Jump to content

usagirl93

Honorary Members
  • Posts

    53
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello, I'm going to have my brother come look at it, this weekend when he's in town, to make sure I backed-up everything correctly and all, I'll get back to you. Thank you for all your help so far!
  2. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015Ran by Peterson Desktop (administrator) on PETERSONDESKTOP on 10-02-2015 10:33:32Running from C:\Users\Peterson Desktop\DesktopLoaded Profiles: Peterson Desktop (Available profiles: Peterson Desktop)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe(AMD) C:\Windows\System32\atiesrxx.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(AMD) C:\Windows\System32\atieclxx.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CrossLoop Inc) C:\Users\Peterson Desktop\AppData\Local\CrossLoop\CrossLoopService.exe(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe() C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Spotify Ltd) C:\Users\Peterson Desktop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe() C:\Program Files (x86)\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\RPDS\Bin64\rpsystray.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163568 2010-11-11] (Microsoft Corporation)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)HKLM-x32\...\Run: [seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [296520 2014-09-22] (RealNetworks, Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [560128 2010-09-23] (Dell)HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Run: [spotify Web Helper] => C:\Users\Peterson Desktop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-05] (Spotify Ltd)HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Run: [6102000E859DAF0DA740B9F269295411AC5C5878._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Run: [GoogleChromeAutoLaunch_3E5A235652299F516BF472EC1EDB1E84] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnkShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnkShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnkShortcutTarget: QuickBooks 2002 Delivery Agent.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnkShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnkShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\real\realplayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)Startup: C:\Users\Peterson Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Peterson Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)BootExecute: autocheck autochk /r \??\Y:autocheck autochk * ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-244560176-827594973-441203170-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-244560176-827594973-441203170-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpSearchScopes: HKLM -> DefaultScope value is missing.SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {538F5BDE-BC0F-40C1-ABFA-D1A81070B9B9} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKLM-x32 -> DefaultScope value is missing.SearchScopes: HKLM-x32 -> {1D20D1D1-0915-4ECB-989F-F0AB9959F4F3} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-244560176-827594973-441203170-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_enSearchScopes: HKU\S-1-5-21-244560176-827594973-441203170-1000 -> {538F5BDE-BC0F-40C1-ABFA-D1A81070B9B9} URL = SearchScopes: HKU\S-1-5-21-244560176-827594973-441203170-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_enBHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-244560176-827594973-441203170-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {42B182F9-3F08-484E-9913-07193A5D36A9} http://24.221.40.173:8002/web/WebClient.cabDPF: HKLM-x32 {51A1CDAB-573D-45A4-B69F-B44791DFF60A} http://dot.pima.gov/gis/pictometry/viewer/ver30b/PictImageCtrl30.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cabDPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Peterson Desktop\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-244560176-827594973-441203170-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Peterson Desktop\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPAdbESD.dll (Adobe Systems Incorporated)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2010-10-21]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-22]FF HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files (x86)\PassShow\154.xpi Chrome: =======CHR Profile: C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-28]CHR Extension: (Google Drive) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-28]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-28]CHR Extension: (Honey) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-04-03]CHR Extension: (Adblock Plus) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-01]CHR Extension: (Google Search) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-28]CHR Extension: (SiteAdvisor) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-28]CHR Extension: (Pin It Button) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-08-14]CHR Extension: (Google Wallet) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28]CHR Extension: (Gmail) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-28]CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2011-04-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)R2 CrossLoopService; C:\Users\Peterson Desktop\AppData\Local\CrossLoop\CrossLoopService.exe [560792 2010-03-15] (CrossLoop Inc)R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-22] (RealNetworks, Inc.)R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies)S2 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34712 2001-02-28] (Marimba, Inc.)S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-10 09:11 - 2015-02-10 09:46 - 00003376 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-10002015-02-10 09:11 - 2015-02-10 09:46 - 00003264 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-10002015-02-09 17:18 - 2015-02-09 17:18 - 00001079 _____ () C:\Users\Peterson Desktop\Desktop\malwarebytes scan.txt2015-02-09 17:02 - 2015-02-09 17:02 - 00000000 ____D () C:\Users\Peterson Desktop\Desktop\FRST-OlderVersion2015-02-06 18:33 - 2015-02-06 18:33 - 00003286 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-10002015-02-05 14:01 - 2015-02-09 17:21 - 00040084 _____ () C:\Users\Peterson Desktop\Desktop\Addition.txt2015-02-05 14:00 - 2015-02-10 10:34 - 00027036 _____ () C:\Users\Peterson Desktop\Desktop\FRST.txt2015-02-05 13:59 - 2015-02-10 10:33 - 00000000 ____D () C:\FRST2015-02-05 13:59 - 2015-02-09 17:02 - 02132992 _____ (Farbar) C:\Users\Peterson Desktop\Desktop\FRST64.exe2015-02-05 10:59 - 2015-02-05 10:59 - 00011803 _____ () C:\Users\Peterson Desktop\Downloads\Get In Shape for Havasupai Hike.xlsx2015-02-02 09:04 - 2015-02-02 09:04 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk2015-02-02 09:04 - 2015-02-02 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-02-02 09:02 - 2015-02-02 09:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72015-02-02 09:02 - 2015-02-02 09:04 - 00000000 ____D () C:\Program Files\iTunes2015-02-02 09:02 - 2015-02-02 09:02 - 00000000 ____D () C:\Program Files\iPod2015-02-02 09:02 - 2015-02-02 09:02 - 00000000 ____D () C:\Program Files (x86)\iTunes2015-01-28 15:43 - 2015-01-28 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD2015-01-28 13:49 - 2015-01-28 13:49 - 00001397 _____ () C:\Users\Peterson Desktop\Downloads\URLLink.acsm2015-01-27 17:07 - 2015-01-27 17:07 - 00002703 _____ () C:\Users\Peterson Desktop\Downloads\Best Year Ever - Evernote Goal Template.enex2015-01-27 17:00 - 2015-01-27 17:00 - 00000000 ____D () C:\Users\Peterson Desktop\AppData\Local\Evernote2015-01-27 17:00 - 2015-01-27 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote2015-01-27 17:00 - 2015-01-27 17:00 - 00000000 ____D () C:\Program Files (x86)\Evernote2015-01-27 16:59 - 2015-01-27 16:59 - 00000928 _____ () C:\Users\Peterson Desktop\Desktop\Evernote.lnk2015-01-27 16:55 - 2015-01-27 16:56 - 98672136 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Peterson Desktop\Downloads\Evernote_5.8.1.6061.exe2015-01-24 09:38 - 2015-01-24 09:39 - 07292366 _____ () C:\Users\Peterson Desktop\Downloads\MUTE_20150116_195642 (1).mp42015-01-24 09:38 - 2015-01-24 09:38 - 07292366 _____ () C:\Users\Peterson Desktop\Downloads\MUTE_20150116_195642.mp42015-01-15 09:22 - 2015-01-26 10:34 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Desktop Photos2015-01-14 10:50 - 2015-02-06 18:33 - 00003398 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-10002015-01-14 08:05 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-01-14 08:05 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-01-14 08:05 - 2014-12-11 10:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2015-01-14 08:05 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-01-14 08:05 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll2015-01-14 08:05 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll2015-01-14 08:04 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-01-14 08:04 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-01-14 08:04 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-01-14 08:04 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-01-14 08:04 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-01-14 08:04 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-01-14 08:04 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-01-12 22:39 - 2015-01-12 22:39 - 00000000 _____ () C:\Users\Peterson Desktop\AppData\Local\rx_image32.Cache ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-10 10:26 - 2010-05-29 09:53 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B9400257-75A2-4178-A189-F8D233B30C91}2015-02-10 10:21 - 2014-10-08 16:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-02-10 10:13 - 2010-02-01 13:51 - 00000621 _____ () C:\Windows\BRWMARK.INI2015-02-10 09:58 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-02-10 09:58 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-02-10 09:56 - 2009-07-13 22:10 - 01510550 _____ () C:\Windows\WindowsUpdate.log2015-02-10 09:54 - 2014-03-27 15:30 - 00000628 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-244560176-827594973-441203170-1000.job2015-02-10 09:52 - 2012-12-12 23:51 - 00000000 ____D () C:\Users\Peterson Desktop\AppData\Roaming\Dropbox2015-02-10 09:48 - 2010-01-20 19:15 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup2015-02-10 09:47 - 2010-09-23 07:32 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks2015-02-10 09:47 - 2010-09-23 07:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks2015-02-10 09:46 - 2010-11-08 08:44 - 00000008 __RSH () C:\Users\Peterson Desktop\ntuser.pol2015-02-10 09:46 - 2010-03-09 22:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-02-10 09:46 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-02-10 09:46 - 2009-07-13 21:51 - 00970795 _____ () C:\Windows\setupact.log2015-02-10 09:43 - 2010-03-09 22:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-02-10 09:40 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy2015-02-10 09:02 - 2011-05-04 08:39 - 00000000 ____D () C:\ProgramData\MFAData2015-02-09 17:17 - 2014-11-24 20:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-02-07 15:38 - 2010-03-09 22:56 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-07 15:38 - 2010-03-09 22:56 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-06 10:44 - 2009-07-13 22:13 - 00800010 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-05 07:39 - 2014-10-08 16:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-02-05 07:39 - 2012-10-12 09:50 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-02-05 07:39 - 2012-10-12 09:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-02-04 17:56 - 2010-01-28 20:14 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Lilliana2015-02-04 12:53 - 2010-01-26 09:50 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Hadassah2015-02-04 11:20 - 2010-02-02 23:41 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\AP Rentals2015-02-03 17:35 - 2010-04-29 10:13 - 00289792 ___SH () C:\Users\Peterson Desktop\Thumbs.db2015-02-02 09:02 - 2010-01-23 16:13 - 00000000 ____D () C:\Program Files\Common Files\Apple2015-01-31 13:09 - 2011-12-19 13:20 - 00370688 ___SH () C:\Users\Peterson Desktop\Documents\Thumbs.db2015-01-29 09:46 - 2010-01-30 18:55 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Grace2015-01-29 08:51 - 2010-01-23 13:49 - 00138928 _____ () C:\Users\Peterson Desktop\AppData\Local\GDIPFONTCACHEV1.DAT2015-01-29 08:14 - 2009-07-13 21:45 - 00477384 _____ () C:\Windows\system32\FNTCACHE.DAT2015-01-28 17:11 - 2010-01-31 08:29 - 00792132 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2015-01-28 15:22 - 2011-08-29 20:51 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\My Digital Editions2015-01-28 09:37 - 2010-10-05 16:14 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Outlook Files2015-01-28 08:59 - 2014-10-11 10:22 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk2015-01-28 08:59 - 2014-10-11 10:22 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk2015-01-28 08:59 - 2014-10-11 10:22 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk2015-01-28 08:59 - 2014-10-11 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-01-24 11:48 - 2014-03-27 15:30 - 00003690 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-244560176-827594973-441203170-10002015-01-15 09:33 - 2010-01-26 13:39 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Rachel2015-01-15 02:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF2015-01-14 17:43 - 2013-08-01 03:07 - 00000000 ____D () C:\Windows\system32\MRT2015-01-14 17:32 - 2010-04-28 07:39 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-01-12 22:38 - 2014-10-11 21:15 - 00004240 _____ () C:\Users\Peterson Desktop\AppData\Local\rx_audio.Cache ==================== Files in the root of some directories ======= 2010-02-11 06:27 - 2010-04-28 07:45 - 8656832 _____ (Dell, Inc. ) C:\Users\Peterson Desktop\AppData\Roaming\DataSafeDotNet.exe2010-10-08 13:35 - 2010-10-08 13:46 - 0000006 _____ () C:\Users\Peterson Desktop\AppData\Roaming\dm.ini2013-09-11 15:55 - 2013-09-11 15:55 - 0000268 ___RH () C:\Users\Peterson Desktop\AppData\Roaming\Quartz Composer2013-09-11 15:56 - 2013-09-11 15:56 - 0000268 ___RH () C:\Users\Peterson Desktop\AppData\Roaming\Radio Sounds2013-09-11 15:55 - 2013-09-11 15:55 - 0000268 ___RH () C:\Users\Peterson Desktop\AppData\Roaming\Receipts2010-03-15 11:08 - 2010-03-15 11:10 - 0025088 ___SH () C:\Users\Peterson Desktop\AppData\Roaming\Thumbs.db2010-02-03 15:13 - 2010-02-03 15:13 - 0020448 _____ () C:\Users\Peterson Desktop\AppData\Roaming\UserTile.png2010-01-25 10:34 - 2014-07-10 06:37 - 0000954 _____ () C:\Users\Peterson Desktop\AppData\Roaming\wklnhst.dat2010-02-10 22:18 - 2013-02-18 15:14 - 0016384 _____ () C:\Users\Peterson Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2010-01-31 21:26 - 2010-01-31 21:26 - 0000104 _____ () C:\Users\Peterson Desktop\AppData\Local\fusioncache.dat2014-10-11 21:15 - 2015-01-12 22:38 - 0004240 _____ () C:\Users\Peterson Desktop\AppData\Local\rx_audio.Cache2015-01-12 22:39 - 2015-01-12 22:39 - 0000000 _____ () C:\Users\Peterson Desktop\AppData\Local\rx_image32.Cache2011-05-04 09:25 - 2011-05-04 09:25 - 0000040 _____ () C:\Users\Peterson Desktop\AppData\Local\xobni_installer_updater.log2012-01-22 13:16 - 2012-01-22 13:16 - 0000000 _____ () C:\Users\Peterson Desktop\AppData\Local\{9D82853C-4AA0-4330-AAEF-6DC2C3589CD7}2014-10-01 20:26 - 2014-10-02 09:44 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc2013-09-11 15:56 - 2013-09-19 12:28 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT2013-09-11 15:55 - 2014-04-15 17:05 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT2013-09-11 15:55 - 2014-04-15 14:37 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT2013-09-11 15:55 - 2013-09-11 15:55 - 0000268 ___RH () C:\ProgramData\Resources2013-09-11 15:56 - 2013-09-11 15:56 - 0000268 ___RH () C:\ProgramData\Reverb2013-09-11 15:55 - 2013-09-11 15:55 - 0000268 ___RH () C:\ProgramData\Robot ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 14:57 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015Ran by Peterson Desktop at 2015-02-10 10:34:27Running from C:\Users\Peterson Desktop\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )Adobe Download Manager 2.2 (Remove Only) (HKLM-x32\...\AdobeESD) (Version: 2.2 - )Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)AnswerWorks 4.0 Runtime - English (HKLM-x32\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)AoA Audio Extractor (HKLM-x32\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version: - AoAMedia.com)Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0614.2130 - )Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)AVG 2014 (Version: 14.0.4257 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4800 - AVG Technologies) HiddenBing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)ccc-core-static (x32 Version: 2009.0614.2131.36800 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)Citrix Online Launcher (HKLM-x32\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)CrossLoop 2.72 (HKLM-x32\...\CrossLoop_is1) (Version: 2.72 - CrossLoop, Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)DirectXInstallService (x32 Version: 9.0.2 - Roxio) HiddenDropBox (HKLM-x32\...\{809E9D11-335A-4186-8767-CB8C6F3D7810}) (Version: 6.5.0.0 - DropShots)Dropbox (HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Dropbox) (Version: 1.6.9 - Dropbox, Inc.)EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) HiddenEMCGadgets64 (Version: 1.0.302 - Sonic) HiddenEssentials of Music Theory 1 Student (HKLM-x32\...\Essentials of Music Theory 1 Student) (Version: - )Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)Generations® Grande Suite 8 (HKLM-x32\...\{DE0208E0-F368-11D3-8DD7-00104B885EE1}) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-244560176-827594973-441203170-1000\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)Inkscape 0.48.2 (HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Inkscape) (Version: 0.48.2 - )Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )iPod PC Transfer 4.7 (HKLM-x32\...\iPod PC Transfer_is1) (Version: 4.7 - iPod PC Transfer)iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)JDiskReport 1.4.0 (HKLM-x32\...\JDiskReport 1.4.0) (Version: 1.4.0 (2012-01-20 11:38:43) - JGoodies Karsten Lentzsch)Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)Microsoft Small Basic v1.0 (HKLM-x32\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 1.0.0.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)Mozilla Thunderbird 17.0.6 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 en-US)) (Version: 17.0.6 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.3.0 - Nikon)OneClickdigital Media Manager (HKLM-x32\...\{C259BBE2-2531-4387-B5E3-9E6845854272}) (Version: 61.0.0.0 - Recorded Books)OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.2 - Nikon)PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)QuickBooks (x32 Version: 21.0.4014.904 - Intuit Inc.) HiddenQuickBooks Premier 2002 (HKLM-x32\...\{809987B2-F964-11D4-A1A5-00104BD190B1}) (Version: - )QuickBooks Premier Edition 2011 (HKLM-x32\...\{11E0AC7D-6824-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1546.4 - AMD)RAIDXpert (x32 Version: 2.4.1546.4 - AMD) HiddenRealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.13 - RealNetworks)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenRevo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)Roxio File Backup (Version: 1.3.0 - Roxio) Hiddensave2pc Light 4.03 (HKLM-x32\...\save2pc Light_is1) (Version: - FDRLab)SavingsBull (HKLM-x32\...\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}) (Version: 1.0.0.0 - SavingsBull) <==== ATTENTIONSeagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Skins (x32 Version: 2009.0614.2131.36800 - ATI) HiddenSonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) HiddenSpotify (HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)TimeLeft (HKLM-x32\...\TIMELEFT3_is1) (Version: 3.52 - NesterSoft Inc.)Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)TurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version: - )TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc)TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)TurboTax Premier 2007 (HKLM-x32\...\TurboTax Premier 2007) (Version: - )Typing Instructor Platinum (HKLM-x32\...\{F358C0E1-B8DD-43A4-8B2E-269710247F16}) (Version: 21.00.0000 - Individual Software)UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) HiddenVD64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.3.0 - Nikon)Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.1 - WebM Project)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))YNAB 4 version 4.3.656 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ==================== Restore Points ========================= 14-01-2015 17:31:29 Windows Update26-01-2015 12:18:53 Scheduled Checkpoint27-01-2015 16:58:19 Installed Evernote v. 5.8.128-01-2015 15:37:27 Revo Uninstaller's restore point - RAIDXpert28-01-2015 15:39:43 Removed RAIDXpert28-01-2015 16:45:40 Windows Update05-02-2015 12:09:02 Scheduled Checkpoint10-02-2015 09:40:12 Restore Point Created by FRST ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2014-02-27 09:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0162D560-54BD-4FA3-808F-9D9A52471A6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)Task: {0E81AB81-FF40-4C42-9C17-5A1F4359845E} - System32\Tasks\{6EB3A8FE-A5D8-4B78-863E-98740E749B6B} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {1686138E-E735-46DE-9AC7-8AEF262B1499} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)Task: {26C4D01A-6025-494A-AA35-E64E89E67390} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {2A96F507-AFB4-46A6-BC90-22A57974B494} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {2F69B87F-7E1A-415A-BC19-E2596D536762} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {302459D5-7644-4E36-B8E7-60FDD2EAA36A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)Task: {3DB0512E-2AE7-421F-9E2B-20C0D92D79C3} - System32\Tasks\{CAD028D9-1138-4F14-807C-B820BB083660} => C:\Program Files (x86)\Intuit\QuickBooks Premier\qbw32.exe [2005-02-28] (Intuit, Inc.)Task: {43AF36AA-632E-4612-A799-EBE38C98A573} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)Task: {55E69A2C-2372-4A78-AC45-FB898B2AB33A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {59744132-55C0-4EBD-9976-54F916D5E3E6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {68ED6186-B96A-4113-A83E-019C0AB76A2C} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {7493F866-3FC8-411D-9F0E-CAB18D5BA38E} - System32\Tasks\{039A756A-D863-4A9D-8894-CEE8E7DF871A} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {84AD62A5-2151-40C8-A71E-3CA545B862E3} - System32\Tasks\G2MUpdateTask-S-1-5-21-244560176-827594973-441203170-1000 => C:\Users\Peterson Desktop\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-24] (Citrix Online, a division of Citrix Systems, Inc.)Task: {98ADFB47-CAA5-42C4-9C46-57D3017896C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {9CD38D69-EEBF-4D26-A91A-A0670D80997F} - System32\Tasks\{768D1FBE-39C4-4B2D-BDA5-F15E7D8E1F89} => pcalua.exe -a "C:\Users\Peterson Desktop\Desktop\SETUP.EXE" -d "C:\Users\Peterson Desktop\Desktop"Task: {AA09EFBE-6EBE-4795-A79A-A9FE49CDCA4B} - System32\Tasks\{8388A73A-9F5F-400E-AE09-254161F57DF0} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {BAA062B3-0E33-4D6D-B2CE-E6C1D6A3F296} - System32\Tasks\{1698F381-67C8-47CD-A1C9-CA0446AF626B} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {BD5176FB-9C3A-43D3-B75A-38C802DDEFCB} - System32\Tasks\{CAC19F66-C8EC-47AD-ACE0-01C100590841} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {C0054035-C678-4E14-8FFF-A6D0FB87DF63} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)Task: {C206870D-CEEC-42CC-B5FE-7FA575ABEB48} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {C788C9F4-029D-43ED-BDC4-1CF539C85C12} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {CAEF2F40-D812-4392-9B5B-42BE9AC486CE} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {D0E582AE-29D2-4011-9818-7EAC7E3B9463} - System32\Tasks\{5337C250-D752-4C80-88E9-1BFE9B93D172} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {D2884067-1DE0-4759-8EE5-79447B366CD0} - System32\Tasks\{15CB83D2-6FE7-4A8B-9561-3CBCBFE8220D} => pcalua.exe -a "C:\Users\Peterson Desktop\Downloads\Brother Printer Drivers for Windows 7\mflpro_c1\Data\Disk1\setup.exe" -d "C:\Users\Peterson Desktop\Downloads\Brother Printer Drivers for Windows 7\mflpro_c1\Data\Disk1"Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-244560176-827594973-441203170-1000.job => C:\Users\Peterson Desktop\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2014-07-30 02:17 - 2014-07-30 02:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe2014-07-30 05:04 - 2014-07-30 05:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe2010-02-01 13:49 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll2010-02-09 13:34 - 2010-02-09 13:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe2010-04-28 08:29 - 2005-02-22 01:24 - 00315392 _____ () C:\Program Files (x86)\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe2010-01-20 19:15 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE2011-05-04 14:04 - 2011-05-04 14:04 - 00325344 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe2014-09-22 04:43 - 2014-09-22 04:43 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll2010-02-09 13:34 - 2010-02-09 13:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll2009-09-11 11:05 - 2009-09-11 11:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll2010-02-09 13:34 - 2010-02-09 13:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll2010-02-09 13:34 - 2010-02-09 13:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll2010-02-09 13:34 - 2010-02-09 13:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll2011-06-01 09:42 - 2011-06-01 09:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll2011-06-01 09:46 - 2011-06-01 09:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll2010-04-28 08:29 - 2005-02-22 01:23 - 00045056 _____ () C:\Program Files (x86)\Intuit\QuickBooks Premier\components\qbagent\QBDInstallMgr.dll2014-02-03 23:42 - 2014-02-03 23:42 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll2014-02-03 23:43 - 2014-02-03 23:43 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll2005-07-19 23:18 - 2005-07-19 23:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll2014-02-03 23:42 - 2014-02-03 23:42 - 00348488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll2014-02-03 23:43 - 2014-02-03 23:43 - 00126792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll2014-02-03 23:42 - 2014-02-03 23:42 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll2014-02-03 23:43 - 2014-02-03 23:43 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll2014-12-17 15:11 - 2014-12-17 15:11 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll2014-12-17 15:11 - 2014-12-17 15:11 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll2011-05-04 14:04 - 2011-05-04 14:04 - 02896608 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll2011-05-04 14:04 - 2011-05-04 14:04 - 00027360 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll2010-03-22 15:59 - 2010-03-22 15:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL2011-06-01 09:16 - 2011-06-01 09:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll2011-06-01 09:16 - 2011-06-01 09:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll2012-04-09 17:06 - 2012-04-09 17:06 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll2012-04-09 17:06 - 2012-04-09 17:06 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll2013-10-08 15:05 - 2013-10-08 15:05 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll2013-10-08 15:05 - 2013-10-08 15:05 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll2014-03-15 12:52 - 2014-03-15 12:52 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2015-02-05 17:34 - 2015-02-04 02:02 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libglesv2.dll2015-02-05 17:34 - 2015-02-04 02:02 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\libegl.dll2015-02-05 17:34 - 2015-02-04 02:02 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.111\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-244560176-827594973-441203170-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peterson Desktop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-244560176-827594973-441203170-500 - Administrator - Disabled)ASPNET (S-1-5-21-244560176-827594973-441203170-1004 - Limited - Enabled)Guest (S-1-5-21-244560176-827594973-441203170-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-244560176-827594973-441203170-1002 - Limited - Enabled)Peterson Desktop (S-1-5-21-244560176-827594973-441203170-1000 - Administrator - Enabled) => C:\Users\Peterson Desktop ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/10/2015 09:50:19 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/10/2015 09:50:19 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/10/2015 09:50:19 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/10/2015 09:40:11 AM) (Source: VSS) (EventID: 8194) (User: )Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied..This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {33aa4e1b-593b-4442-8640-a1994a571d58} Error: (02/10/2015 09:12:09 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/10/2015 09:12:09 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/10/2015 09:12:09 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/09/2015 05:11:14 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/09/2015 05:11:14 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/09/2015 05:11:14 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle System errors:=============Error: (02/10/2015 09:47:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (02/10/2015 09:47:21 AM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume OS. Error: (02/10/2015 09:47:20 AM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume OS. Error: (02/10/2015 09:47:09 AM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume OS. Error: (02/10/2015 09:46:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: RxFilter Error: (02/10/2015 09:46:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The mrtRate service failed to start due to the following error: %%1275 Error: (02/10/2015 09:46:16 AM) (Source: Application Popup) (EventID: 1060) (User: )Description: \SystemRoot\SysWow64\Drivers\mrtRate.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (02/10/2015 09:12:22 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (02/10/2015 09:12:20 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (02/10/2015 09:10:33 AM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume OS. Microsoft Office Sessions:=========================Error: (02/10/2015 09:50:19 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/10/2015 09:50:19 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/10/2015 09:50:19 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/10/2015 09:40:11 AM) (Source: VSS) (EventID: 8194) (User: )Description: 0x80070005, Access is denied. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {33aa4e1b-593b-4442-8640-a1994a571d58} Error: (02/10/2015 09:12:09 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/10/2015 09:12:09 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/10/2015 09:12:09 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/09/2015 05:11:14 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/09/2015 05:11:14 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/09/2015 05:11:14 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle CodeIntegrity Errors:=================================== Date: 2014-02-27 09:50:20.632 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 09:50:20.086 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 09:50:19.524 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 09:50:18.963 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 08:53:05.318 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 08:53:04.756 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-01 22:43:12.715 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-01 22:43:12.293 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-09-02 09:05:40.875 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-09-02 09:05:40.719 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon II X4 630 ProcessorPercentage of memory in use: 46%Total physical RAM: 3839.12 MBAvailable physical RAM: 2067.95 MBTotal Pagefile: 7676.42 MBAvailable Pagefile: 5209.5 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:86.21 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 85DB1A95)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  3. Oh, can't seem to attach it so the first window that came up said... "The feature you are trying to use is on a network that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package "t.msi" in the box below." It had an option to browse. I clicked OK and this came up... "The path 'c:\\temp\\t.msi' cannot be found. Verify that you have access to this location and try again, or try to find the installation package 't.msi' in a folder from which you can install the product SavingsBull."
  4. Ok, did the fixlog and everything went fine, but when I tried to uninstall SavingsBull it came up with the windows that I'll try to attach pics so you can see what they're their saying. Here is the fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-02-2015 Ran by Peterson Desktop at 2015-02-10 09:40:03 Run:1 Running from C:\Users\Peterson Desktop\Desktop Loaded Profiles: Peterson Desktop (Available profiles: Peterson Desktop) Boot Mode: Normal ============================================== Content of fixlist: ***************** start CreateRestorePoint: AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTION S3 catchme; \??\C:\ComboFix\catchme.sys [X] GroupPolicyUsers\S-1-5-21-244560176-827594973-441203170-1004\User: Group Policy restriction detected <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-244560176-827594973-441203170-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION Task: {2DBDF322-93A3-4F3F-957C-82DD47836470} - \BrowserDefendert No Task File <==== ATTENTION Task: {A5AAB488-687F-47F5-99C9-7BC2EC182611} - System32\Tasks\task512348140 => C:\Users\PETERS~1\AppData\Local\Temp\0.05123845134917571.exe <==== ATTENTION C:\Users\PETERS~1\AppData\Local\Temp\0.05123845134917571.exe Task: {E4D6D1E4-DD5F-46AF-B959-9E3358CBC56A} - \EPUpdater No Task File <==== ATTENTION EmptyTemp: end ***************** Restore point was successfully created. C:\ProgramData\TEMP => ":373E1720" ADS removed successfully. C:\ProgramData\TEMP => ":8CE646EE" ADS removed successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}\\SystemComponent => value deleted successfully. catchme => Service deleted successfully. C:\Windows\system32\GroupPolicyUsers\S-1-5-21-244560176-827594973-441203170-1004\User => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-244560176-827594973-441203170-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2DBDF322-93A3-4F3F-957C-82DD47836470}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2DBDF322-93A3-4F3F-957C-82DD47836470}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserDefendert" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5AAB488-687F-47F5-99C9-7BC2EC182611}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5AAB488-687F-47F5-99C9-7BC2EC182611}" => Key deleted successfully. C:\Windows\System32\Tasks\task512348140 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task512348140" => Key deleted successfully. "C:\Users\PETERS~1\AppData\Local\Temp\0.05123845134917571.exe" => File/Directory not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4D6D1E4-DD5F-46AF-B959-9E3358CBC56A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4D6D1E4-DD5F-46AF-B959-9E3358CBC56A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater" => Key deleted successfully. EmptyTemp: => Removed 2.3 GB temporary data. The system needed a reboot. ==== End of Fixlog 09:43:08 ====
  5. Hello, I did the Malwarebytes Anti-Malware scan and it said nothing was found. I ended up going to history and there it said fount 2 threats - not sure why - i quarantined them, but the log doesn't say that there were any threats and I can't find a log that has the info for those threats. Thank you for your help! Here is the Malwarebytes Anti-Malware scan log: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 2/9/2015Scan Time: 4:38:04 PMLogfile: malwarebytes scan.txtAdministrator: Yes Version: 2.00.4.1028Malware Database: v2015.02.09.10Rootkit Database: v2015.02.03.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Peterson Desktop Scan Type: Threat ScanResult: CompletedObjects Scanned: 381024Time Elapsed: 22 min, 37 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) FRST.txt log Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-02-2015Ran by Peterson Desktop (administrator) on PETERSONDESKTOP on 09-02-2015 17:19:30Running from C:\Users\Peterson Desktop\DesktopLoaded Profiles: Peterson Desktop (Available profiles: Peterson Desktop)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe(AMD) C:\Windows\System32\atiesrxx.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(AMD) C:\Windows\System32\atieclxx.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CrossLoop Inc) C:\Users\Peterson Desktop\AppData\Local\CrossLoop\CrossLoopService.exe(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe() C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Spotify Ltd) C:\Users\Peterson Desktop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe() C:\Program Files (x86)\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\RPDS\Bin64\rpsystray.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe(Memeo Inc.) C:\Program Files (x86)\Memeo\AutoBackup\MemeoUpdater.exe(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163568 2010-11-11] (Microsoft Corporation)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)HKLM-x32\...\Run: [seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [296520 2014-09-22] (RealNetworks, Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [560128 2010-09-23] (Dell)HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Run: [spotify Web Helper] => C:\Users\Peterson Desktop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-05] (Spotify Ltd)HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Run: [6102000E859DAF0DA740B9F269295411AC5C5878._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Run: [GoogleChromeAutoLaunch_3E5A235652299F516BF472EC1EDB1E84] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-02-04] (Google Inc.)HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Policies\system: [LogonHoursAction] 2HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnkShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnkShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnkShortcutTarget: QuickBooks 2002 Delivery Agent.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnkShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnkShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\real\realplayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)Startup: C:\Users\Peterson Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Peterson Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)BootExecute: autocheck autochk /r \??\Y:autocheck autochk * GroupPolicyUsers\S-1-5-21-244560176-827594973-441203170-1004\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-244560176-827594973-441203170-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-244560176-827594973-441203170-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-244560176-827594973-441203170-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpSearchScopes: HKLM -> DefaultScope value is missing.SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {538F5BDE-BC0F-40C1-ABFA-D1A81070B9B9} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKLM-x32 -> DefaultScope value is missing.SearchScopes: HKLM-x32 -> {1D20D1D1-0915-4ECB-989F-F0AB9959F4F3} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-244560176-827594973-441203170-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_enSearchScopes: HKU\S-1-5-21-244560176-827594973-441203170-1000 -> {538F5BDE-BC0F-40C1-ABFA-D1A81070B9B9} URL = SearchScopes: HKU\S-1-5-21-244560176-827594973-441203170-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_enBHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-244560176-827594973-441203170-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {42B182F9-3F08-484E-9913-07193A5D36A9} http://24.221.40.173:8002/web/WebClient.cabDPF: HKLM-x32 {51A1CDAB-573D-45A4-B69F-B44791DFF60A} http://dot.pima.gov/gis/pictometry/viewer/ver30b/PictImageCtrl30.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cabDPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Peterson Desktop\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-244560176-827594973-441203170-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Peterson Desktop\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPAdbESD.dll (Adobe Systems Incorporated)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2010-10-21]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-22]FF HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files (x86)\PassShow\154.xpi Chrome: =======CHR Profile: C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-28]CHR Extension: (Google Drive) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-28]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-28]CHR Extension: (Honey) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-04-03]CHR Extension: (Adblock Plus) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-01]CHR Extension: (Google Search) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-28]CHR Extension: (SiteAdvisor) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-28]CHR Extension: (Pin It Button) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-08-14]CHR Extension: (Google Wallet) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28]CHR Extension: (Gmail) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-28]CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2011-04-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)R2 CrossLoopService; C:\Users\Peterson Desktop\AppData\Local\CrossLoop\CrossLoopService.exe [560792 2010-03-15] (CrossLoop Inc)R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-22] (RealNetworks, Inc.)R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies)S2 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34712 2001-02-28] (Marimba, Inc.)S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 17:18 - 2015-02-09 17:18 - 00001079 _____ () C:\Users\Peterson Desktop\Desktop\malwarebytes scan.txt2015-02-09 17:02 - 2015-02-09 17:02 - 00000000 ____D () C:\Users\Peterson Desktop\Desktop\FRST-OlderVersion2015-02-09 14:57 - 2015-02-09 17:08 - 00003376 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-10002015-02-09 14:57 - 2015-02-09 17:08 - 00003264 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-10002015-02-06 18:33 - 2015-02-06 18:33 - 00003286 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-10002015-02-05 14:01 - 2015-02-05 14:02 - 00042242 _____ () C:\Users\Peterson Desktop\Desktop\Addition.txt2015-02-05 14:00 - 2015-02-09 17:19 - 00026902 _____ () C:\Users\Peterson Desktop\Desktop\FRST.txt2015-02-05 13:59 - 2015-02-09 17:19 - 00000000 ____D () C:\FRST2015-02-05 13:59 - 2015-02-09 17:02 - 02132992 _____ (Farbar) C:\Users\Peterson Desktop\Desktop\FRST64.exe2015-02-05 10:59 - 2015-02-05 10:59 - 00011803 _____ () C:\Users\Peterson Desktop\Downloads\Get In Shape for Havasupai Hike.xlsx2015-02-02 09:04 - 2015-02-02 09:04 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk2015-02-02 09:04 - 2015-02-02 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-02-02 09:02 - 2015-02-02 09:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72015-02-02 09:02 - 2015-02-02 09:04 - 00000000 ____D () C:\Program Files\iTunes2015-02-02 09:02 - 2015-02-02 09:02 - 00000000 ____D () C:\Program Files\iPod2015-02-02 09:02 - 2015-02-02 09:02 - 00000000 ____D () C:\Program Files (x86)\iTunes2015-01-28 15:43 - 2015-01-28 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD2015-01-28 13:49 - 2015-01-28 13:49 - 00001397 _____ () C:\Users\Peterson Desktop\Downloads\URLLink.acsm2015-01-27 17:07 - 2015-01-27 17:07 - 00002703 _____ () C:\Users\Peterson Desktop\Downloads\Best Year Ever - Evernote Goal Template.enex2015-01-27 17:00 - 2015-01-27 17:00 - 00000000 ____D () C:\Users\Peterson Desktop\AppData\Local\Evernote2015-01-27 17:00 - 2015-01-27 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote2015-01-27 17:00 - 2015-01-27 17:00 - 00000000 ____D () C:\Program Files (x86)\Evernote2015-01-27 16:59 - 2015-01-27 16:59 - 00000928 _____ () C:\Users\Peterson Desktop\Desktop\Evernote.lnk2015-01-27 16:55 - 2015-01-27 16:56 - 98672136 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Peterson Desktop\Downloads\Evernote_5.8.1.6061.exe2015-01-24 09:38 - 2015-01-24 09:39 - 07292366 _____ () C:\Users\Peterson Desktop\Downloads\MUTE_20150116_195642 (1).mp42015-01-24 09:38 - 2015-01-24 09:38 - 07292366 _____ () C:\Users\Peterson Desktop\Downloads\MUTE_20150116_195642.mp42015-01-15 09:22 - 2015-01-26 10:34 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Desktop Photos2015-01-14 10:50 - 2015-02-06 18:33 - 00003398 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-10002015-01-14 08:05 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-01-14 08:05 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-01-14 08:05 - 2014-12-11 10:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2015-01-14 08:05 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-01-14 08:05 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll2015-01-14 08:05 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll2015-01-14 08:04 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-01-14 08:04 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-01-14 08:04 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-01-14 08:04 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-01-14 08:04 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-01-14 08:04 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-01-14 08:04 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-01-12 22:39 - 2015-01-12 22:39 - 00000000 _____ () C:\Users\Peterson Desktop\AppData\Local\rx_image32.Cache ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-09 17:18 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-02-09 17:18 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-02-09 17:17 - 2014-11-24 20:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-02-09 17:14 - 2009-07-13 22:10 - 01496143 _____ () C:\Windows\WindowsUpdate.log2015-02-09 17:13 - 2010-05-29 09:53 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B9400257-75A2-4178-A189-F8D233B30C91}2015-02-09 17:12 - 2012-12-12 23:51 - 00000000 ____D () C:\Users\Peterson Desktop\AppData\Roaming\Dropbox2015-02-09 17:09 - 2010-02-01 13:51 - 00000621 _____ () C:\Windows\BRWMARK.INI2015-02-09 17:08 - 2010-09-23 07:32 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks2015-02-09 17:08 - 2010-09-23 07:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks2015-02-09 17:08 - 2010-01-20 19:15 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup2015-02-09 17:07 - 2010-03-09 22:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-02-09 17:07 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-02-09 17:07 - 2009-07-13 21:51 - 00970627 _____ () C:\Windows\setupact.log2015-02-09 16:54 - 2014-03-27 15:30 - 00000628 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-244560176-827594973-441203170-1000.job2015-02-09 16:43 - 2010-03-09 22:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-02-09 16:21 - 2014-10-08 16:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-02-09 15:01 - 2011-05-04 08:39 - 00000000 ____D () C:\ProgramData\MFAData2015-02-07 15:38 - 2010-03-09 22:56 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-07 15:38 - 2010-03-09 22:56 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-06 10:44 - 2009-07-13 22:13 - 00800010 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-05 07:39 - 2014-10-08 16:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-02-05 07:39 - 2012-10-12 09:50 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-02-05 07:39 - 2012-10-12 09:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-02-04 17:56 - 2010-01-28 20:14 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Lilliana2015-02-04 12:53 - 2010-01-26 09:50 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Hadassah2015-02-04 11:20 - 2010-02-02 23:41 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\AP Rentals2015-02-03 17:35 - 2010-04-29 10:13 - 00289792 ___SH () C:\Users\Peterson Desktop\Thumbs.db2015-02-02 09:02 - 2010-01-23 16:13 - 00000000 ____D () C:\Program Files\Common Files\Apple2015-01-31 13:09 - 2011-12-19 13:20 - 00370688 ___SH () C:\Users\Peterson Desktop\Documents\Thumbs.db2015-01-29 09:46 - 2010-01-30 18:55 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Grace2015-01-29 08:51 - 2010-01-23 13:49 - 00138928 _____ () C:\Users\Peterson Desktop\AppData\Local\GDIPFONTCACHEV1.DAT2015-01-29 08:14 - 2009-07-13 21:45 - 00477384 _____ () C:\Windows\system32\FNTCACHE.DAT2015-01-28 17:11 - 2010-01-31 08:29 - 00792132 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2015-01-28 15:22 - 2011-08-29 20:51 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\My Digital Editions2015-01-28 09:37 - 2010-10-05 16:14 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Outlook Files2015-01-28 08:59 - 2014-10-11 10:22 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk2015-01-28 08:59 - 2014-10-11 10:22 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk2015-01-28 08:59 - 2014-10-11 10:22 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk2015-01-28 08:59 - 2014-10-11 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-01-24 11:48 - 2014-03-27 15:30 - 00003690 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-244560176-827594973-441203170-10002015-01-15 09:33 - 2010-01-26 13:39 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Rachel2015-01-15 02:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF2015-01-14 17:43 - 2013-08-01 03:07 - 00000000 ____D () C:\Windows\system32\MRT2015-01-14 17:32 - 2010-04-28 07:39 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-01-12 22:38 - 2014-10-11 21:15 - 00004240 _____ () C:\Users\Peterson Desktop\AppData\Local\rx_audio.Cache ==================== Files in the root of some directories ======= 2010-02-11 06:27 - 2010-04-28 07:45 - 8656832 _____ (Dell, Inc. ) C:\Users\Peterson Desktop\AppData\Roaming\DataSafeDotNet.exe2010-10-08 13:35 - 2010-10-08 13:46 - 0000006 _____ () C:\Users\Peterson Desktop\AppData\Roaming\dm.ini2013-09-11 15:55 - 2013-09-11 15:55 - 0000268 ___RH () C:\Users\Peterson Desktop\AppData\Roaming\Quartz Composer2013-09-11 15:56 - 2013-09-11 15:56 - 0000268 ___RH () C:\Users\Peterson Desktop\AppData\Roaming\Radio Sounds2013-09-11 15:55 - 2013-09-11 15:55 - 0000268 ___RH () C:\Users\Peterson Desktop\AppData\Roaming\Receipts2010-03-15 11:08 - 2010-03-15 11:10 - 0025088 ___SH () C:\Users\Peterson Desktop\AppData\Roaming\Thumbs.db2010-02-03 15:13 - 2010-02-03 15:13 - 0020448 _____ () C:\Users\Peterson Desktop\AppData\Roaming\UserTile.png2010-01-25 10:34 - 2014-07-10 06:37 - 0000954 _____ () C:\Users\Peterson Desktop\AppData\Roaming\wklnhst.dat2010-02-10 22:18 - 2013-02-18 15:14 - 0016384 _____ () C:\Users\Peterson Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2010-01-31 21:26 - 2010-01-31 21:26 - 0000104 _____ () C:\Users\Peterson Desktop\AppData\Local\fusioncache.dat2014-10-11 21:15 - 2015-01-12 22:38 - 0004240 _____ () C:\Users\Peterson Desktop\AppData\Local\rx_audio.Cache2015-01-12 22:39 - 2015-01-12 22:39 - 0000000 _____ () C:\Users\Peterson Desktop\AppData\Local\rx_image32.Cache2011-05-04 09:25 - 2011-05-04 09:25 - 0000040 _____ () C:\Users\Peterson Desktop\AppData\Local\xobni_installer_updater.log2012-01-22 13:16 - 2012-01-22 13:16 - 0000000 _____ () C:\Users\Peterson Desktop\AppData\Local\{9D82853C-4AA0-4330-AAEF-6DC2C3589CD7}2014-10-01 20:26 - 2014-10-02 09:44 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc2013-09-11 15:56 - 2013-09-19 12:28 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT2013-09-11 15:55 - 2014-04-15 17:05 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT2013-09-11 15:55 - 2014-04-15 14:37 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT2013-09-11 15:55 - 2013-09-11 15:55 - 0000268 ___RH () C:\ProgramData\Resources2013-09-11 15:56 - 2013-09-11 15:56 - 0000268 ___RH () C:\ProgramData\Reverb2013-09-11 15:55 - 2013-09-11 15:55 - 0000268 ___RH () C:\ProgramData\Robot Some content of TEMP:====================C:\Users\Peterson Desktop\AppData\Local\Temp\bpuninstall.exeC:\Users\Peterson Desktop\AppData\Local\Temp\DseShExt-x64.dllC:\Users\Peterson Desktop\AppData\Local\Temp\DseShExt-x86.dllC:\Users\Peterson Desktop\AppData\Local\Temp\jre-8u31-windows-au.exeC:\Users\Peterson Desktop\AppData\Local\Temp\lowproc.exeC:\Users\Peterson Desktop\AppData\Local\Temp\SDShelEx-win32.dllC:\Users\Peterson Desktop\AppData\Local\Temp\SDShelEx-x64.dllC:\Users\Peterson Desktop\AppData\Local\Temp\stubhelper.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 14:57 ==================== End Of Log ============================ Addition.txt log Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-02-2015Ran by Peterson Desktop at 2015-02-09 17:20:22Running from C:\Users\Peterson Desktop\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )Adobe Download Manager 2.2 (Remove Only) (HKLM-x32\...\AdobeESD) (Version: 2.2 - )Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)AnswerWorks 4.0 Runtime - English (HKLM-x32\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)AoA Audio Extractor (HKLM-x32\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version: - AoAMedia.com)Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0614.2130 - )Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)AVG 2014 (Version: 14.0.4257 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4800 - AVG Technologies) HiddenBing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)ccc-core-static (x32 Version: 2009.0614.2131.36800 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)Citrix Online Launcher (HKLM-x32\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)CrossLoop 2.72 (HKLM-x32\...\CrossLoop_is1) (Version: 2.72 - CrossLoop, Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)DirectXInstallService (x32 Version: 9.0.2 - Roxio) HiddenDropBox (HKLM-x32\...\{809E9D11-335A-4186-8767-CB8C6F3D7810}) (Version: 6.5.0.0 - DropShots)Dropbox (HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Dropbox) (Version: 1.6.9 - Dropbox, Inc.)EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) HiddenEMCGadgets64 (Version: 1.0.302 - Sonic) HiddenEssentials of Music Theory 1 Student (HKLM-x32\...\Essentials of Music Theory 1 Student) (Version: - )Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)Generations® Grande Suite 8 (HKLM-x32\...\{DE0208E0-F368-11D3-8DD7-00104B885EE1}) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-244560176-827594973-441203170-1000\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)Inkscape 0.48.2 (HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Inkscape) (Version: 0.48.2 - )Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )iPod PC Transfer 4.7 (HKLM-x32\...\iPod PC Transfer_is1) (Version: 4.7 - iPod PC Transfer)iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)JDiskReport 1.4.0 (HKLM-x32\...\JDiskReport 1.4.0) (Version: 1.4.0 (2012-01-20 11:38:43) - JGoodies Karsten Lentzsch)Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)Microsoft Small Basic v1.0 (HKLM-x32\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 1.0.0.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)Mozilla Thunderbird 17.0.6 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 en-US)) (Version: 17.0.6 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.3.0 - Nikon)OneClickdigital Media Manager (HKLM-x32\...\{C259BBE2-2531-4387-B5E3-9E6845854272}) (Version: 61.0.0.0 - Recorded Books)OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.2 - Nikon)PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)QuickBooks (x32 Version: 21.0.4014.904 - Intuit Inc.) HiddenQuickBooks Premier 2002 (HKLM-x32\...\{809987B2-F964-11D4-A1A5-00104BD190B1}) (Version: - )QuickBooks Premier Edition 2011 (HKLM-x32\...\{11E0AC7D-6824-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1546.4 - AMD)RAIDXpert (x32 Version: 2.4.1546.4 - AMD) HiddenRealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.13 - RealNetworks)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenRevo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)Roxio File Backup (Version: 1.3.0 - Roxio) Hiddensave2pc Light 4.03 (HKLM-x32\...\save2pc Light_is1) (Version: - FDRLab)SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTIONSeagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Skins (x32 Version: 2009.0614.2131.36800 - ATI) HiddenSonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) HiddenSpotify (HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)TimeLeft (HKLM-x32\...\TIMELEFT3_is1) (Version: 3.52 - NesterSoft Inc.)Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)TurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version: - )TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc)TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)TurboTax Premier 2007 (HKLM-x32\...\TurboTax Premier 2007) (Version: - )Typing Instructor Platinum (HKLM-x32\...\{F358C0E1-B8DD-43A4-8B2E-269710247F16}) (Version: 21.00.0000 - Individual Software)UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) HiddenVD64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.3.0 - Nikon)Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.1 - WebM Project)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))YNAB 4 version 4.3.656 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ==================== Restore Points ========================= 14-01-2015 17:31:29 Windows Update26-01-2015 12:18:53 Scheduled Checkpoint27-01-2015 16:58:19 Installed Evernote v. 5.8.128-01-2015 15:37:27 Revo Uninstaller's restore point - RAIDXpert28-01-2015 15:39:43 Removed RAIDXpert28-01-2015 16:45:40 Windows Update05-02-2015 12:09:02 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2014-02-27 09:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0162D560-54BD-4FA3-808F-9D9A52471A6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)Task: {0E81AB81-FF40-4C42-9C17-5A1F4359845E} - System32\Tasks\{6EB3A8FE-A5D8-4B78-863E-98740E749B6B} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {1686138E-E735-46DE-9AC7-8AEF262B1499} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)Task: {26C4D01A-6025-494A-AA35-E64E89E67390} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {2A96F507-AFB4-46A6-BC90-22A57974B494} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {2DBDF322-93A3-4F3F-957C-82DD47836470} - \BrowserDefendert No Task File <==== ATTENTIONTask: {302459D5-7644-4E36-B8E7-60FDD2EAA36A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)Task: {3DB0512E-2AE7-421F-9E2B-20C0D92D79C3} - System32\Tasks\{CAD028D9-1138-4F14-807C-B820BB083660} => C:\Program Files (x86)\Intuit\QuickBooks Premier\qbw32.exe [2005-02-28] (Intuit, Inc.)Task: {43AF36AA-632E-4612-A799-EBE38C98A573} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)Task: {55E69A2C-2372-4A78-AC45-FB898B2AB33A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {59744132-55C0-4EBD-9976-54F916D5E3E6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {68ED6186-B96A-4113-A83E-019C0AB76A2C} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {7493F866-3FC8-411D-9F0E-CAB18D5BA38E} - System32\Tasks\{039A756A-D863-4A9D-8894-CEE8E7DF871A} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {84AD62A5-2151-40C8-A71E-3CA545B862E3} - System32\Tasks\G2MUpdateTask-S-1-5-21-244560176-827594973-441203170-1000 => C:\Users\Peterson Desktop\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-24] (Citrix Online, a division of Citrix Systems, Inc.)Task: {98ADFB47-CAA5-42C4-9C46-57D3017896C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {9CD38D69-EEBF-4D26-A91A-A0670D80997F} - System32\Tasks\{768D1FBE-39C4-4B2D-BDA5-F15E7D8E1F89} => pcalua.exe -a "C:\Users\Peterson Desktop\Desktop\SETUP.EXE" -d "C:\Users\Peterson Desktop\Desktop"Task: {A5AAB488-687F-47F5-99C9-7BC2EC182611} - System32\Tasks\task512348140 => C:\Users\PETERS~1\AppData\Local\Temp\0.05123845134917571.exe <==== ATTENTIONTask: {AA09EFBE-6EBE-4795-A79A-A9FE49CDCA4B} - System32\Tasks\{8388A73A-9F5F-400E-AE09-254161F57DF0} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {AC5ABAFE-6C0F-4898-B98D-6DB3E4312128} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {BAA062B3-0E33-4D6D-B2CE-E6C1D6A3F296} - System32\Tasks\{1698F381-67C8-47CD-A1C9-CA0446AF626B} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {BD5176FB-9C3A-43D3-B75A-38C802DDEFCB} - System32\Tasks\{CAC19F66-C8EC-47AD-ACE0-01C100590841} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {C0054035-C678-4E14-8FFF-A6D0FB87DF63} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)Task: {C206870D-CEEC-42CC-B5FE-7FA575ABEB48} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {C788C9F4-029D-43ED-BDC4-1CF539C85C12} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {D0E582AE-29D2-4011-9818-7EAC7E3B9463} - System32\Tasks\{5337C250-D752-4C80-88E9-1BFE9B93D172} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {D2884067-1DE0-4759-8EE5-79447B366CD0} - System32\Tasks\{15CB83D2-6FE7-4A8B-9561-3CBCBFE8220D} => pcalua.exe -a "C:\Users\Peterson Desktop\Downloads\Brother Printer Drivers for Windows 7\mflpro_c1\Data\Disk1\setup.exe" -d "C:\Users\Peterson Desktop\Downloads\Brother Printer Drivers for Windows 7\mflpro_c1\Data\Disk1"Task: {D4DD4EDB-F555-4099-A150-2E797D5523CB} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {E4D6D1E4-DD5F-46AF-B959-9E3358CBC56A} - \EPUpdater No Task File <==== ATTENTIONTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-244560176-827594973-441203170-1000.job => C:\Users\Peterson Desktop\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2014-07-30 02:17 - 2014-07-30 02:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe2014-07-30 05:04 - 2014-07-30 05:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe2010-02-01 13:49 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll2010-01-20 19:15 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE2010-02-09 13:34 - 2010-02-09 13:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe2010-04-28 08:29 - 2005-02-22 01:24 - 00315392 _____ () C:\Program Files (x86)\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe2011-05-04 14:04 - 2011-05-04 14:04 - 00325344 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe2014-09-22 04:43 - 2014-09-22 04:43 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll2010-02-09 13:34 - 2010-02-09 13:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll2009-09-11 11:05 - 2009-09-11 11:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll2010-02-09 13:34 - 2010-02-09 13:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll2010-02-09 13:34 - 2010-02-09 13:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll2010-02-09 13:34 - 2010-02-09 13:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll2011-06-01 09:42 - 2011-06-01 09:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll2011-06-01 09:46 - 2011-06-01 09:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll2010-04-28 08:29 - 2005-02-22 01:23 - 00045056 _____ () C:\Program Files (x86)\Intuit\QuickBooks Premier\components\qbagent\QBDInstallMgr.dll2014-02-03 23:42 - 2014-02-03 23:42 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll2014-02-03 23:43 - 2014-02-03 23:43 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll2005-07-19 23:18 - 2005-07-19 23:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll2014-02-03 23:42 - 2014-02-03 23:42 - 00348488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll2014-02-03 23:43 - 2014-02-03 23:43 - 00126792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll2014-02-03 23:42 - 2014-02-03 23:42 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll2014-02-03 23:43 - 2014-02-03 23:43 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll2014-12-17 15:11 - 2014-12-17 15:11 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll2014-12-17 15:11 - 2014-12-17 15:11 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll2011-05-04 14:04 - 2011-05-04 14:04 - 02896608 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll2011-05-04 14:04 - 2011-05-04 14:04 - 00027360 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll2010-03-22 15:59 - 2010-03-22 15:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL2011-06-01 09:16 - 2011-06-01 09:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll2011-06-01 09:16 - 2011-06-01 09:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll2012-04-09 17:06 - 2012-04-09 17:06 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll2012-04-09 17:06 - 2012-04-09 17:06 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll2013-10-08 15:05 - 2013-10-08 15:05 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll2013-10-08 15:05 - 2013-10-08 15:05 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll2014-03-15 12:52 - 2014-03-15 12:52 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-244560176-827594973-441203170-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peterson Desktop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-244560176-827594973-441203170-500 - Administrator - Disabled)ASPNET (S-1-5-21-244560176-827594973-441203170-1004 - Limited - Enabled)Guest (S-1-5-21-244560176-827594973-441203170-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-244560176-827594973-441203170-1002 - Limited - Enabled)Peterson Desktop (S-1-5-21-244560176-827594973-441203170-1000 - Administrator - Enabled) => C:\Users\Peterson Desktop ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/09/2015 05:11:14 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/09/2015 05:11:14 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/09/2015 05:11:14 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/09/2015 04:20:49 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/09/2015 04:20:49 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/09/2015 04:20:49 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/09/2015 02:59:48 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/09/2015 02:59:48 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/09/2015 02:59:48 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle Error: (02/07/2015 03:35:01 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle System errors:=============Error: (02/09/2015 05:08:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (02/09/2015 05:08:31 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume C:. Error: (02/09/2015 05:08:29 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume OS. Error: (02/09/2015 05:08:15 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume OS. Error: (02/09/2015 05:07:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: RxFilter Error: (02/09/2015 05:07:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The mrtRate service failed to start due to the following error: %%1275 Error: (02/09/2015 05:07:23 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \SystemRoot\SysWow64\Drivers\mrtRate.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (02/09/2015 04:18:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (02/09/2015 04:18:09 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume C:. Error: (02/09/2015 04:18:08 PM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume OS. Microsoft Office Sessions:=========================Error: (02/09/2015 05:11:14 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/09/2015 05:11:14 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/09/2015 05:11:14 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/09/2015 04:20:49 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/09/2015 04:20:49 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/09/2015 04:20:49 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/09/2015 02:59:48 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/09/2015 02:59:48 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/09/2015 02:59:48 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle Error: (02/07/2015 03:35:01 PM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle CodeIntegrity Errors:=================================== Date: 2014-02-27 09:50:20.632 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 09:50:20.086 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 09:50:19.524 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 09:50:18.963 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 08:53:05.318 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 08:53:04.756 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-01 22:43:12.715 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-01 22:43:12.293 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-09-02 09:05:40.875 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-09-02 09:05:40.719 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon II X4 630 ProcessorPercentage of memory in use: 46%Total physical RAM: 3839.12 MBAvailable physical RAM: 2056.7 MBTotal Pagefile: 7676.42 MBAvailable Pagefile: 5646.19 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:84.52 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 85DB1A95)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  6. Another thing is that when I start up my computer from sleep mode it will come on, but the screen will still be black - like it's frozen - and it never comes on or starts up (however you'd say that) so then I just press the power button to get it to reboot which then gets it going. From there though start up is extremely slow (this morning has been the worst I've seen so far). Also, just the past few days Memeo Dashboard.exe box comes up, before i even log in to the user, and says "corrupt and unreadable. Run checkdisk utility." Help would be awesome!
  7. Hello, A couple months ago my computer started running slow. Every time I open a web browser in chrome at the top it comes up with, "Chrome didn't shut down correctly" and has an option to restore, but doesn't do anything when restore is clicked. I close all tabs before closing chrome so it shouldn't be closing incorrectly. Also, about every so many days I run a Malwarebytes Anti-Malware scan and I get off a couple threats about every other time I do the scan. Any help would be much appreciated! Thank you! FRST.txt log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2015Ran by Peterson Desktop (administrator) on PETERSONDESKTOP on 05-02-2015 14:00:08Running from C:\Users\Peterson Desktop\DesktopLoaded Profiles: Peterson Desktop (Available profiles: Peterson Desktop)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe(AMD) C:\Windows\System32\atiesrxx.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe(AMD) C:\Windows\System32\atieclxx.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CrossLoop Inc) C:\Users\Peterson Desktop\AppData\Local\CrossLoop\CrossLoopService.exe(Memeo) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe() C:\Program Files (x86)\real\UpdateService\RealPlayerUpdateSvc.exe(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Spotify Ltd) C:\Users\Peterson Desktop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe() C:\Program Files (x86)\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\RPDS\Bin64\rpsystray.exe(Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe() C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe(Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\Update\realsched.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\audiodg.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163568 2010-11-11] (Microsoft Corporation)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807680 2010-02-09] ()HKLM-x32\...\Run: [Memeo Instant Backup] => C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)HKLM-x32\...\Run: [Memeo AutoSync] => C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)HKLM-x32\...\Run: [seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-12-16] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\real\realplayer\update\realsched.exe [296520 2014-09-22] (RealNetworks, Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [560128 2010-09-23] (Dell)HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Run: [spotify Web Helper] => C:\Users\Peterson Desktop\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-05] (Spotify Ltd)HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Run: [6102000E859DAF0DA740B9F269295411AC5C5878._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-26] (Google Inc.)HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Run: [GoogleChromeAutoLaunch_3E5A235652299F516BF472EC1EDB1E84] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-26] (Google Inc.)HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Policies\system: [LogonHoursAction] 2HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnkShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnkShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks 2002 Delivery Agent.lnkShortcutTarget: QuickBooks 2002 Delivery Agent.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe ()Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnkShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnkShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnkShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\real\realplayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)Startup: C:\Users\Peterson Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Peterson Desktop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnkShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll (Dropbox, Inc.)BootExecute: autocheck autochk /r \??\Y:autocheck autochk * GroupPolicyUsers\S-1-5-21-244560176-827594973-441203170-1004\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-244560176-827594973-441203170-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-244560176-827594973-441203170-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\S-1-5-21-244560176-827594973-441203170-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpSearchScopes: HKLM -> DefaultScope value is missing.SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {538F5BDE-BC0F-40C1-ABFA-D1A81070B9B9} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKLM-x32 -> DefaultScope value is missing.SearchScopes: HKLM-x32 -> {1D20D1D1-0915-4ECB-989F-F0AB9959F4F3} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxSearchScopes: HKU\S-1-5-21-244560176-827594973-441203170-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_enSearchScopes: HKU\S-1-5-21-244560176-827594973-441203170-1000 -> {538F5BDE-BC0F-40C1-ABFA-D1A81070B9B9} URL = SearchScopes: HKU\S-1-5-21-244560176-827594973-441203170-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}&rlz=1I7ADFA_enBHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKU\S-1-5-21-244560176-827594973-441203170-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {42B182F9-3F08-484E-9913-07193A5D36A9} http://24.221.40.173:8002/web/WebClient.cabDPF: HKLM-x32 {51A1CDAB-573D-45A4-B69F-B44791DFF60A} http://dot.pima.gov/gis/pictometry/viewer/ver30b/PictImageCtrl30.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cabDPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Peterson Desktop\Downloads\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @real.com/nppl3260;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.13 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)FF Plugin-x32: @real.com/nprpplugin;version=17.0.13.2 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-244560176-827594973-441203170-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Peterson Desktop\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPAdbESD.dll (Adobe Systems Incorporated)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisorFF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2010-10-21]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF HKLM-x32\...\Firefox\Extensions: [{9D2AA73B-6049-4799-B8AC-925723370070}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-09-22]FF HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Firefox\Extensions: [{8492baab-62ca-4e2c-983b-dfef7cae8082}] - C:\Program Files (x86)\PassShow\154.xpi Chrome: =======CHR Profile: C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-28]CHR Extension: (Google Drive) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-28]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]CHR Extension: (YouTube) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-28]CHR Extension: (Honey) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2014-04-03]CHR Extension: (Adblock Plus) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-03-01]CHR Extension: (Google Search) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-28]CHR Extension: (SiteAdvisor) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-02-28]CHR Extension: (Pin It Button) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-08-14]CHR Extension: (Google Wallet) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28]CHR Extension: (Gmail) - C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-28]CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2011-04-30] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3247120 2014-12-16] (AVG Technologies CZ, s.r.o.)R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-12-16] (AVG Technologies CZ, s.r.o.)R2 CrossLoopService; C:\Users\Peterson Desktop\AppData\Local\CrossLoop\CrossLoopService.exe [560792 2010-03-15] (CrossLoop Inc)R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed]S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) [File not signed]R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-07-30] ()R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-09-22] (RealNetworks, Inc.)R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-07-30] () [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [237848 2014-10-24] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-10-29] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-10-20] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-06-26] (AVG Technologies)S2 mrtRate; C:\Windows\SysWow64\Drivers\mrtRate.sys [34712 2001-02-28] (Marimba, Inc.)S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 14:00 - 2015-02-05 14:00 - 00027554 _____ () C:\Users\Peterson Desktop\Desktop\FRST.txt2015-02-05 13:59 - 2015-02-05 14:00 - 00000000 ____D () C:\FRST2015-02-05 13:59 - 2015-02-05 13:59 - 02131968 _____ (Farbar) C:\Users\Peterson Desktop\Desktop\FRST64.exe2015-02-05 10:59 - 2015-02-05 10:59 - 00011803 _____ () C:\Users\Peterson Desktop\Downloads\Get In Shape for Havasupai Hike.xlsx2015-02-03 07:12 - 2015-02-04 06:38 - 00003264 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-10002015-02-03 07:11 - 2015-02-04 06:38 - 00003376 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-10002015-02-02 09:04 - 2015-02-02 09:04 - 00001755 _____ () C:\Users\Public\Desktop\iTunes.lnk2015-02-02 09:04 - 2015-02-02 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2015-02-02 09:02 - 2015-02-02 09:04 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A72015-02-02 09:02 - 2015-02-02 09:04 - 00000000 ____D () C:\Program Files\iTunes2015-02-02 09:02 - 2015-02-02 09:02 - 00000000 ____D () C:\Program Files\iPod2015-02-02 09:02 - 2015-02-02 09:02 - 00000000 ____D () C:\Program Files (x86)\iTunes2015-01-29 17:25 - 2015-02-04 17:31 - 00000410 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Peterson Desktop.job2015-01-29 17:25 - 2015-02-04 15:38 - 00000414 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Peterson Desktop.job2015-01-29 17:25 - 2015-02-04 06:38 - 00000420 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Peterson Desktop.job2015-01-28 15:43 - 2015-01-28 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD2015-01-28 13:49 - 2015-01-28 13:49 - 00001397 _____ () C:\Users\Peterson Desktop\Downloads\URLLink.acsm2015-01-27 17:07 - 2015-01-27 17:07 - 00002703 _____ () C:\Users\Peterson Desktop\Downloads\Best Year Ever - Evernote Goal Template.enex2015-01-27 17:00 - 2015-01-27 17:00 - 00000000 ____D () C:\Users\Peterson Desktop\AppData\Local\Evernote2015-01-27 17:00 - 2015-01-27 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote2015-01-27 17:00 - 2015-01-27 17:00 - 00000000 ____D () C:\Program Files (x86)\Evernote2015-01-27 16:59 - 2015-01-27 16:59 - 00000928 _____ () C:\Users\Peterson Desktop\Desktop\Evernote.lnk2015-01-27 16:55 - 2015-01-27 16:56 - 98672136 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Peterson Desktop\Downloads\Evernote_5.8.1.6061.exe2015-01-24 09:38 - 2015-01-24 09:39 - 07292366 _____ () C:\Users\Peterson Desktop\Downloads\MUTE_20150116_195642 (1).mp42015-01-24 09:38 - 2015-01-24 09:38 - 07292366 _____ () C:\Users\Peterson Desktop\Downloads\MUTE_20150116_195642.mp42015-01-15 09:22 - 2015-01-26 10:34 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Desktop Photos2015-01-14 10:50 - 2015-02-05 06:37 - 00003398 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-10002015-01-14 10:50 - 2015-02-05 06:37 - 00003286 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-10002015-01-14 08:05 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll2015-01-14 08:05 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys2015-01-14 08:05 - 2014-12-11 10:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2015-01-14 08:05 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll2015-01-14 08:05 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll2015-01-14 08:05 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll2015-01-14 08:04 - 2014-12-11 22:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-01-14 08:04 - 2014-12-11 22:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll2015-01-14 08:04 - 2014-12-11 22:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe2015-01-14 08:04 - 2014-12-11 22:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll2015-01-14 08:04 - 2014-12-11 22:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2015-01-14 08:04 - 2014-12-11 22:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2015-01-14 08:04 - 2014-12-11 22:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll2015-01-12 22:39 - 2015-01-12 22:39 - 00000000 _____ () C:\Users\Peterson Desktop\AppData\Local\rx_image32.Cache ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-05 13:54 - 2014-03-27 15:30 - 00000628 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-244560176-827594973-441203170-1000.job2015-02-05 13:50 - 2010-05-29 09:53 - 00003998 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B9400257-75A2-4178-A189-F8D233B30C91}2015-02-05 13:32 - 2010-03-09 22:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-02-05 13:32 - 2010-03-09 22:56 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-02-05 13:29 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-02-05 13:29 - 2009-07-13 21:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-02-05 13:25 - 2014-11-24 20:12 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-02-05 13:21 - 2014-10-08 16:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-02-05 10:31 - 2010-02-01 13:51 - 00000621 _____ () C:\Windows\BRWMARK.INI2015-02-05 09:31 - 2011-05-04 08:39 - 00000000 ____D () C:\ProgramData\MFAData2015-02-05 07:55 - 2009-07-13 22:10 - 01398267 _____ () C:\Windows\WindowsUpdate.log2015-02-05 07:39 - 2014-10-08 16:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2015-02-05 07:39 - 2012-10-12 09:50 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-02-05 07:39 - 2012-10-12 09:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-02-05 07:38 - 2009-07-13 21:51 - 00969619 _____ () C:\Windows\setupact.log2015-02-04 17:56 - 2010-01-28 20:14 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Lilliana2015-02-04 12:53 - 2010-01-26 09:50 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Hadassah2015-02-04 12:20 - 2009-07-13 22:13 - 00800010 _____ () C:\Windows\system32\PerfStringBackup.INI2015-02-04 11:20 - 2010-02-02 23:41 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\AP Rentals2015-02-04 06:44 - 2012-12-12 23:51 - 00000000 ____D () C:\Users\Peterson Desktop\AppData\Roaming\Dropbox2015-02-04 06:38 - 2010-09-23 07:32 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks2015-02-04 06:38 - 2010-09-23 07:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks2015-02-04 06:38 - 2010-01-20 19:15 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup2015-02-04 06:37 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-02-03 17:35 - 2010-04-29 10:13 - 00289792 ___SH () C:\Users\Peterson Desktop\Thumbs.db2015-02-02 09:02 - 2010-01-23 16:13 - 00000000 ____D () C:\Program Files\Common Files\Apple2015-01-31 13:09 - 2011-12-19 13:20 - 00370688 ___SH () C:\Users\Peterson Desktop\Documents\Thumbs.db2015-01-29 09:46 - 2010-01-30 18:55 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Grace2015-01-29 08:51 - 2010-01-23 13:49 - 00138928 _____ () C:\Users\Peterson Desktop\AppData\Local\GDIPFONTCACHEV1.DAT2015-01-29 08:14 - 2009-07-13 21:45 - 00477384 _____ () C:\Windows\system32\FNTCACHE.DAT2015-01-28 17:11 - 2010-01-31 08:29 - 00792132 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2015-01-28 15:22 - 2011-08-29 20:51 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\My Digital Editions2015-01-28 09:37 - 2010-10-05 16:14 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Outlook Files2015-01-28 08:59 - 2014-10-11 10:22 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk2015-01-28 08:59 - 2014-10-11 10:22 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk2015-01-28 08:59 - 2014-10-11 10:22 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk2015-01-28 08:59 - 2014-10-11 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-01-24 11:48 - 2014-03-27 15:30 - 00003690 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-244560176-827594973-441203170-10002015-01-15 09:33 - 2010-01-26 13:39 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Rachel2015-01-15 02:18 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF2015-01-14 17:43 - 2013-08-01 03:07 - 00000000 ____D () C:\Windows\system32\MRT2015-01-14 17:32 - 2010-04-28 07:39 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-01-12 22:38 - 2014-10-11 21:15 - 00004240 _____ () C:\Users\Peterson Desktop\AppData\Local\rx_audio.Cache2015-01-08 09:05 - 2014-05-09 10:21 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk2015-01-08 09:05 - 2014-04-25 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG2015-01-07 15:28 - 2010-01-27 20:55 - 00000000 ____D () C:\Users\Peterson Desktop\Documents\Chloe ==================== Files in the root of some directories ======= 2010-02-11 06:27 - 2010-04-28 07:45 - 8656832 _____ (Dell, Inc. ) C:\Users\Peterson Desktop\AppData\Roaming\DataSafeDotNet.exe2010-10-08 13:35 - 2010-10-08 13:46 - 0000006 _____ () C:\Users\Peterson Desktop\AppData\Roaming\dm.ini2013-09-11 15:55 - 2013-09-11 15:55 - 0000268 ___RH () C:\Users\Peterson Desktop\AppData\Roaming\Quartz Composer2013-09-11 15:56 - 2013-09-11 15:56 - 0000268 ___RH () C:\Users\Peterson Desktop\AppData\Roaming\Radio Sounds2013-09-11 15:55 - 2013-09-11 15:55 - 0000268 ___RH () C:\Users\Peterson Desktop\AppData\Roaming\Receipts2010-03-15 11:08 - 2010-03-15 11:10 - 0025088 ___SH () C:\Users\Peterson Desktop\AppData\Roaming\Thumbs.db2010-02-03 15:13 - 2010-02-03 15:13 - 0020448 _____ () C:\Users\Peterson Desktop\AppData\Roaming\UserTile.png2010-01-25 10:34 - 2014-07-10 06:37 - 0000954 _____ () C:\Users\Peterson Desktop\AppData\Roaming\wklnhst.dat2010-02-10 22:18 - 2013-02-18 15:14 - 0016384 _____ () C:\Users\Peterson Desktop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2010-01-31 21:26 - 2010-01-31 21:26 - 0000104 _____ () C:\Users\Peterson Desktop\AppData\Local\fusioncache.dat2014-10-11 21:15 - 2015-01-12 22:38 - 0004240 _____ () C:\Users\Peterson Desktop\AppData\Local\rx_audio.Cache2015-01-12 22:39 - 2015-01-12 22:39 - 0000000 _____ () C:\Users\Peterson Desktop\AppData\Local\rx_image32.Cache2011-05-04 09:25 - 2011-05-04 09:25 - 0000040 _____ () C:\Users\Peterson Desktop\AppData\Local\xobni_installer_updater.log2012-01-22 13:16 - 2012-01-22 13:16 - 0000000 _____ () C:\Users\Peterson Desktop\AppData\Local\{9D82853C-4AA0-4330-AAEF-6DC2C3589CD7}2014-10-01 20:26 - 2014-10-02 09:44 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc2013-09-11 15:56 - 2013-09-19 12:28 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT2013-09-11 15:55 - 2014-04-15 17:05 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT2013-09-11 15:55 - 2014-04-15 14:37 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT2013-09-11 15:55 - 2013-09-11 15:55 - 0000268 ___RH () C:\ProgramData\Resources2013-09-11 15:56 - 2013-09-11 15:56 - 0000268 ___RH () C:\ProgramData\Reverb2013-09-11 15:55 - 2013-09-11 15:55 - 0000268 ___RH () C:\ProgramData\Robot Some content of TEMP:====================C:\Users\Peterson Desktop\AppData\Local\Temp\bpuninstall.exeC:\Users\Peterson Desktop\AppData\Local\Temp\DseShExt-x64.dllC:\Users\Peterson Desktop\AppData\Local\Temp\DseShExt-x86.dllC:\Users\Peterson Desktop\AppData\Local\Temp\jre-8u31-windows-au.exeC:\Users\Peterson Desktop\AppData\Local\Temp\lowproc.exeC:\Users\Peterson Desktop\AppData\Local\Temp\SDShelEx-win32.dllC:\Users\Peterson Desktop\AppData\Local\Temp\SDShelEx-x64.dllC:\Users\Peterson Desktop\AppData\Local\Temp\stubhelper.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-03 14:57 ==================== End Of Log ============================ Addition.txt log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2015Ran by Peterson Desktop at 2015-02-05 14:01:13Running from C:\Users\Peterson Desktop\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{C23EE7CE-C1A3-4F94-A8F0-9E0AC9C6DE6E}) (Version: 1.1 - Eyeo GmbH)Adblock Plus for IE (HKLM-x32\...\{fd97d1e2-368a-4cd9-af63-8eeff938044a}) (Version: 1.1 - )Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )Adobe Download Manager 2.2 (Remove Only) (HKLM-x32\...\AdobeESD) (Version: 2.2 - )Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)AnswerWorks 4.0 Runtime - English (HKLM-x32\...\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}) (Version: 4.0.101 - Vantage Software Technologies)AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)AoA Audio Extractor (HKLM-x32\...\{D1725D54-279A-40C5-A70D-23C1785DB920}_is1) (Version: - AoAMedia.com)Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.009.0614.2130 - )Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.)AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4800 - AVG Technologies)AVG 2014 (Version: 14.0.4257 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4800 - AVG Technologies) HiddenBing Bar (HKLM-x32\...\{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}) (Version: 7.0.609.0 - Microsoft Corporation)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)ccc-core-static (x32 Version: 2009.0614.2131.36800 - ATI) HiddenCCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)Citrix Online Launcher (HKLM-x32\...\{B025BA0B-64A6-46DE-9D64-32965C83CCA9}) (Version: 1.0.179 - Citrix)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)CrossLoop 2.72 (HKLM-x32\...\CrossLoop_is1) (Version: 2.72 - CrossLoop, Inc.)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)DirectXInstallService (x32 Version: 9.0.2 - Roxio) HiddenDropBox (HKLM-x32\...\{809E9D11-335A-4186-8767-CB8C6F3D7810}) (Version: 6.5.0.0 - DropShots)Dropbox (HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Dropbox) (Version: 1.6.9 - Dropbox, Inc.)EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) HiddenEMCGadgets64 (Version: 1.0.302 - Sonic) HiddenEssentials of Music Theory 1 Student (HKLM-x32\...\Essentials of Music Theory 1 Student) (Version: - )Evernote v. 5.8.1 (HKLM-x32\...\{4FD2D1C8-8636-11E4-9D21-00163E98E7D6}) (Version: 5.8.1.6061 - Evernote Corp.)Generations® Grande Suite 8 (HKLM-x32\...\{DE0208E0-F368-11D3-8DD7-00104B885EE1}) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-244560176-827594973-441203170-1000\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)Inkscape 0.48.2 (HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Inkscape) (Version: 0.48.2 - )Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )iPod PC Transfer 4.7 (HKLM-x32\...\iPod PC Transfer_is1) (Version: 4.7 - iPod PC Transfer)iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)JDiskReport 1.4.0 (HKLM-x32\...\JDiskReport 1.4.0) (Version: 1.4.0 (2012-01-20 11:38:43) - JGoodies Karsten Lentzsch)Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Memeo AutoSync (HKLM-x32\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)Memeo Instant Backup (HKLM-x32\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Office Suite Activation Assistant (HKLM-x32\...\{67635FB6-2F63-4FFB-830B-D4C01597EBA4}) (Version: 1.2.1 - DELL)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)Microsoft Small Basic v1.0 (HKLM-x32\...\{7AAA27E4-CDB3-49C0-AA2D-41827C001BA3}) (Version: 1.0.0.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 25.0.1 - Mozilla)Mozilla Thunderbird 17.0.6 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 17.0.6 (x86 en-US)) (Version: 17.0.6 - Mozilla)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.3.0 - Nikon)OneClickdigital Media Manager (HKLM-x32\...\{C259BBE2-2531-4387-B5E3-9E6845854272}) (Version: 61.0.0.0 - Recorded Books)OverDrive Media Console (HKLM-x32\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.2 - Nikon)PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)QuickBooks (x32 Version: 21.0.4014.904 - Intuit Inc.) HiddenQuickBooks Premier 2002 (HKLM-x32\...\{809987B2-F964-11D4-A1A5-00104BD190B1}) (Version: - )QuickBooks Premier Edition 2011 (HKLM-x32\...\{11E0AC7D-6824-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 2.4.1546.4 - AMD)RAIDXpert (x32 Version: 2.4.1546.4 - AMD) HiddenRealDownloader (x32 Version: 17.0.13 - RealNetworks, Inc.) HiddenRealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) HiddenRealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) HiddenRealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.13 - RealNetworks)RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) HiddenRevo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)Roxio File Backup (Version: 1.3.0 - Roxio) Hiddensave2pc Light 4.03 (HKLM-x32\...\save2pc Light_is1) (Version: - FDRLab)SavingsBull (x32 Version: 1.0.0.0 - SavingsBull) Hidden <==== ATTENTIONSeagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Skins (x32 Version: 2009.0614.2131.36800 - ATI) HiddenSonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) HiddenSpotify (HKU\S-1-5-21-244560176-827594973-441203170-1000\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)TimeLeft (HKLM-x32\...\TIMELEFT3_is1) (Version: 3.52 - NesterSoft Inc.)Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)TurboTax 2008 (HKLM-x32\...\TurboTax 2008) (Version: - )TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc)TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)TurboTax Premier 2007 (HKLM-x32\...\TurboTax Premier 2007) (Version: - )Typing Instructor Platinum (HKLM-x32\...\{F358C0E1-B8DD-43A4-8B2E-269710247F16}) (Version: 21.00.0000 - Individual Software)UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) HiddenVD64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.3.0 - Nikon)Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)WebM Media Foundation Components (HKLM-x32\...\webmmf) (Version: 1.0.1.1 - WebM Project)Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)Xvid 1.2.1 final uninstall (HKLM-x32\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))YNAB 4 version 4.3.656 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.656 - YouNeedABudget.com)Zune (HKLM\...\Zune) (Version: 04.07.1404.01 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-244560176-827594973-441203170-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Peterson Desktop\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll (Dropbox, Inc.) ==================== Restore Points ========================= 09-01-2015 09:34:21 Scheduled Checkpoint14-01-2015 17:31:29 Windows Update26-01-2015 12:18:53 Scheduled Checkpoint27-01-2015 16:58:19 Installed Evernote v. 5.8.128-01-2015 15:37:27 Revo Uninstaller's restore point - RAIDXpert28-01-2015 15:39:43 Removed RAIDXpert28-01-2015 16:45:40 Windows Update05-02-2015 12:09:02 Scheduled Checkpoint ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2014-02-27 09:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0162D560-54BD-4FA3-808F-9D9A52471A6D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)Task: {0E81AB81-FF40-4C42-9C17-5A1F4359845E} - System32\Tasks\{6EB3A8FE-A5D8-4B78-863E-98740E749B6B} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {1686138E-E735-46DE-9AC7-8AEF262B1499} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)Task: {1738944E-73D4-449A-B624-07596DB86F61} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {1D390550-28DA-47FC-9BA1-30E9EA32913F} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {26C4D01A-6025-494A-AA35-E64E89E67390} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {2A96F507-AFB4-46A6-BC90-22A57974B494} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {2DBDF322-93A3-4F3F-957C-82DD47836470} - \BrowserDefendert No Task File <==== ATTENTIONTask: {302459D5-7644-4E36-B8E7-60FDD2EAA36A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)Task: {3DB0512E-2AE7-421F-9E2B-20C0D92D79C3} - System32\Tasks\{CAD028D9-1138-4F14-807C-B820BB083660} => C:\Program Files (x86)\Intuit\QuickBooks Premier\qbw32.exe [2005-02-28] (Intuit, Inc.)Task: {43909B44-AF90-4C47-ABDF-22F27BA5C571} - System32\Tasks\ReclaimerUpdateFiles_Peterson Desktop => C:\Users\Peterson Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-01-29] (RealNetworks, Inc.)Task: {43AF36AA-632E-4612-A799-EBE38C98A573} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)Task: {45721543-D693-4525-B5A9-9B8594185DAE} - System32\Tasks\RNUpgradeHelperLogonPrompt_Peterson Desktop => C:\Users\Peterson Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-01-29] (RealNetworks, Inc.)Task: {55A77878-3C3C-409B-BD38-2F543E6E533C} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {58D2678E-E7F9-4D27-A35C-96B7B7B43076} - System32\Tasks\RNUpgradeHelperResumePrompt_Peterson Desktop => C:\Users\Peterson Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-01-29] (RealNetworks, Inc.)Task: {59744132-55C0-4EBD-9976-54F916D5E3E6} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {68ED6186-B96A-4113-A83E-019C0AB76A2C} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)Task: {7336AF29-0A7F-47BC-BA4D-71E88993FD53} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {7493F866-3FC8-411D-9F0E-CAB18D5BA38E} - System32\Tasks\{039A756A-D863-4A9D-8894-CEE8E7DF871A} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {84AD62A5-2151-40C8-A71E-3CA545B862E3} - System32\Tasks\G2MUpdateTask-S-1-5-21-244560176-827594973-441203170-1000 => C:\Users\Peterson Desktop\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-24] (Citrix Online, a division of Citrix Systems, Inc.)Task: {98ADFB47-CAA5-42C4-9C46-57D3017896C7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {99ECC6F6-05B7-4695-A802-113B066674FA} - System32\Tasks\ReclaimerUpdateXML_Peterson Desktop => C:\Users\Peterson Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe [2015-01-29] (RealNetworks, Inc.)Task: {9CD38D69-EEBF-4D26-A91A-A0670D80997F} - System32\Tasks\{768D1FBE-39C4-4B2D-BDA5-F15E7D8E1F89} => pcalua.exe -a "C:\Users\Peterson Desktop\Desktop\SETUP.EXE" -d "C:\Users\Peterson Desktop\Desktop"Task: {A5AAB488-687F-47F5-99C9-7BC2EC182611} - System32\Tasks\task512348140 => C:\Users\PETERS~1\AppData\Local\Temp\0.05123845134917571.exe <==== ATTENTIONTask: {AA09EFBE-6EBE-4795-A79A-A9FE49CDCA4B} - System32\Tasks\{8388A73A-9F5F-400E-AE09-254161F57DF0} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {BAA062B3-0E33-4D6D-B2CE-E6C1D6A3F296} - System32\Tasks\{1698F381-67C8-47CD-A1C9-CA0446AF626B} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {BD5176FB-9C3A-43D3-B75A-38C802DDEFCB} - System32\Tasks\{CAC19F66-C8EC-47AD-ACE0-01C100590841} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {C0054035-C678-4E14-8FFF-A6D0FB87DF63} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-11] (Google Inc.)Task: {C788C9F4-029D-43ED-BDC4-1CF539C85C12} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-244560176-827594973-441203170-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-07-30] (RealNetworks, Inc.)Task: {D0E582AE-29D2-4011-9818-7EAC7E3B9463} - System32\Tasks\{5337C250-D752-4C80-88E9-1BFE9B93D172} => C:\Program Files (x86)\Voice of God Recordings\The Table 2005\Views.exeTask: {D2884067-1DE0-4759-8EE5-79447B366CD0} - System32\Tasks\{15CB83D2-6FE7-4A8B-9561-3CBCBFE8220D} => pcalua.exe -a "C:\Users\Peterson Desktop\Downloads\Brother Printer Drivers for Windows 7\mflpro_c1\Data\Disk1\setup.exe" -d "C:\Users\Peterson Desktop\Downloads\Brother Printer Drivers for Windows 7\mflpro_c1\Data\Disk1"Task: {E4D6D1E4-DD5F-46AF-B959-9E3358CBC56A} - \EPUpdater No Task File <==== ATTENTIONTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-244560176-827594973-441203170-1000.job => C:\Users\Peterson Desktop\AppData\Local\Citrix\GoToMeeting\2273\g2mupdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\ReclaimerUpdateFiles_Peterson Desktop.job => C:\Users\Peterson Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exeTask: C:\Windows\Tasks\ReclaimerUpdateXML_Peterson Desktop.job => C:\Users\Peterson Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exeTask: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Peterson Desktop.job => C:\Users\Peterson Desktop\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\11.04\agent\rnupgagent.exe ==================== Loaded Modules (whitelisted) ============== 2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2014-07-30 02:17 - 2014-07-30 02:17 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe2014-07-30 05:04 - 2014-07-30 05:04 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe2010-02-01 13:49 - 2005-04-22 13:36 - 00143360 ____N () C:\Windows\system32\BrSNMP64.dll2010-01-20 19:15 - 2011-08-18 08:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE2010-02-09 13:34 - 2010-02-09 13:34 - 01807680 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe2010-04-28 08:29 - 2005-02-22 01:24 - 00315392 _____ () C:\Program Files (x86)\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe2011-05-04 14:04 - 2011-05-04 14:04 - 00325344 _____ () C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe2014-09-22 04:43 - 2014-09-22 04:43 - 00864856 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll2010-02-09 13:34 - 2010-02-09 13:34 - 00275776 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll2009-09-11 11:05 - 2009-09-11 11:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll2010-02-09 13:34 - 2010-02-09 13:34 - 00095552 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll2010-02-09 13:34 - 2010-02-09 13:34 - 00152896 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll2010-02-09 13:34 - 2010-02-09 13:34 - 00017728 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll2010-04-28 08:29 - 2005-02-22 01:23 - 00045056 _____ () C:\Program Files (x86)\Intuit\QuickBooks Premier\components\qbagent\QBDInstallMgr.dll2014-02-03 23:42 - 2014-02-03 23:42 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll2014-02-03 23:43 - 2014-02-03 23:43 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll2005-07-19 23:18 - 2005-07-19 23:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll2014-02-03 23:42 - 2014-02-03 23:42 - 00348488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll2014-02-03 23:43 - 2014-02-03 23:43 - 00126792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll2014-02-03 23:42 - 2014-02-03 23:42 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll2014-02-03 23:43 - 2014-02-03 23:43 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll2014-02-03 23:43 - 2014-02-03 23:43 - 00101704 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\ReportBridge.dll2014-02-03 23:43 - 2014-02-03 23:43 - 00070472 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QB2WPFBridge.dll2014-02-03 22:43 - 2014-02-03 22:43 - 00098632 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\Webification.dll2011-06-01 09:42 - 2011-06-01 09:42 - 00108296 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll2011-06-01 09:46 - 2011-06-01 09:46 - 00030984 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll2014-12-17 15:11 - 2014-12-17 15:11 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll2014-12-17 15:11 - 2014-12-17 15:11 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll2011-05-04 14:04 - 2011-05-04 14:04 - 02896608 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll2011-05-04 14:04 - 2011-05-04 14:04 - 00027360 _____ () C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll2010-03-22 15:59 - 2010-03-22 15:59 - 00504293 _____ () C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.DLL2010-03-22 15:57 - 2010-03-22 15:57 - 00178176 _____ () C:\Program Files (x86)\Common Files\Memeo\ProfMan.dll2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf2011-06-01 09:16 - 2011-06-01 09:16 - 00241664 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll2011-06-01 09:16 - 2011-06-01 09:16 - 00971776 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll2012-04-09 17:06 - 2012-04-09 17:06 - 00755712 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll2012-04-09 17:06 - 2012-04-09 17:06 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll2013-10-08 15:05 - 2013-10-08 15:05 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll2013-10-08 15:05 - 2013-10-08 15:05 - 00471040 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll2014-03-15 12:52 - 2014-03-15 12:52 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll2015-02-01 06:39 - 2015-01-26 20:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libglesv2.dll2015-02-01 06:39 - 2015-01-26 20:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\libegl.dll2015-02-01 06:39 - 2015-01-26 20:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:373E1720AlternateDataStreams: C:\ProgramData\TEMP:8CE646EE ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-244560176-827594973-441203170-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Peterson Desktop\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrator (S-1-5-21-244560176-827594973-441203170-500 - Administrator - Disabled)ASPNET (S-1-5-21-244560176-827594973-441203170-1004 - Limited - Enabled)Guest (S-1-5-21-244560176-827594973-441203170-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-244560176-827594973-441203170-1002 - Limited - Enabled)Peterson Desktop (S-1-5-21-244560176-827594973-441203170-1000 - Administrator - Enabled) => C:\Users\Peterson Desktop ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/05/2015 06:45:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9610 Error: (02/05/2015 06:45:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9610 Error: (02/05/2015 06:45:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/04/2015 11:04:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 15397 Error: (02/04/2015 11:04:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 15397 Error: (02/04/2015 11:04:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/04/2015 01:03:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 15506 Error: (02/04/2015 01:03:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 15506 Error: (02/04/2015 01:03:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/04/2015 06:43:09 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: An unexpected error has occured in "QuickBooks":Returning NULL QBWinInstance Handle System errors:=============Error: (02/05/2015 06:36:59 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (02/05/2015 06:36:59 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (02/05/2015 06:36:52 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (02/05/2015 06:36:51 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (02/05/2015 06:36:49 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (02/05/2015 06:36:43 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (02/05/2015 06:36:26 AM) (Source: Ntfs) (EventID: 55) (User: )Description: The file system structure on the disk is corrupt and unusable.Please run the chkdsk utility on the volume OS. Error: (02/04/2015 09:58:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. Error: (02/04/2015 06:42:21 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Error: (02/04/2015 06:42:20 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 43. The internal error state is 252. Microsoft Office Sessions:=========================Error: (02/05/2015 06:45:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 9610 Error: (02/05/2015 06:45:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 9610 Error: (02/05/2015 06:45:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/04/2015 11:04:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 15397 Error: (02/04/2015 11:04:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 15397 Error: (02/04/2015 11:04:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/04/2015 01:03:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 15506 Error: (02/04/2015 01:03:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 15506 Error: (02/04/2015 01:03:03 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (02/04/2015 06:43:09 AM) (Source: QuickBooks) (EventID: 4) (User: )Description: QuickBooksReturning NULL QBWinInstance Handle CodeIntegrity Errors:=================================== Date: 2014-02-27 09:50:20.632 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 09:50:20.086 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 09:50:19.524 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 09:50:18.963 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 08:53:05.318 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-27 08:53:04.756 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-01 22:43:12.715 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-07-01 22:43:12.293 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-09-02 09:05:40.875 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-09-02 09:05:40.719 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Athlon II X4 630 ProcessorPercentage of memory in use: 54%Total physical RAM: 3839.12 MBAvailable physical RAM: 1728.34 MBTotal Pagefile: 7676.42 MBAvailable Pagefile: 4838.11 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:80.54 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 85DB1A95)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  8. You are easy to understand and great to work with. My computer is fixed! Thank you so much!

  9. Alright I updated and cleaned up. Ads are all gone! Thank you so, so much!
  10. Thanks for telling me about Adblock I'll have to give it a try. checkup.txt Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Internet Security 2013 Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.6.602.171 Adobe Reader XI Mozilla Firefox 15.0.1 Firefox out of Date! Mozilla Thunderbird (17.0.5) Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  11. It looks like things are clear! if there is ads in a blog or on a site it could be on their end right? There was no threats found on the Malwarebytes Anti-Malware scan. AdwCleaner log # AdwCleaner v2.306 - Logfile created 08/10/2013 at 09:20:25# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Peterson Desktop - PETERSONDESKTOP# Boot Mode : Normal# Running from : C:\Users\Peterson Desktop\Desktop\adwcleaner.exe# Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Deleted : C:\ProgramData\BrowserDefender ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-US) File : C:\Users\Peterson Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\febik43q.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1168 octets] - [10/08/2013 07:47:17]AdwCleaner[R2].txt - [1229 octets] - [10/08/2013 07:52:54]AdwCleaner[R3].txt - [1289 octets] - [10/08/2013 09:19:26]AdwCleaner[s1].txt - [26077 octets] - [01/07/2013 21:19:27]AdwCleaner[s2].txt - [1227 octets] - [10/08/2013 09:20:25] ########## EOF - C:\AdwCleaner[s2].txt - [1287 octets] ########## JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.4.1 (08.10.2013:1)OS: Windows 7 Home Premium x64Ran by Peterson Desktop on Sat 08/10/2013 at 9:27:57.48~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Users\Peterson Desktop\AppData\Roaming\mozilla\firefox\profiles\febik43q.default\invalidprefs.jsEmptied folder: C:\Users\Peterson Desktop\AppData\Roaming\mozilla\firefox\profiles\febik43q.default\minidumps [14 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sat 08/10/2013 at 9:32:27.31End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware log Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2013.08.09.07 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635Peterson Desktop :: PETERSONDESKTOP [administrator] 8/10/2013 9:39:16 AMmbam-log-2013-08-10 (09-39-16).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 234024Time elapsed: 6 minute(s), 12 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  12. adwcleaner.exe # AdwCleaner v2.306 - Logfile created 08/10/2013 at 07:47:17 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Peterson Desktop - PETERSONDESKTOP # Boot Mode : Normal # Running from : C:\Users\Peterson Desktop\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found : C:\ProgramData\BrowserDefender ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-US) File : C:\Users\Peterson Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\febik43q.default\prefs.js [OK] File is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\Peterson Desktop\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [979 octets] - [10/08/2013 07:47:17] AdwCleaner[s1].txt - [26077 octets] - [01/07/2013 21:19:27] ########## EOF - C:\AdwCleaner[R1].txt - [1099 octets] ##########
  13. Hello MrC, I did the Malwarebytes Anti-Malware scan and 10 threats were found, I removed the threats and the ads are still here. I'm not sure if you want to see the Malwarebytes Anti-Malware log, but I thought I would post it anyway. Here are all the logs Malwarebytes Anti-Malware log Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.09.07 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635Peterson Desktop :: PETERSONDESKTOP [administrator] 8/9/2013 4:40:56 PMmbam-log-2013-08-09 (16-40-56).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 234043Time elapsed: 10 minute(s), 50 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 4C:\ProgramData\BrowserDefender\2.6.1339.144 (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully. Files Detected: 6C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully.C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js (PUP.Optional.BrowserDefender.A) -> Quarantined and deleted successfully. (end) DDS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.25.2Run by Peterson Desktop at 18:11:38 on 2013-08-09Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1934 [GMT -7:00].AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}.============== Running Processes ===============.C:\PROGRA~2\AVG\AVG2013\avgrsa.exeC:\Program Files (x86)\AVG\AVG2013\avgcsrva.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\AUDIODG.EXEC:\Program Files\Dell\DellDock\DockLogin.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\AVG\AVG2013\avgidsagent.exeC:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Users\Peterson Desktop\AppData\Local\CrossLoop\CrossLoopService.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exeC:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exeC:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXEC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\taskeng.exeC:\Program Files (x86)\AVG\AVG2013\avgnsa.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\AVG\AVG2013\avgemca.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Zune\ZuneLauncher.exeC:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exeC:\Program Files (x86)\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exeC:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeC:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXEC:\Program Files (x86)\AVG\AVG2013\avgui.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exeC:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXEC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exeC:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\sppsvc.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Windows\system32\wuauclt.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\AVG\AVG2013\avgcfgex.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreserveTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [Google Update] "C:\Users\Peterson Desktop\AppData\Local\Google\Update\GoogleUpdate.exe" /cmRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /mmRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_uimRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silentmRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uimRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLYmRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startupmRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~3.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXEuPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTrusted Zone: turbotax.comTCP: NameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{C3D38363-C4AE-48BA-86EB-092D9560D568} : DHCPNameServer = 75.75.75.75 75.75.76.76Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Peterson Desktop\AppData\Roaming\Mozilla\Firefox\Profiles\febik43q.default\FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPAdbESD.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dllFF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\Users\Peterson Desktop\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dllFF - plugin: C:\Users\Peterson Desktop\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dllFF - plugin: C:\Users\Peterson Desktop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllFF - plugin: C:\Users\Peterson Desktop\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: C:\Users\Peterson Desktop\AppData\Roaming\Mozilla\plugins\npo1d.dllFF - plugin: C:\Users\Peterson Desktop\Downloads\Picasa3\npPicasa3.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dllFF - plugin: C:\Windows\SysWOW64\npDeployJava1.dllFF - plugin: C:\Windows\SysWOW64\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-1-20 55280]R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-3 45856]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-1-20 203264]R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]R2 CrossLoopService;CrossLoop Service;C:\Users\Peterson Desktop\AppData\Local\CrossLoop\CrossLoopService.exe [2010-4-20 560792]R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-1 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-1 701512]R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-1-20 1692480]R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-1 25928]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-1-20 215040]R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2010-1-20 1224704]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\My Dell\pcdsrvc_x64.pkms [2013-5-2 25584]S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-27 1255736].=============== Created Last 30 ================.2013-08-01 10:07:52 -------- d-----w- C:\Windows\System32\MRT2013-07-20 08:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys2013-07-20 08:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys2013-07-20 08:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys2013-07-20 08:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys2013-07-11 04:12:26 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-11 04:11:53 3153920 ----a-w- C:\Windows\System32\win32k.sys2013-07-11 04:09:30 1643520 ----a-w- C:\Windows\System32\DWrite.dll2013-07-11 04:09:29 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll.==================== Find3M ====================.2013-07-10 08:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys2013-07-02 22:47:04 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-07-02 22:47:03 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-07-02 22:47:03 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-07-02 04:20:21 298 ----a-w- C:\Windows\DeleteOnReboot.bat2013-07-01 08:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys2013-06-27 04:30:15 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll.============= FINISH: 18:13:58.56 =============== Attach.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2Install Date: 1/23/2010 1:49:04 PMSystem Uptime: 8/9/2013 6:03:03 PM (0 hours ago).Motherboard: Dell Inc. | | 0F896NProcessor: AMD Athlon II X4 630 Processor | AM2 | 2800/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 451 GiB total, 151.731 GiB free.D: is CDROM ()E: is RemovableF: is RemovableG: is RemovableH: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP299: 7/28/2013 2:19:15 PM - Scheduled CheckpointRP300: 8/1/2013 3:00:27 AM - Windows UpdateRP301: 8/1/2013 12:57:29 PM - Installed Microsoft Fix it 50195.==== Installed Programs ======================.Adobe Digital EditionsAdobe Download Manager 2.2 (Remove Only)Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.03)AnswerWorks 4.0 Runtime - EnglishAnswerWorks 5.0 English RuntimeAoA Audio ExtractorApple Application SupportApple Mobile Device SupportApple Software UpdateATI Catalyst Control CenterAudacity 1.2.6AVG 2013Bing BarBonjourCatalyst Control Center - BrandingCatalyst Control Center Core ImplementationCatalyst Control Center Graphics Full ExistingCatalyst Control Center Graphics Full NewCatalyst Control Center Graphics LightCatalyst Control Center Graphics Previews CommonCatalyst Control Center Graphics Previews VistaCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-core-staticccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerCompatibility Pack for the 2007 Office systemConsumer In-Home Service AgreementCrossLoop 2.72D3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DataSafe OnlineDell DockDell Edoc ViewerDell Getting Started GuideDirectXInstallServiceDropBoxEMC 10 ContentEMCGadgets64Essentials of Music Theory 1 StudentGenerations® Grande Suite 8getsav-inGetSavinGoogle ChromeGoogle EarthGoogle Talk PluginGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToAssist 8.0.0.514iCloudInkscape 0.48.2iPod PC Transfer 4.7iTunesJava 7 Update 25Java Auto UpdaterJDiskReport 1.4.0Junk Mail filter updateMalwarebytes Anti-Malware version 1.75.0.1300Memeo AutoSyncMemeo Instant BackupMicrosoft .NET Framework 1.1Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Default ManagerMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Suite Activation AssistantMicrosoft Office Word MUI (English) 2010Microsoft Search Enhancement PackMicrosoft SilverlightMicrosoft Small Basic v1.0Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft UI EngineMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft WorksMovie MakerMozilla Firefox 15.0.1 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 17.0.5 (x86 en-US)MSVCRTMSVCRT_amd64MSVCRT110MSVCRT110_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP2 Parser and SDKMy DellOneClickdigital Media ManagerOverDrive Media ConsolePhoto CommonPhoto GalleryPicasa 3PowerDVD DXQuickBooksQuickBooks Premier 2002QuickBooks Premier Edition 2011Quicken 2002 DeluxeQuicken 2011QuickTimeRAIDXpertRealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealUpgrade 1.1Revo Uninstaller 1.94Rosetta Stone Version 3Roxio Activation ModuleRoxio BackOnTrackRoxio BurnRoxio Central AudioRoxio Central CopyRoxio Central CoreRoxio Central DataRoxio Central ToolsRoxio Easy CD and DVD BurningRoxio Express Labeler 3Roxio File BackupRoxio Update Managersave2pc Light 4.03Seagate DashboardSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687276) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft OneNote 2010 (KB2760600) 32-Bit EditionSecurity Update for Microsoft Publisher 2010 (KB2553147) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2810068) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionSkinsSonic CinePlayer Decoder PackTimeLeftTotal Commander (Remove or Repair)TurboTax 2008TurboTax 2008 waziperTurboTax 2008 WinPerFedFormsetTurboTax 2008 WinPerProgramHelpTurboTax 2008 WinPerReleaseEngineTurboTax 2008 WinPerTaxSupportTurboTax 2008 WinPerUserEducationTurboTax 2008 wrapperTurboTax Premier 2007Typing Instructor PlatinumUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553378) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687503) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2767886) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2597090) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2598240) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionVD64InstVisual Studio 2008 x64 RedistributablesVisual Studio 2010 x64 RedistributablesWebM Media Foundation ComponentsWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Photo CommonWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Player Firefox PluginWindows Mobile Device Updater ComponentXvid 1.2.1 final uninstallYahoo! BrowserPlus 2.9.8Zoom DownloaderZuneZune Language Pack (DEU)Zune Language Pack (ESP)Zune Language Pack (FRA)Zune Language Pack (ITA)Zune Language Pack (NLD)Zune Language Pack (PTB)Zune Language Pack (PTG).==== Event Viewer Messages From Past Week ========.8/9/2013 6:06:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.8/9/2013 6:04:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter8/9/2013 6:03:55 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified.8/9/2013 6:03:52 PM, Error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: This driver has been blocked from loading8/9/2013 6:03:52 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\mrtRate.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.8/9/2013 6:03:47 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.8/9/2013 6:02:30 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.8/8/2013 5:37:42 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.8/7/2013 9:20:24 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the Netman service.8/5/2013 8:39:48 AM, Error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).8/5/2013 8:13:34 PM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service..==== End Of File =========================== RogueKiller Report RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Peterson Desktop [Admin rights]Mode : Scan -- Date : 08/09/2013 20:40:38| ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] CrossLoopService.exe -- C:\Users\Peterson Desktop\AppData\Local\CrossLoop\CrossLoopService.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 9 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Peterson Desktop\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-244560176-827594973-441203170-1000\[...]\Run : Google Update ("C:\Users\Peterson Desktop\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 5 ¤¤¤[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-244560176-827594973-441203170-1000UA.job : C:\Users\Peterson Desktop\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-244560176-827594973-441203170-1000Core.job : C:\Users\Peterson Desktop\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] EPUpdater : C:\Users\PETERS~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe [x] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-244560176-827594973-441203170-1000Core : C:\Users\Peterson Desktop\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND[V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-244560176-827594973-441203170-1000UA : C:\Users\Peterson Desktop\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3500418AS ATA Device +++++--- User ---[MBR] 317a8ad38291e4359c746d6925e71f09[bSP] 66595773f61cf2f2e883aa0bf42762d2 : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_08092013_204038.txt >> Thank you for all your help!
  14. Hello, I have ads coming up in my chrome and internet explore web browser. Any help would be appreciated. Thank you!
  15. My computer is working tons better! Thank you so much for your help!!

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.