF5B18F6B49FCE2D ft=1 fh=3611663daeddde00 vn="Win32/Toolbar.Zugo potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Search Toolbar\SearchToolbarUpdater.exe.vir"
sh=314F703F0F190BF70F0386509C10998D4E2BD10B ft=1 fh=2f9f46df1834d950 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marybeth Giddings\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir"
sh=D3CBDD7C6ED2C9D81DA4FCF9AF57CDD5D3711ED3 ft=1 fh=86dbe26399c3d0fa vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marybeth Giddings\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.2.dll.vir"
sh=C2C35F77505CB8FF70FC312C44E070DBD5834942 ft=1 fh=bf83ea32284cf26c vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Marybeth Giddings\AppData\Local\NativeMessaging\CT3315828\1_0_0_2\TBMessagingHost.exe.vir"
sh=ECAAC2B22C5DF388FA3847749C931AEF458384B8 ft=1 fh=2876dfec7d92aded vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Program Files\InternetHelper3.7\hk64tbInte.dll"
sh=C325F9A28C049D03E23060686A70B398531CDB05 ft=1 fh=742ed93f69aeb6e1 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Program Files\InternetHelper3.7\hktbInte.dll"
sh=EFB534D515903744B9755391A417051902C16DE2 ft=1 fh=e331f9a91891a78b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Program Files\InternetHelper3.7\ldrtbInte.dll"
sh=1CAAAB0EDE5FDF753F0DFBA5B395A2840CD0A76C ft=1 fh=ed0fde6c6c7e3f9e vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Program Files\InternetHelper3.7\prxtbInte.dll"
sh=19C0679FA65F480C9A0BC5C43396D2ADEC8BCAF9 ft=1 fh=bca908a16a338e6a vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Program Files\InternetHelper3.7\tbInte.dll"
sh=5FB95D21BE8CF2753FD8A42398ADD26E2B21409F ft=1 fh=0f2c5f177050d203 vn="a variant of Win32/Toolbar.Conduit.AJ potentially unwanted application" ac=I fn="C:\Program Files\InternetHelper3.7\UninstallerUI.exe"
sh=C2C35F77505CB8FF70FC312C44E070DBD5834942 ft=1 fh=bf83ea32284cf26c vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb\10.22.0.88_0\nativeMessaging\TBMessagingHost.exe"
sh=050742ABE364EBDCB4E46869E57DF3157B4F6976 ft=1 fh=715f78b7f0bf2e14 vn="a variant of Win32/Toolbar.Conduit.AL potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb\10.22.0.88_0\plugins\ConduitChromeApiPlugin.dll"
sh=6EB44109BA3308DB3C5E22454A083F52A69450A7 ft=1 fh=d2e08c0d90583dc7 vn="a variant of Win32/Toolbar.Conduit.AM potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb\10.22.0.88_0\plugins\TBVerifier.dll"
sh=60A882DFB633B1179EC55F395F1862192BABE03A ft=1 fh=feb8b77c43644f53 vn="a variant of Win32/Toolbar.Conduit.AA potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb\10.22.0.88_0\TBHostSupport\TBHostSupport.dll"
sh=E6780335051AD88C6DD7DB7F7412071BAF123437 ft=1 fh=0b4249c09231db7e vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Administrator\AppData\LocalLow\AskToolbar\setup.exe"
sh=5D6C54D56BE446ADD102FA60C2A0FFB104628917 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AA potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\Local\CRE\jhbbmmgbnjalccamlaefhepnajfmgopb.crx"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb\10.31.4.510_0\APISupport\APISupport.dll"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb\10.31.4.510_0\plugins\ChromeApiPlugin.dll"
sh=068A54F966DB6AC14BCA0E39E2A99E3F0027304D ft=1 fh=39f7a16b0423d981 vn="Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\hk64tbInt0.dll"
sh=37FDC039C02562267559D42D94DDB64B692FD091 ft=1 fh=7aeecd1bb81f6a22 vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\hk64tbInt2.dll"
sh=ECAAC2B22C5DF388FA3847749C931AEF458384B8 ft=1 fh=2876dfec7d92aded vn="a variant of Win64/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\hk64tbInte.dll"
sh=CC6AF3A384A61C1C621BA5AB43583E82FF281530 ft=1 fh=bbbd034bf7d0bf76 vn="Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\hktbInt0.dll"
sh=A6D053127826CDA8DD8FCDBB4E81F63000910624 ft=1 fh=e8f05c501331b563 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\hktbInt2.dll"
sh=C325F9A28C049D03E23060686A70B398531CDB05 ft=1 fh=742ed93f69aeb6e1 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\hktbInte.dll"
sh=9B3B44428CC80CC43F085AE514E7E16F7963EACC ft=1 fh=4c03fc1250fa29f9 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\ldrtbInt0.dll"
sh=EFB534D515903744B9755391A417051902C16DE2 ft=1 fh=e331f9a91891a78b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\ldrtbInte.dll"
sh=33457E2F2405727124C107D6DEAF24C94E992463 ft=1 fh=e719e166edfd7994 vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\tbInt0.dll"
sh=594E0844207ADD0DBD163E1AFB7696BAA25CB961 ft=1 fh=b78030dcfe359240 vn="a variant of Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\tbInt1.dll"
sh=7148AC44C7FE0CB8D30A12ACB28171AE1F609C20 ft=1 fh=779162af1796b620 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\tbInt2.dll"
sh=19C0679FA65F480C9A0BC5C43396D2ADEC8BCAF9 ft=1 fh=bca908a16a338e6a vn="a variant of Win32/Toolbar.Conduit.X potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\AppData\LocalLow\InternetHelper3.7\tbInte.dll"
sh=CB8076149C5C7DC237B5E0739CFCF20BD7D444B8 ft=1 fh=6ecc0541769ff743 vn="a variant of Win32/PSWTool.ophCrack.A potentially unsafe application" ac=I fn="C:\Users\Marybeth Giddings\Documents\1Data Files\Administrative\Computers\ophcrack-win32-installer-3.3.1.exe"
sh=CB8076149C5C7DC237B5E0739CFCF20BD7D444B8 ft=1 fh=6ecc0541769ff743 vn="a variant of Win32/PSWTool.ophCrack.A potentially unsafe application" ac=I fn="C:\Users\Marybeth Giddings\Documents\1Data Files\Boards\Administrative\Computers\ophcrack-win32-installer-3.3.1.exe"
sh=D9C059251C907EB7E62AD63CBF2D3F36CB179DD4 ft=1 fh=62973afbbb066fe5 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Marybeth Giddings\Documents\My Downloads\MusicnotesSuite.exe"
sh=A03F4B4A5027B058853AEF66FBC92C8148EEE24E ft=1 fh=250619b71ee3e55e vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\Documents\My Downloads\Setup_FreeBurnerN.exe"
sh=F9093BD0EB403D9F60659EEB6183661E767F2817 ft=1 fh=7626711425c6c880 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\Documents\My Downloads\Downloaded Software\inkscape_8706.exe"
sh=B07B438138ADED0A51FB4B8F7B784781ECF8C553 ft=1 fh=b38d2a8c20220609 vn="a variant of Win32/PerfectUninstaller potentially unsafe application" ac=I fn="C:\Users\Marybeth Giddings\Documents\My Downloads\Downloaded Software\PerfectUninstaller_Setup.exe"
sh=52058C1A454FD03F5D51AF0C1B33A117E86B7249 ft=1 fh=f4022efa87398807 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Marybeth Giddings\Downloads\Avery Wizard 4.0.0.exe"
sh=62A86CD4D2E6D7036A3F0668573256201895BB25 ft=1 fh=30327566865d9561 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Marybeth Giddings\Downloads\DPSetup.exe"
sh=6EACEE65A761C86B73CF9F10D82432CABF7AF1D3 ft=1 fh=d76bdb0f5005d248 vn="a variant of Win32/InstallCore.A potentially unwanted application" ac=I fn="C:\Users\Marybeth Giddings\Downloads\ImageViewerSetup.exe"
sh=7BA0417F300D6145016FBCE1D27D29B14E0D3C6F ft=1 fh=63694f5405a444f5 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\Marybeth Giddings\Downloads\musicnotesSuite.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Marybeth Giddings\Downloads\OffercastInstaller_AVR_U-0087-01-P_ (1).exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Marybeth Giddings\Downloads\OffercastInstaller_AVR_U-0087-01-P_ (2).exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Marybeth Giddings\Downloads\OffercastInstaller_AVR_U-0087-01-P_.exe"
sh=2B9A1340BEC2FE2694C333ACD77F0E12EF9550D1 ft=1 fh=fcbeb3ad261a92d1 vn="a variant of Win32/Conduit.SearchProtect.P potentially unwanted application" ac=I fn="C:\Users\Support\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb\10.31.4.510_0\APISupport\APISupport.dll"
sh=675526C1B3CB27C6635233B62EDB8ECEEBFE1556 ft=1 fh=8382eeac10eb278f vn="a variant of Win32/Toolbar.Conduit.AH potentially unwanted application" ac=I fn="C:\Users\Support\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb\10.31.4.510_0\nativeMessaging\TBMessagingHost.exe"
sh=C0114483C9E2C1271B0D594AB6A6BF1E4F383D63 ft=1 fh=e2607344a0894545 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\Users\Support\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhbbmmgbnjalccamlaefhepnajfmgopb\10.31.4.510_0\plugins\ChromeApiPlugin.dll"
sh=1ACD57DE4685CB7A57E2279B8E94646F9C76C953 ft=1 fh=250619b74f0ea6e6 vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\Marybeth Giddings\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000326"
sh=CB8076149C5C7DC237B5E0739CFCF20BD7D444B8 ft=1 fh=6ecc0541769ff743 vn="a variant of Win32/PSWTool.ophCrack.A potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\Marybeth Giddings\My Documents\1Data Files\Administrative\Computers\ophcrack-win32-installer-3.3.1.exe"
sh=D9C059251C907EB7E62AD63CBF2D3F36CB179DD4 ft=1 fh=62973afbbb066fe5 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\Marybeth Giddings\My Documents\Downloads\MusicnotesSuite.exe"
sh=A03F4B4A5027B058853AEF66FBC92C8148EEE24E ft=1 fh=250619b71ee3e55e vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\Marybeth Giddings\My Documents\My Downloads\Setup_FreeBurnerN.exe"
sh=F9093BD0EB403D9F60659EEB6183661E767F2817 ft=1 fh=7626711425c6c880 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Windows.old\Documents and Settings\Marybeth Giddings\My Documents\My Downloads\Downloaded Program Updates\inkscape_8706.exe"
sh=B07B438138ADED0A51FB4B8F7B784781ECF8C553 ft=1 fh=b38d2a8c20220609 vn="a variant of Win32/PerfectUninstaller potentially unsafe application" ac=I fn="C:\Windows.old\Documents and Settings\Marybeth Giddings\My Documents\My Downloads\Downloaded Program Updates\PerfectUninstaller_Setup.exe"
sh=D9C059251C907EB7E62AD63CBF2D3F36CB179DD4 ft=1 fh=62973afbbb066fe5 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="K:\Downloads\MusicnotesSuite.exe"
sh=CB8076149C5C7DC237B5E0739CFCF20BD7D444B8 ft=1 fh=6ecc0541769ff743 vn="a variant of Win32/PSWTool.ophCrack.A potentially unsafe application" ac=I fn="K:\My Documents\1Data Files\Administrative\Computers\ophcrack-win32-installer-3.3.1.exe"
sh=D9C059251C907EB7E62AD63CBF2D3F36CB179DD4 ft=1 fh=62973afbbb066fe5 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="K:\My Documents\Downloads\MusicnotesSuite.exe"
sh=A03F4B4A5027B058853AEF66FBC92C8148EEE24E ft=1 fh=250619b71ee3e55e vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="K:\My Documents\My Downloads\Setup_FreeBurnerN.exe"
sh=F9093BD0EB403D9F60659EEB6183661E767F2817 ft=1 fh=7626711425c6c880 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="K:\My Documents\My Downloads\Downloaded Program Updates\inkscape_8706.exe"
sh=B07B438138ADED0A51FB4B8F7B784781ECF8C553 ft=1 fh=b38d2a8c20220609 vn="a variant of Win32/PerfectUninstaller potentially unsafe application" ac=I fn="K:\My Documents\My Downloads\Downloaded Program Updates\PerfectUninstaller_Setup.exe"
sh=A03F4B4A5027B058853AEF66FBC92C8148EEE24E ft=1 fh=250619b71ee3e55e vn="Win32/Toolbar.Widgi potentially unwanted application" ac=I fn="K:\My Downloads\Setup_FreeBurnerN.exe"
clintonefree
Regular Member
 
Posts: 29
Joined: January 19th, 2015, 1:03 pm

Re: Malware Issues?

Unread postby clintonefree » February 13th, 2015, 9:36 am

Here is the ESET scan. I just let it run overnight
clintonefree
Regular Member
 
Posts: 29
Joined: January 19th, 2015, 1:03 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware