[briz_dad]

Step Two

 

Please run a free online scan with the ESET Online Scanner

 

Note: This scan works with Internet Explorer or Mozilla FireFox.

• Make sure that the option Remove found threats is Not checked

• Make sure that the option Scan archives is checked.

• Now click on Advanced Settings and select the following:

• Scan for potentially unwanted applications

• Scan for potentially unsafe applications

• Enable Anti-Stealth Technology

• Click on Start

Also, the interface is different than you are describing above; just a little different. See attachment for interface and settings I used.

Attached Thumbnails

• 

[Advertisements]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=d2f5ea67abd3494aa48b17903578a870
# engine=18864
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-24 11:39:56
# local_time=2014-06-24 04:39:56 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 263923 25683190 0 0
# scanned=553222
# found=4
# cleaned=0
# scan_time=13035
sh=25666379F6F789C78C3B733A74017811537DE7F9 ft=1 fh=5c569cec42fb960d vn="a variant of Win32/Kryptik.CEKQ trojan" ac=I fn="C:\Users\Greg\AppData\Local\hbmbuvok.exe"
sh=B319CD61E7364730142539840D64E79DA56C263E ft=1 fh=5c569cec42fb960d vn="a variant of Win32/Kryptik.CEKQ trojan" ac=I fn="C:\Users\Greg\AppData\Local\kfohqiav.exe"
sh=C6704814A65B2406EEF07235AEA67FB018C65F4D ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E potentially unwanted application" ac=I fn="W:\backup\Larry Berkelhammer\backup-www_larryberkelhammer_com-2014_05_23-full-hunskwiymj.zip"
sh=5DD13C84D9011A202DB08862E095B588A8773674 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E potentially unwanted application" ac=I fn="W:\backup\Larry Berkelhammer\backup-www_larryberkelhammer_com-2014_06_09-full-anep2bsb6c.zip"
 

[briz_dad]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=d2f5ea67abd3494aa48b17903578a870
# engine=18864
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-24 11:39:56
# local_time=2014-06-24 04:39:56 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 263923 25683190 0 0
# scanned=553222
# found=4
# cleaned=0
# scan_time=13035
sh=25666379F6F789C78C3B733A74017811537DE7F9 ft=1 fh=5c569cec42fb960d vn="a variant of Win32/Kryptik.CEKQ trojan" ac=I fn="C:\Users\Greg\AppData\Local\hbmbuvok.exe"
sh=B319CD61E7364730142539840D64E79DA56C263E ft=1 fh=5c569cec42fb960d vn="a variant of Win32/Kryptik.CEKQ trojan" ac=I fn="C:\Users\Greg\AppData\Local\kfohqiav.exe"
sh=C6704814A65B2406EEF07235AEA67FB018C65F4D ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E potentially unwanted application" ac=I fn="W:\backup\Larry Berkelhammer\backup-www_larryberkelhammer_com-2014_05_23-full-hunskwiymj.zip"
sh=5DD13C84D9011A202DB08862E095B588A8773674 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.E potentially unwanted application" ac=I fn="W:\backup\Larry Berkelhammer\backup-www_larryberkelhammer_com-2014_06_09-full-anep2bsb6c.zip"
 

[Teima]

My apologies about the outdated ESET instructions, quite often ESET will update their tools and they appear to have caught me off-guard. How does the computer appear to be running at the moment? Is there a noticeable difference?

 

Step One

 

Download aswMBR by avast! and save it to your desktop.

• Simply double-click the program icon to run it. It will ask for administrator privileges.
• Once prompted to download the database, click No.
• Choose None for the AV Scan option.
• Press Scan. Once done, click Save Log and choose your desktop.
• Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

 

[briz_dad]

My apologies about the outdated ESET instructions, quite often ESET will update their tools and they appear to have caught me off-guard. How does the computer appear to be running at the moment? Is there a noticeable difference?

 

 

Um... can you see the screenshots and determin if it is noticable? (I think it is - and it might just be me. I wished there were instructions addressing the radio buttons.)

[briz_dad]

Step One

 

Download aswMBR by avast! and save it to your desktop.

• Simply double-click the program icon to run it. It will ask for administrator privileges.
• Once prompted to download the database, click No.
• Choose None for the AV Scan option.
• Press Scan. Once done, click Save Log and choose your desktop.
• Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.

 

 

I'm not sure how to proceed with instructions above - they do not match the user interface of aswMBR. I've had so much trouble with this infestation - I am hesitant to do anything that isn't confirmed as proper instructions. (I ran the MalWarebytes again this morning upon starting up my computer - which is still an ordeal of its own - and about 12 infestations were found again. And I was notified from Google that someone in England logged in to my account. Luckily they were blocked.)

 

See screenshots for user interface/experienc I have with aswMBR.

Attached Thumbnails

• 
• 
• 

Edited by briz_dad, 27 June 2014 - 01:39 PM.

[Essexboy]

Hi Briz-dad, Tiema is incommunicado for the next 24 hours

AswMBR has been updated allow the Virtualization of AswMBR and download the virus defs. This will then work like a virtual machine using the latest data to detect anything that should not be there

[briz_dad]

Is this what you are looking for? (It seems sparce)

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-29 19:05:52
-----------------------------
19:05:52.383    OS Version: Windows x64 6.1.7601 Service Pack 1
19:05:52.383    Number of processors: 8 586 0x1A05
19:05:52.383    ComputerName: GREG-PC  UserName: Greg
19:05:53.656    Initialize success
19:05:53.656    VM: initialized successfully
19:05:53.690    VM: Intel CPU supported
19:05:58.286    VM: supported disk I/O ataport.SYS
19:07:07.310    AVAST engine defs: 14062902
19:07:39.780    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
19:07:39.782    Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 11
19:07:39.882    VM: Disk 0 MBR read successfully
19:07:39.885    Disk 0 MBR scan
19:07:39.914    Disk 0 Windows 7 default MBR code
19:07:39.917    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
19:07:39.920    Disk 0 unknown boot code
19:07:39.951    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
19:07:39.974    Scan finished successfully
19:07:49.451    Disk 0 MBR has been saved successfully to "C:\Users\Greg\Desktop\Geeks to Go\MBR.dat"
19:07:49.455    The log file has been saved successfully to "C:\Users\Greg\Desktop\Geeks to Go\aswMBR.txt"

 

[Essexboy]

Nope it looks good, the sparser the better

How is the computer behaving now, any problems at all ?

[briz_dad]

How is the computer behaving now, any problems at all ?

 

This is this morning's results from Malwarebytes - not good.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/30/2014
Scan Time: 7:26:57 AM
Logfile: Malwarebytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.30.07
Rootkit Database: v2014.06.23.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Greg

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 331305
Time Elapsed: 7 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
Trojan.Agent.ED, C:\Windows\SysWOW64\zyfyec.exe, 5760, , [b0efc9b5a4d755e1a9883809a060a45c]
Trojan.Agent.ED, C:\Users\Greg\AppData\Roaming\Acyzegos\idadhoo.exe, 5280, , [a9f6e19d493294a29c9521201ee2ef11]

Modules: 0
(No malicious items detected)

Registry Keys: 1
Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer855043648, , [b0efc9b5a4d755e1a9883809a060a45c],

Registry Values: 4
Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Anokybabyvluub, "C:\Users\Greg\AppData\Roaming\Acyzegos\idadhoo.exe", , [a9f6e19d493294a29c9521201ee2ef11]
Trojan.Agent.ED, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Anokybabyvluub, C:\Users\Greg\AppData\Roaming\Acyzegos\idadhoo.exe, , [a9f6e19d493294a29c9521201ee2ef11]
Trojan.Agent.ED, HKU\S-1-5-21-1832473972-728382222-2059160143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Anokybabyvluub, C:\Users\Greg\AppData\Roaming\Acyzegos\idadhoo.exe, , [a9f6e19d493294a29c9521201ee2ef11]
Trojan.Agent.ED, HKU\S-1-5-21-1832473972-728382222-2059160143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Anokybabyvluub, C:\Users\Greg\AppData\Roaming\Acyzegos\idadhoo.exe, , [a9f6e19d493294a29c9521201ee2ef11]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 5
Trojan.Agent.ED, C:\Windows\SysWOW64\zyfyec.exe, , [b0efc9b5a4d755e1a9883809a060a45c],
Trojan.Agent.ED, C:\Users\Greg\AppData\Roaming\Acyzegos\idadhoo.exe, , [a9f6e19d493294a29c9521201ee2ef11],
Trojan.Kelihos.ED, C:\Users\Greg\AppData\Local\Temp\UpdateFlashPlayer_2b296481.exe, , [e0bf542a5724092dcb09e09f0cf506fa],
Trojan.Agent.ED, C:\Users\Greg\AppData\Local\Temp\UpdateFlashPlayer_e663aa25.exe, , [fea1265848336fc73ef358e9e21e3ec2],
Trojan.Agent.RvGen, C:\Windows\Tasks\Security Center Update - 855043648.job, , [940b007e9cdf6bcb6b4913c1e22151af],

Physical Sectors: 0
(No malicious items detected)


(end)

[Essexboy]

Most are not a problem however, there is one that is coming back so I will use a bigger hammer

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  http://img.photobuck...claimer_ENG.png

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.
• Notes:
  1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  
  
  Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[briz_dad]

My computer has a boot-up issue. I think there is an issue with the RAM.

 

Also, I do video editing with Sony's Vegas Video Pro. It has been crashing a lot with simple tasks - this also might have to do with an issue with the RAM.

 

Right now, the computer is running smooth. I can tell when there is a virus issue because the motherboard fan starts running high and won't settle back down.

 

Lastly, I have three external drives that I work with a lot (video, music & web sites). Are the tests being running also scanning them for infestations and issues?

 

Here is the ComboFix report:

 

ComboFix 14-06-30.01 - Greg 06/30/2014   8:07.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.10231.7755 [GMT -7:00]
Running from: c:\users\Greg\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
c:\users\Greg\AppData\Local\cwbimxoe.exe
c:\users\Greg\AppData\Local\jiitdnvr.exe
c:\users\Greg\Documents\FAP196.tmp
c:\users\Greg\Documents\FAP27F7.tmp
c:\users\Greg\Documents\FAP300F.tmp
c:\users\Greg\Documents\FAP4EFE.tmp
c:\users\Greg\Documents\FAP803D.tmp
c:\users\Greg\Documents\FAP9D0C.tmp
c:\users\Greg\Documents\FAPB294.tmp
c:\users\Greg\Documents\FAPB4EC.tmp
c:\users\Greg\Documents\FAPB7B7.tmp
c:\users\Greg\Documents\FAPB8B3.tmp
c:\users\Greg\Documents\FAPDDD4.tmp
c:\users\Greg\Documents\FAPE729.tmp
c:\users\Greg\Documents\FAPE94F.tmp
c:\users\Greg\Documents\FAPEA89.tmp
c:\users\Greg\Documents\FAPEABA.tmp
c:\users\Greg\Documents\FAPF494.tmp
c:\users\Greg\Documents\FAPFB31.tmp
c:\users\Greg\g2mdlhlpx.exe
c:\users\Greg\GoToAssistDownloadHelper.exe
c:\users\Greg\ncftp
c:\users\Greg\ncftp\firewall.txt
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-28 to 2014-06-30  )))))))))))))))))))))))))))))))
.
.
2014-06-30 15:14 . 2014-06-30 15:14    --------    d-----w-    c:\users\Test\AppData\Local\temp
2014-06-30 15:14 . 2014-06-30 15:14    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-30 14:24 . 2014-06-30 14:55    --------    d-----w-    c:\users\Greg\AppData\Roaming\Acyzegos
2014-06-30 01:28 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F0924D3-B859-4B03-9C4C-CB1917E543A9}\mpengine.dll
2014-06-27 16:03 . 2014-06-27 17:00    --------    d-----w-    c:\users\Greg\AppData\Roaming\Paihemem
2014-06-26 21:56 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-25 20:45 . 2014-06-25 21:45    --------    d-----w-    c:\users\Greg\AppData\Roaming\Baygilox
2014-06-25 16:58 . 2014-05-02 05:01    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B597A98-3B3E-4EC6-AA19-CDAF4F10FE0E}\gapaengine.dll
2014-06-24 16:50 . 2014-06-24 16:50    --------    d-----w-    c:\users\Test\AppData\Roaming\FLEXnet
2014-06-23 20:48 . 2014-06-23 20:48    55104    ----a-w-    c:\windows\system32\drivers\zhrklagu.sys
2014-06-23 19:45 . 2014-06-23 21:38    --------    d-----w-    c:\users\Greg\AppData\Roaming\Vydicii
2014-06-21 22:05 . 2014-06-30 14:26    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-21 22:05 . 2014-06-23 22:20    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-21 22:05 . 2014-06-21 22:05    --------    d-----w-    c:\programdata\Malwarebytes
2014-06-21 22:05 . 2014-05-12 14:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-21 22:05 . 2014-05-12 14:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-21 22:05 . 2014-05-12 14:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-06-21 21:17 . 2014-06-21 21:17    --------    d-----w-    C:\_OTL
2014-06-21 19:56 . 2014-06-22 22:35    --------    d-----w-    c:\users\Greg\AppData\Roaming\Atbeacaq
2014-06-18 16:38 . 2014-06-18 17:06    --------    d-----w-    c:\users\Greg\AppData\Local\Audible
2014-06-18 00:52 . 2014-06-18 00:52    --------    d-----w-    c:\users\Test\AppData\Roaming\Sony Creative Software Inc
2014-06-18 00:16 . 2014-06-18 00:16    255352    ----a-w-    c:\windows\SysWow64\awrdscdc.ax
2014-06-18 00:16 . 2001-08-18 05:43    24576    ------w-    c:\windows\SysWow64\msxml3a.dll
2014-06-18 00:16 . 2014-06-18 00:16    --------    d-----w-    c:\program files (x86)\Audible
2014-06-15 19:59 . 2014-06-15 19:59    --------    d-----w-    c:\users\Greg\AppData\Roaming\com.adobe.DC3Module.AdobeADC
2014-06-14 04:11 . 2014-06-14 04:11    --------    d-----w-    c:\users\Test\AppData\Roaming\Publish Providers
2014-06-14 04:11 . 2014-06-14 04:11    --------    d-----w-    c:\users\Test\AppData\Roaming\NVIDIA
2014-06-14 04:11 . 2014-06-14 04:11    --------    d-----w-    c:\users\Test\AppData\Roaming\Titler
2014-06-14 04:11 . 2014-06-14 04:11    --------    d-----w-    c:\users\Test\AppData\Local\BorisFX
2014-06-14 04:11 . 2014-06-14 04:11    --------    d-----w-    c:\users\Test\AppData\Roaming\Sony
2014-06-14 04:11 . 2014-06-14 04:11    --------    d-----w-    c:\users\Test\AppData\Local\Sony
2014-06-12 06:45 . 2014-06-12 06:45    --------    d-----w-    c:\program files (x86)\Common Files\Steam
2014-06-12 06:45 . 2014-06-24 07:08    --------    d-----w-    c:\program files (x86)\Steam
2014-06-12 03:54 . 2014-06-08 09:13    506368    ----a-w-    c:\windows\system32\aepdu.dll
2014-06-03 03:06 . 2014-06-03 03:06    --------    d-----w-    c:\program files\iPod
2014-06-03 03:06 . 2014-06-03 03:07    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-03 03:06 . 2014-06-03 03:07    --------    d-----w-    c:\program files\iTunes
2014-06-03 03:06 . 2014-06-03 03:07    --------    d-----w-    c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-16 23:29 . 2014-04-19 04:04    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-16 23:29 . 2014-04-19 04:04    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-12 06:55 . 2014-04-15 04:53    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-27 23:36 . 2014-05-27 23:36    210216    ----a-w-    c:\windows\SysWow64\atsckernel.exe
2014-05-27 23:36 . 2014-05-27 23:36    118056    ----a-w-    c:\windows\SysWow64\atashost.exe
2014-05-19 17:42 . 2014-05-19 17:42    53248    ----a-r-    c:\users\Greg\AppData\Roaming\Microsoft\Installer\{632DCE79-2711-4B07-BB89-DA763E96840C}\ARPPRODUCTICON.exe
2014-05-19 17:42 . 2014-05-19 17:42    53248    ----a-r-    c:\users\Greg\AppData\Roaming\Microsoft\Installer\{3A9527CF-4E91-4683-A03F-F1AD022126E5}\ARPPRODUCTICON.exe
2014-05-12 03:31 . 2014-05-12 03:31    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-05-12 03:31 . 2014-05-12 03:31    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-05-12 03:30 . 2014-05-12 03:30    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-05-12 03:30 . 2014-05-12 03:30    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-05-02 05:01 . 2014-04-19 23:52    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-24 21:01 . 2014-04-24 21:01    34587232    ----a-w-    c:\windows\system32\BCC8_OFX_Float.dll
2014-04-24 21:01 . 2014-04-24 21:01    1151072    ----a-w-    c:\windows\system32\BCC8_Common_OFX.dll
2014-04-17 12:31 . 2014-04-18 21:34    10651704    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8EFE198-6533-447D-A00C-28908CC09B85}\mpengine.dll
2014-04-17 02:07 . 2014-04-17 02:07    313256    ----a-w-    c:\windows\system32\javaws.exe
2014-04-17 02:07 . 2014-04-17 02:07    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-04-17 02:07 . 2014-04-17 02:07    189352    ----a-w-    c:\windows\system32\java.exe
2014-04-17 02:07 . 2014-04-17 02:07    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-04-17 02:07 . 2014-04-17 02:07    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-16 03:30 . 2014-04-16 03:30    113629    ----a-w-    c:\windows\SysWow64\slmgr.vbs
2014-04-16 03:30 . 2014-04-16 03:30    113629    ----a-w-    c:\windows\system32\slmgr.vbs
2014-04-15 09:34 . 2014-04-15 09:34    1070232    ----a-w-    c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-15 05:14 . 2014-04-15 05:14    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-04-15 05:14 . 2014-04-15 05:14    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-04-15 05:14 . 2014-04-15 05:14    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-04-15 05:14 . 2014-04-15 05:14    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-04-15 05:14 . 2014-04-15 05:14    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-04-15 05:14 . 2014-04-15 05:14    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-04-15 05:14 . 2014-04-15 05:14    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-04-15 05:14 . 2014-04-15 05:14    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2014-04-15 05:14 . 2014-04-15 05:14    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-04-15 05:14 . 2014-04-15 05:14    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-04-15 05:14 . 2014-04-15 05:14    51200    ----a-w-    c:\windows\system32\imgutil.dll
2014-04-15 05:14 . 2014-04-15 05:14    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-04-15 05:14 . 2014-04-15 05:14    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-04-15 05:14 . 2014-04-15 05:14    441856    ----a-w-    c:\windows\system32\html.iec
2014-04-15 05:14 . 2014-04-15 05:14    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-04-15 05:14 . 2014-04-15 05:14    361984    ----a-w-    c:\windows\SysWow64\html.iec
2014-04-15 05:14 . 2014-04-15 05:14    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2014-04-15 05:14 . 2014-04-15 05:14    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-04-15 05:14 . 2014-04-15 05:14    247296    ----a-w-    c:\windows\system32\webcheck.dll
2014-04-15 05:14 . 2014-04-15 05:14    235008    ----a-w-    c:\windows\system32\url.dll
2014-04-15 05:14 . 2014-04-15 05:14    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-04-15 05:14 . 2014-04-15 05:14    226304    ----a-w-    c:\windows\system32\elshyph.dll
2014-04-15 05:14 . 2014-04-15 05:14    216064    ----a-w-    c:\windows\system32\msls31.dll
2014-04-15 05:14 . 2014-04-15 05:14    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-04-15 05:14 . 2014-04-15 05:14    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-04-15 05:14 . 2014-04-15 05:14    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-04-15 05:14 . 2014-04-15 05:14    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-04-15 05:14 . 2014-04-15 05:14    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-04-15 05:14 . 2014-04-15 05:14    149504    ----a-w-    c:\windows\system32\occache.dll
2014-04-15 05:14 . 2014-04-15 05:14    144896    ----a-w-    c:\windows\system32\wextract.exe
2014-04-15 05:14 . 2014-04-15 05:14    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-04-15 05:14 . 2014-04-15 05:14    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-04-15 05:14 . 2014-04-15 05:14    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-04-15 05:14 . 2014-04-15 05:14    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-04-15 05:14 . 2014-04-15 05:14    136192    ----a-w-    c:\windows\system32\iepeers.dll
2014-04-15 05:14 . 2014-04-15 05:14    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-04-15 05:14 . 2014-04-15 05:14    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-04-15 05:14 . 2014-04-15 05:14    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-04-15 05:14 . 2014-04-15 05:14    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-04-15 05:14 . 2014-04-15 05:14    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-04-15 05:14 . 2014-04-15 05:14    102912    ----a-w-    c:\windows\system32\inseng.dll
2014-04-12 02:22 . 2014-05-14 14:47    155072    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 14:47    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 14:47    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 14:47    136192    ----a-w-    c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 14:47    28160    ----a-w-    c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 14:47    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 14:47    31232    ----a-w-    c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 14:47    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 14:47    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2014-02-25 14:32    2852920    ----a-w-    c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2014-02-25 14:32    2852920    ----a-w-    c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2014-02-25 14:32    2852920    ----a-w-    c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00004YSILocalOnly]
@="{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}"
[HKEY_CLASSES_ROOT\CLSID\{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}]
2014-02-25 14:32    2852920    ----a-w-    c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-04-19 02:05    1020424    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-04-19 02:05    1020424    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-04-19 02:05    1020424    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen (64-bit)"="c:\program files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe" [2014-02-21 14082208]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2014-06-05 248176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-02-27 3775800]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-05-26 2688920]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2014-04-19 1056264]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"RoxWatchTray"="c:\program files (x86)\Roxio Easy CD & DVD Burning\Common\RoxWatchTray14.exe" [2012-11-29 294032]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-27 152392]
.
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2014-2-27 6296888]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-2-27 1129288]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2014\QBW32.EXE -silent [2014-2-27 1215816]
Transfer Utility Camera Monitor.lnk - c:\program files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe [2014-4-29 376176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Carbonite-Mirror-Image-Svc;Carbonite Mirror Image Service;c:\program files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe;c:\program files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch14;Roxio Hard Drive Watcher 14;c:\program files (x86)\Roxio Easy CD & DVD Burning\Common\RoxWatch14.exe;c:\program files (x86)\Roxio Easy CD & DVD Burning\Common\RoxWatch14.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB14;RoxMediaDB14;c:\program files (x86)\Roxio Easy CD & DVD Burning\Common\RoxMediaDB14.exe;c:\program files (x86)\Roxio Easy CD & DVD Burning\Common\RoxMediaDB14.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys;c:\windows\SYSNATIVE\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys;c:\windows\SYSNATIVE\Drivers\Saibad64.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys;c:\windows\SYSNATIVE\Drivers\SaibVdAd64.sys [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [x]
S2 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi64.exe;c:\windows\SYSNATIVE\nvwmi64.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 RoxioBurnLauncher;Roxio Burn Launcher;c:\program files (x86)\Roxio Easy CD & DVD Burning\Roxio Burn\RoxioBurnLauncher.exe;c:\program files (x86)\Roxio Easy CD & DVD Burning\Roxio Burn\RoxioBurnLauncher.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-11 20:25    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-19 23:29]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17 02:06]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17 02:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-05-23 09:10    671904    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-05-23 09:10    671904    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-05-23 09:10    671904    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2014-02-25 14:32    2994232    ----a-w-    c:\program files\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2014-02-25 14:32    2994232    ----a-w-    c:\program files\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2014-02-25 14:32    2994232    ----a-w-    c:\program files\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00004YSILocalOnly]
@="{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}"
[HKEY_CLASSES_ROOT\CLSID\{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}]
2014-02-25 14:32    2994232    ----a-w-    c:\program files\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-04-19 01:53    1293320    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-04-19 01:53    1293320    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-04-19 01:53    1293320    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2014-03-21 2728736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
"Hightail Sync Agent"="c:\program files (x86)\Hightail Desktop App\Hightail.exe" [2014-02-25 7107640]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: dell.com
Trusted Zone: hearthsidefoods.com\myapps
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - c:\program files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\qgeebwvf.default\
FF - prefs.js: browser.startup.homepage - hxxps://my.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-Labaol - c:\users\Greg\AppData\Roaming\Atbeacaq\lyoxerd.exe
Wow6432Node-HKCU-Run-wsqlhrut - c:\users\Greg\AppData\Local\cwbimxoe.exe
Wow6432Node-HKCU-Run-jkewvust - c:\users\Greg\AppData\Local\jiitdnvr.exe
Wow6432Node-HKLM-Run-Labaol - c:\users\Greg\AppData\Roaming\Atbeacaq\lyoxerd.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-Labaol - c:\users\Greg\AppData\Roaming\Atbeacaq\lyoxerd.exe
AddRemove-InstallShield_{20DFF861-31EE-41F6-98D5-0A992AE7D116} - c:\program files\InstallShield Installation Information\{20DFF861-31EE-41F6-98D5-0A992AE7D116}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:3a,ac,d8,57,db,a9,b4,00,d2,25,f4,bd,79,c7,bf,23,e1,c7,41,2c,b8,
   2b,4f,48,30,a2,c8,70,4d,f7,62,c0,ff,d4,60,1c,d2,f9,f0,1b,7f,4a,9b,da,09,1b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-30  08:17:34
ComboFix-quarantined-files.txt  2014-06-30 15:17
.
Pre-Run: 647,304,056,832 bytes free
Post-Run: 647,265,669,120 bytes free
.
- - End Of File - - 1980216D384715F80F71D1E0C41626DA
A36C5E4F47E84449FF07ED3517B43A31
 

[Essexboy]

Very revealing, it has shown where I believe the bad boys are hiding

At the moment there has been no testing of the additional hard drives. But we can run an antivirus scan on them later (it may take a long time dependant on size)
 
1. Close any open browsers.
 
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 
 
3. Open notepad and copy/paste the text in the quotebox below into it:
 
 

File::
c:\windows\system32\drivers\zhrklagu.sys
C:\Windows\SysWOW64\zyfyec.exe

Folder::
c:\users\Greg\AppData\Roaming\Acyzegos
c:\users\Greg\AppData\Roaming\Paihemem
c:\users\Greg\AppData\Roaming\Baygilox
c:\users\Greg\AppData\Roaming\Vydicii
c:\users\Greg\AppData\Roaming\Atbeacaq

 
Save this as CFScript.txt, in the same location as ComboFix.exe
 
 
 
 
Refering to the picture above, drag CFScript into ComboFix.exe
 
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[briz_dad]

ComboFix 14-06-30.01 - Greg 06/30/2014   9:08.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.10231.7097 [GMT -7:00]
Running from: c:\users\Greg\Desktop\ComboFix.exe
Command switches used :: c:\users\Greg\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\zhrklagu.sys"
"c:\windows\SysWOW64\zyfyec.exe"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Greg\AppData\Roaming\Acyzegos
c:\users\Greg\AppData\Roaming\Atbeacaq
c:\users\Greg\AppData\Roaming\Baygilox
c:\users\Greg\AppData\Roaming\Paihemem
c:\users\Greg\AppData\Roaming\Vydicii
c:\windows\system32\drivers\zhrklagu.sys
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-28 to 2014-06-30  )))))))))))))))))))))))))))))))
.
.
2014-06-30 16:12 . 2014-06-30 16:12    --------    d-----w-    c:\users\Test\AppData\Local\temp
2014-06-30 16:12 . 2014-06-30 16:12    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-06-30 01:28 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F0924D3-B859-4B03-9C4C-CB1917E543A9}\mpengine.dll
2014-06-26 21:56 . 2014-06-05 10:54    10779000    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-06-25 16:58 . 2014-05-02 05:01    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5B597A98-3B3E-4EC6-AA19-CDAF4F10FE0E}\gapaengine.dll
2014-06-24 16:50 . 2014-06-24 16:50    --------    d-----w-    c:\users\Test\AppData\Roaming\FLEXnet
2014-06-21 22:05 . 2014-06-30 14:26    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-21 22:05 . 2014-06-23 22:20    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-21 22:05 . 2014-06-21 22:05    --------    d-----w-    c:\programdata\Malwarebytes
2014-06-21 22:05 . 2014-05-12 14:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-06-21 22:05 . 2014-05-12 14:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-06-21 22:05 . 2014-05-12 14:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-06-21 21:17 . 2014-06-21 21:17    --------    d-----w-    C:\_OTL
2014-06-18 16:38 . 2014-06-18 17:06    --------    d-----w-    c:\users\Greg\AppData\Local\Audible
2014-06-18 00:52 . 2014-06-18 00:52    --------    d-----w-    c:\users\Test\AppData\Roaming\Sony Creative Software Inc
2014-06-18 00:16 . 2014-06-18 00:16    255352    ----a-w-    c:\windows\SysWow64\awrdscdc.ax
2014-06-18 00:16 . 2001-08-18 05:43    24576    ------w-    c:\windows\SysWow64\msxml3a.dll
2014-06-18 00:16 . 2014-06-18 00:16    --------    d-----w-    c:\program files (x86)\Audible
2014-06-15 19:59 . 2014-06-15 19:59    --------    d-----w-    c:\users\Greg\AppData\Roaming\com.adobe.DC3Module.AdobeADC
2014-06-14 04:11 . 2014-06-14 04:11    --------    d-----w-    c:\users\Test\AppData\Roaming\Publish Providers
2014-06-14 04:11 . 2014-06-14 04:11    --------    d-----w-    c:\users\Test\AppData\Roaming\NVIDIA
2014-06-14 04:11 . 2014-06-14 04:11    --------    d-----w-    c:\users\Test\AppData\Roaming\Titler
2014-06-14 04:11 . 2014-06-14 04:11    --------    d-----w-    c:\users\Test\AppData\Local\BorisFX
2014-06-14 04:11 . 2014-06-14 04:11    --------    d-----w-    c:\users\Test\AppData\Roaming\Sony
2014-06-14 04:11 . 2014-06-14 04:11    --------    d-----w-    c:\users\Test\AppData\Local\Sony
2014-06-12 06:45 . 2014-06-12 06:45    --------    d-----w-    c:\program files (x86)\Common Files\Steam
2014-06-12 06:45 . 2014-06-24 07:08    --------    d-----w-    c:\program files (x86)\Steam
2014-06-12 03:54 . 2014-06-08 09:13    506368    ----a-w-    c:\windows\system32\aepdu.dll
2014-06-03 03:06 . 2014-06-03 03:06    --------    d-----w-    c:\program files\iPod
2014-06-03 03:06 . 2014-06-03 03:07    --------    d-----w-    c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-03 03:06 . 2014-06-03 03:07    --------    d-----w-    c:\program files\iTunes
2014-06-03 03:06 . 2014-06-03 03:07    --------    d-----w-    c:\program files (x86)\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-16 23:29 . 2014-04-19 04:04    699056    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-16 23:29 . 2014-04-19 04:04    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-12 06:55 . 2014-04-15 04:53    95414520    ----a-w-    c:\windows\system32\MRT.exe
2014-05-27 23:36 . 2014-05-27 23:36    210216    ----a-w-    c:\windows\SysWow64\atsckernel.exe
2014-05-27 23:36 . 2014-05-27 23:36    118056    ----a-w-    c:\windows\SysWow64\atashost.exe
2014-05-19 17:42 . 2014-05-19 17:42    53248    ----a-r-    c:\users\Greg\AppData\Roaming\Microsoft\Installer\{632DCE79-2711-4B07-BB89-DA763E96840C}\ARPPRODUCTICON.exe
2014-05-19 17:42 . 2014-05-19 17:42    53248    ----a-r-    c:\users\Greg\AppData\Roaming\Microsoft\Installer\{3A9527CF-4E91-4683-A03F-F1AD022126E5}\ARPPRODUCTICON.exe
2014-05-12 03:31 . 2014-05-12 03:31    736952    ----a-w-    c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2014-05-12 03:31 . 2014-05-12 03:31    2876528    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-05-12 03:30 . 2014-05-12 03:30    42168    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-05-12 03:30 . 2014-05-12 03:30    539984    ----a-w-    c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-05-02 05:01 . 2014-04-19 23:52    1031560    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-04-24 21:01 . 2014-04-24 21:01    34587232    ----a-w-    c:\windows\system32\BCC8_OFX_Float.dll
2014-04-24 21:01 . 2014-04-24 21:01    1151072    ----a-w-    c:\windows\system32\BCC8_Common_OFX.dll
2014-04-17 12:31 . 2014-04-18 21:34    10651704    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8EFE198-6533-447D-A00C-28908CC09B85}\mpengine.dll
2014-04-17 02:07 . 2014-04-17 02:07    313256    ----a-w-    c:\windows\system32\javaws.exe
2014-04-17 02:07 . 2014-04-17 02:07    189352    ----a-w-    c:\windows\system32\javaw.exe
2014-04-17 02:07 . 2014-04-17 02:07    189352    ----a-w-    c:\windows\system32\java.exe
2014-04-17 02:07 . 2014-04-17 02:07    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-04-17 02:07 . 2014-04-17 02:07    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-04-16 03:30 . 2014-04-16 03:30    113629    ----a-w-    c:\windows\SysWow64\slmgr.vbs
2014-04-16 03:30 . 2014-04-16 03:30    113629    ----a-w-    c:\windows\system32\slmgr.vbs
2014-04-15 09:34 . 2014-04-15 09:34    1070232    ----a-w-    c:\windows\SysWow64\MSCOMCTL.OCX
2014-04-15 05:14 . 2014-04-15 05:14    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-04-15 05:14 . 2014-04-15 05:14    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-04-15 05:14 . 2014-04-15 05:14    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-04-15 05:14 . 2014-04-15 05:14    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-04-15 05:14 . 2014-04-15 05:14    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
2014-04-15 05:14 . 2014-04-15 05:14    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-04-15 05:14 . 2014-04-15 05:14    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-04-15 05:14 . 2014-04-15 05:14    62976    ----a-w-    c:\windows\system32\pngfilt.dll
2014-04-15 05:14 . 2014-04-15 05:14    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-04-15 05:14 . 2014-04-15 05:14    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-04-15 05:14 . 2014-04-15 05:14    51200    ----a-w-    c:\windows\system32\imgutil.dll
2014-04-15 05:14 . 2014-04-15 05:14    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-04-15 05:14 . 2014-04-15 05:14    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-04-15 05:14 . 2014-04-15 05:14    441856    ----a-w-    c:\windows\system32\html.iec
2014-04-15 05:14 . 2014-04-15 05:14    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-04-15 05:14 . 2014-04-15 05:14    361984    ----a-w-    c:\windows\SysWow64\html.iec
2014-04-15 05:14 . 2014-04-15 05:14    27648    ----a-w-    c:\windows\system32\licmgr10.dll
2014-04-15 05:14 . 2014-04-15 05:14    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-04-15 05:14 . 2014-04-15 05:14    247296    ----a-w-    c:\windows\system32\webcheck.dll
2014-04-15 05:14 . 2014-04-15 05:14    235008    ----a-w-    c:\windows\system32\url.dll
2014-04-15 05:14 . 2014-04-15 05:14    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-04-15 05:14 . 2014-04-15 05:14    226304    ----a-w-    c:\windows\system32\elshyph.dll
2014-04-15 05:14 . 2014-04-15 05:14    216064    ----a-w-    c:\windows\system32\msls31.dll
2014-04-15 05:14 . 2014-04-15 05:14    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-04-15 05:14 . 2014-04-15 05:14    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-04-15 05:14 . 2014-04-15 05:14    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-04-15 05:14 . 2014-04-15 05:14    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-04-15 05:14 . 2014-04-15 05:14    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-04-15 05:14 . 2014-04-15 05:14    149504    ----a-w-    c:\windows\system32\occache.dll
2014-04-15 05:14 . 2014-04-15 05:14    144896    ----a-w-    c:\windows\system32\wextract.exe
2014-04-15 05:14 . 2014-04-15 05:14    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-04-15 05:14 . 2014-04-15 05:14    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-04-15 05:14 . 2014-04-15 05:14    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-04-15 05:14 . 2014-04-15 05:14    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2014-04-15 05:14 . 2014-04-15 05:14    136192    ----a-w-    c:\windows\system32\iepeers.dll
2014-04-15 05:14 . 2014-04-15 05:14    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-04-15 05:14 . 2014-04-15 05:14    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-04-15 05:14 . 2014-04-15 05:14    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-04-15 05:14 . 2014-04-15 05:14    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-04-15 05:14 . 2014-04-15 05:14    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2014-04-15 05:14 . 2014-04-15 05:14    102912    ----a-w-    c:\windows\system32\inseng.dll
2014-04-12 02:22 . 2014-05-14 14:47    155072    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 14:47    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 14:47    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 14:47    136192    ----a-w-    c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 14:47    28160    ----a-w-    c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 14:47    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 14:47    31232    ----a-w-    c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 14:47    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 14:47    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2014-02-25 14:32    2852920    ----a-w-    c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2014-02-25 14:32    2852920    ----a-w-    c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2014-02-25 14:32    2852920    ----a-w-    c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00004YSILocalOnly]
@="{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}"
[HKEY_CLASSES_ROOT\CLSID\{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}]
2014-02-25 14:32    2852920    ----a-w-    c:\program files (x86)\Hightail Desktop App\YSINSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-04-19 02:05    1020424    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-04-19 02:05    1020424    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-04-19 02:05    1020424    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    131248    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen (64-bit)"="c:\program files\Gadwin\Gadwin PrintScreen\PrintScreen64.exe" [2014-02-21 14082208]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2014-06-05 248176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-13 43848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-02-27 3775800]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2014-05-26 2688920]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2014-04-19 1056264]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"RoxWatchTray"="c:\program files (x86)\Roxio Easy CD & DVD Burning\Common\RoxWatchTray14.exe" [2012-11-29 294032]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-27 152392]
.
c:\users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Greg\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-19 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2014-2-27 6296888]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-2-27 1129288]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2014\QBW32.EXE -silent [2014-2-27 1215816]
Transfer Utility Camera Monitor.lnk - c:\program files (x86)\PIXELA\Transfer Utility\CameraMonitor.exe [2014-4-29 376176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 Carbonite-Mirror-Image-Svc;Carbonite Mirror Image Service;c:\program files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe;c:\program files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch14;Roxio Hard Drive Watcher 14;c:\program files (x86)\Roxio Easy CD & DVD Burning\Common\RoxWatch14.exe;c:\program files (x86)\Roxio Easy CD & DVD Burning\Common\RoxWatch14.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB14;RoxMediaDB14;c:\program files (x86)\Roxio Easy CD & DVD Burning\Common\RoxMediaDB14.exe;c:\program files (x86)\Roxio Easy CD & DVD Burning\Common\RoxMediaDB14.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys;c:\windows\SYSNATIVE\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys;c:\windows\SYSNATIVE\Drivers\Saibad64.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys;c:\windows\SYSNATIVE\Drivers\SaibVdAd64.sys [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [x]
S2 NVWMI;NVIDIA WMI Provider;c:\windows\system32\nvwmi64.exe;c:\windows\SYSNATIVE\nvwmi64.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 RoxioBurnLauncher;Roxio Burn Launcher;c:\program files (x86)\Roxio Easy CD & DVD Burning\Roxio Burn\RoxioBurnLauncher.exe;c:\program files (x86)\Roxio Easy CD & DVD Burning\Roxio Burn\RoxioBurnLauncher.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-11 20:25    1091912    ----a-w-    c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-19 23:29]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17 02:06]
.
2014-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-17 02:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-05-23 09:10    671904    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-05-23 09:10    671904    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-05-23 09:10    671904    ----a-w-    c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00001YSISyncComplete]
@="{89B5F9CC-C4A2-462C-BD27-29CEAC972135}"
[HKEY_CLASSES_ROOT\CLSID\{89B5F9CC-C4A2-462C-BD27-29CEAC972135}]
2014-02-25 14:32    2994232    ----a-w-    c:\program files\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00002YSISyncActive]
@="{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}"
[HKEY_CLASSES_ROOT\CLSID\{84B7BDFB-C50A-4335-B7C2-8AEC454F9E25}]
2014-02-25 14:32    2994232    ----a-w-    c:\program files\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00003YSISyncError]
@="{306A9CDE-AC70-453A-8008-B5F9962B8F88}"
[HKEY_CLASSES_ROOT\CLSID\{306A9CDE-AC70-453A-8008-B5F9962B8F88}]
2014-02-25 14:32    2994232    ----a-w-    c:\program files\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00004YSILocalOnly]
@="{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}"
[HKEY_CLASSES_ROOT\CLSID\{23A7D2DC-F395-4E33-876C-84A2DFAB0EBB}]
2014-02-25 14:32    2994232    ----a-w-    c:\program files\Hightail Desktop App\YSINSE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-04-19 01:53    1293320    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-04-19 01:53    1293320    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-04-19 01:53    1293320    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09    164016    ----a-w-    c:\users\Greg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2014-03-21 2728736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
"Hightail Sync Agent"="c:\program files (x86)\Hightail Desktop App\Hightail.exe" [2014-02-25 7107640]
"Labaol"="c:\users\Greg\AppData\Roaming\Atbeacaq\lyoxerd.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: dell.com
Trusted Zone: hearthsidefoods.com\myapps
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - c:\program files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\qgeebwvf.default\
FF - prefs.js: browser.startup.homepage - hxxps://my.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-InstallShield_{20DFF861-31EE-41F6-98D5-0A992AE7D116} - c:\program files\InstallShield Installation Information\{20DFF861-31EE-41F6-98D5-0A992AE7D116}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:3a,ac,d8,57,db,a9,b4,00,d2,25,f4,bd,79,c7,bf,23,e1,c7,41,2c,b8,
   2b,4f,48,30,a2,c8,70,4d,f7,62,c0,ff,d4,60,1c,d2,f9,f0,1b,7f,4a,9b,da,09,1b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-06-30  09:14:05
ComboFix-quarantined-files.txt  2014-06-30 16:14
ComboFix2.txt  2014-06-30 15:17
.
Pre-Run: 647,387,566,080 bytes free
Post-Run: 647,363,461,120 bytes free
.
- - End Of File - - 3DF45EA16CABACA6F191470CF9BDE568
A36C5E4F47E84449FF07ED3517B43A31
 

[Essexboy]

Now that looks better

For scanning your slave drives I would recommend Dr Web as a good one shot scanner
It is a large download and will take a while to run
I am just looking at it on my system now in case you need some destructions

How is the computer now ?

[briz_dad]

Um... it looks like two files needed for QuickBooks were accidently removed. I'm dealing with that right now...

 

Restore qbdmgr.exe and qbdmgrN.exe from virus vault or quarantine

 

Right now - I'm dealing on getting my QB back up and running... since I was in "panic mode" and had the files deleted/removed. A search doesn't find them...