Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Think I have Poweliks [Solved]

poweliks com surrogate

  • This topic is locked This topic is locked

#1
mfulkerson

mfulkerson

    New Member

  • Member
  • Pip
  • 3 posts

I have been reading the other posts with similar symptoms to my own.  I have multiple com surrogate processes eating up all my processing power and memory.  I have run the FRST and attached the output files.  Like others, I could use help with a fix-it list.  I appreciate any and all help you can provide.  Please let me know if you need any further information.

 

Thanks again,

Mike

Attached Files


  • 0

Advertisements


#2
mfulkerson

mfulkerson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

I saw in another post you may prefer the log copy and pasted instead of attached.  Here you are (both the FRST and Additional).  Thanks!

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2014 01
Ran by Jennifer (administrator) on FULKERSON-HOME on 10-11-2014 09:26:38
Running from C:\Users\Jennifer\Desktop
Loaded Profile: Jennifer (Available profiles: Jennifer & Mike & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files\AOMEI Backupper\ABService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dropbox, Inc.) C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\avastui.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
() C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
(The Nielsen Company) C:\Program Files\NetRatingsNetSight\NetSight\nielsenonline.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(CompanionLink Software, Inc.) C:\Program Files\CompanionLink\CompanionLink.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM\...\Run: [SSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [NielsenOnline] => C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91872 2014-09-03] (The Nielsen Company)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [1037736 2007-08-31] (Microsoft Corporation)
HKLM\...\Run: [ISUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2007-05-25] ( )
HKLM\...\Run: [dscactivate] => c:\dell\dsca.exe [16384 2007-07-30] ( )
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3649128416-2311760161-3228670520-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3649128416-2311760161-3228670520-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3649128416-2311760161-3228670520-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3649128416-2311760161-3228670520-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-10-31] (Apple Inc.)
HKU\S-1-5-21-3649128416-2311760161-3228670520-1000\...\Run: [CompanionLink] => c:\program files\companionlink\companionlink.exe [60056064 2013-12-12] (CompanionLink Software, Inc.)
HKU\S-1-5-21-3649128416-2311760161-3228670520-1000\...\Run: [com.apple.dav.bookmarks.daemon] => C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe [59720 2013-10-02] (Apple Inc.)
HKU\S-1-5-21-3649128416-2311760161-3228670520-1000\...\Run: [ChromeUpdate] => C:\Users\Jennifer\AppData\Roaming\FrameworkUpdate7\ChromeUpdate.exe [15082858 2014-11-08] (Company name goes here)
HKU\S-1-5-21-3649128416-2311760161-3228670520-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3649128416-2311760161-3228670520-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Alwil Software\Avast5\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.swagbucks.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
URLSearchHook: HKLM - (No Name) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} -  No File
URLSearchHook: HKCU - (No Name) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} -  No File
SearchScopes: HKLM - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...&ctid=CT2260173
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =
BHO: No Name -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} ->  No File
BHO: Virtual Storage Mount Notification -> {3CF560DC-DFCB-4737-82C2-9564CA8F733B} -> C:\Windows\system32\VSMntNtf.dll (EldoS Corporation)
BHO: Virtual Storage Mount Notification -> {5FF49FE8-B332-4CB9-B102-FB6951629E55} -> C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: No Name -> {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} ->  No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: No Name -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} ->  No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> c:\Program Files\Java\jre1.6.0\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} -  No File
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://icare2.cdh.o...COL /relayp.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-cent...bin/actxcab.cab
DPF: {C272534C-74F1-424D-84DC-B545540838DC} https://lle5.ll2go.c.../LapLinkRdp.dll
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://icare.cdh.or...SetupClient.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-07-26]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-12-12]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File
CHR Plugin: (NielsenOnline) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.7.0_0\chrometracker.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (PalmSource Package Installer) - C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-07]
CHR Extension: (Google Search) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-27]
CHR Extension: (avast! Online Security) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-09-12]
CHR Extension: (Nielsen) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh [2012-07-27]
CHR Extension: (Google Wallet) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR Extension: (Gmail) - C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-27]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx [2014-07-05]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-07-05] (AVAST Software)
R2 Backupper Service; C:\Program Files\AOMEI Backupper\ABService.exe [29912 2013-08-26] (AOMEI Tech Co., Ltd.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NielsenUpdate; C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2932448 2014-09-03] (The Nielsen Company)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-01-18] (Hewlett-Packard) [File not signed]
S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S2 Update AtuZi; "C:\Program Files\AtuZi\updateAtuZi.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [26424 2013-05-07] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [129720 2013-05-07] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [14392 2013-02-06] () [File not signed]
S3 ASUSVRC; C:\Windows\System32\DRIVERS\AsusVRC.sys [18432 2007-01-29] (ASUSTeK COMPUTER INC.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-05] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-07-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-05] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-07-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-05] ()
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [273552 2010-11-30] (EldoS Corporation)
R1 JDFS; C:\Windows\system32\drivers\jdfs.sys [140048 2009-01-08] (Jungle Disk, Inc.)
R1 nnfwdk; C:\Program Files\NetRatingsNetSight\NetSight\meter8\nnfwdk.sys [23264 2014-09-03] (The Nielsen Company)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S3 SQTECH913D; C:\Windows\System32\Drivers\Capt913D.sys [29522 2006-12-21] (Service & Quality Technology.) [File not signed]
S3 asusgsb; system32\drivers\asusgsb.sys [X]
S3 atkdisplf; system32\drivers\ATKDispLowFilter.sys [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S1 EIO; system32\DRIVERS\EIO.sys [X]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 09:26 - 2014-11-10 09:27 - 00025884 _____ () C:\Users\Jennifer\Desktop\FRST.txt
2014-11-10 09:20 - 2014-11-10 09:27 - 00000000 ____D () C:\FRST
2014-11-10 09:18 - 2014-11-10 09:19 - 01107968 _____ (Farbar) C:\Users\Jennifer\Desktop\FRST.exe
2014-11-10 09:12 - 2014-11-10 09:12 - 00004032 _____ () C:\Users\Jennifer\Desktop\fixlist.txt
2014-11-10 08:02 - 2014-11-10 08:01 - 00050688 _____ (Atribune.org) C:\Users\Jennifer\Desktop\atfcleaner.exe
2014-11-10 08:01 - 2014-11-10 08:01 - 00050688 _____ (Atribune.org) C:\Users\Mike\Desktop\atfcleaner.exe
2014-11-10 08:00 - 2014-11-10 07:58 - 00854704 _____ (Adobe Systems Incorporated) C:\Users\Jennifer\Desktop\uninstall_flash_player.exe
2014-11-10 07:58 - 2014-11-10 07:58 - 00854704 _____ (Adobe Systems Incorporated) C:\Users\Mike\Desktop\uninstall_flash_player.exe
2014-11-08 17:08 - 2014-11-08 19:31 - 00000424 _____ () C:\ProgramData\@system.temp
2014-11-08 17:08 - 2014-11-08 19:31 - 00000160 ____H () C:\ProgramData\@system3.att
2014-11-08 17:07 - 2014-11-08 17:07 - 00000448 ____H () C:\Users\Jennifer\AppData\Roaming\麽鎒駓覜
2014-11-08 17:07 - 2014-11-08 17:07 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\FrameworkUpdate7
2014-11-08 17:06 - 2014-11-08 17:07 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-03 07:16 - 2014-11-03 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-03 07:16 - 2014-11-03 07:16 - 00000000 ____D () C:\Program Files\QuickTime
2014-11-03 07:13 - 2014-11-03 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-03 07:12 - 2014-11-03 07:13 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2014-11-03 07:12 - 2014-11-03 07:12 - 00000000 ____D () C:\Program Files\iPod
2014-10-30 11:03 - 2014-10-30 11:03 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\LogMeIn
2014-10-30 11:03 - 2014-10-30 11:03 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-10-16 04:15 - 2014-06-15 16:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 04:15 - 2014-06-13 12:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 04:15 - 2014-06-13 12:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 04:12 - 2014-09-27 17:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 04:03 - 2014-09-04 17:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2014-10-16 04:01 - 2014-09-16 10:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 00:04 - 2014-09-19 16:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 00:04 - 2014-09-19 16:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 00:04 - 2014-09-19 16:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 00:04 - 2014-09-19 16:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 00:04 - 2014-09-19 16:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 00:04 - 2014-09-19 16:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 00:04 - 2014-09-19 16:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-16 00:04 - 2014-09-19 16:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 00:04 - 2014-09-19 16:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 00:04 - 2014-09-19 16:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 00:04 - 2014-09-19 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 00:04 - 2014-09-19 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 00:04 - 2014-09-19 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 00:04 - 2014-09-19 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-16 00:04 - 2014-09-19 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 00:04 - 2014-09-19 16:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 00:04 - 2014-09-19 16:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 00:04 - 2014-09-19 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 00:04 - 2014-09-19 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-16 00:04 - 2014-09-19 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-16 00:04 - 2014-09-19 16:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-10 09:18 - 2014-06-19 18:39 - 00000580 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3649128416-2311760161-3228670520-1000.job
2014-11-10 08:44 - 2014-07-05 20:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-10 08:44 - 2014-07-05 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-10 08:44 - 2014-07-05 20:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-11-10 08:41 - 2012-12-05 20:57 - 00000000 ___RD () C:\Users\Jennifer\Dropbox
2014-11-10 08:41 - 2012-12-05 20:47 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Dropbox
2014-11-10 08:40 - 2012-05-15 10:58 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-10 08:32 - 2012-05-15 10:58 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-10 08:32 - 2007-10-24 03:27 - 01411986 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 08:27 - 2006-11-02 07:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-10 08:27 - 2006-11-02 06:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-10 08:27 - 2006-11-02 06:47 - 00003568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-10 08:26 - 2006-11-02 07:01 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-10 08:12 - 2007-10-24 04:01 - 00823460 _____ () C:\Windows\PFRO.log
2014-11-10 08:04 - 2007-10-24 03:37 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-10 07:56 - 2014-07-05 19:21 - 00119048 _____ () C:\Users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-10 07:32 - 2007-10-24 03:55 - 00000000 ____D () C:\Program Files\Adobe
2014-11-10 07:28 - 2008-02-26 21:45 - 00000000 ____D () C:\Users\Jennifer\AppData\Roaming\Move Networks
2014-11-10 07:26 - 2006-11-02 04:33 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-10 06:35 - 2009-10-29 08:06 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\CrashDumps
2014-11-10 06:34 - 2014-02-27 19:00 - 00000398 _____ () C:\Windows\Tasks\144f9397-2cec-4287-b3ce-3ffcfc9ada3a.AOMEI.job
2014-11-10 01:00 - 2014-01-23 20:49 - 00001024 ____H () C:\SYSTAG.BIN
2014-11-10 01:00 - 2014-01-23 20:48 - 00000000 ____D () C:\Program Files\AOMEI Backupper
2014-11-08 10:24 - 2014-01-19 12:27 - 00020034 _____ () C:\Users\Jennifer\Documents\Chiropractic Coverage 2014.xlsx
2014-11-08 09:20 - 2011-10-02 16:16 - 00000000 ____D () C:\Users\Jennifer\Documents\Addresses
2014-11-08 09:17 - 2011-10-02 16:00 - 00000000 ____D () C:\Users\Jennifer\Documents\Christmas
2014-11-06 16:35 - 2009-06-30 22:28 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\CutePDF Writer
2014-11-03 13:18 - 2011-12-09 11:05 - 00000000 ____D () C:\Users\Jennifer\AppData\Local\join.me
2014-11-03 07:16 - 2014-03-23 09:37 - 00001688 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-03 07:13 - 2013-01-06 12:45 - 00001626 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-03 07:13 - 2008-12-14 20:05 - 00000000 ____D () C:\Program Files\iTunes
2014-11-03 07:12 - 2011-11-30 14:07 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-03 07:11 - 2014-09-14 09:42 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-10-30 11:57 - 2011-10-02 16:24 - 00000000 ____D () C:\Users\Jennifer\Documents\Medical
2014-10-25 05:14 - 2014-02-03 16:38 - 00011187 _____ () C:\Users\Jennifer\Documents\Psychology Visits 2014.xlsx
2014-10-25 05:12 - 2014-01-12 10:20 - 00133452 _____ () C:\Users\Jennifer\Documents\Family Budget Sheet 2014.xlsx
2014-10-19 14:07 - 2010-11-24 18:24 - 00036864 ___SH () C:\Users\Jennifer\Thumbs.db
2014-10-16 04:47 - 2006-11-02 05:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-16 04:35 - 2006-11-02 06:47 - 00430464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 04:15 - 2008-08-26 09:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 04:10 - 2013-08-15 02:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 04:03 - 2006-11-02 04:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

Files to move or delete:
====================
C:\Users\Jennifer\CitrixReceiver.exe

Some content of TEMP:
====================
C:\Users\Jennifer\AppData\Local\Temp\converter.exe
C:\Users\Jennifer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvyu0ch.dll
C:\Users\Jennifer\AppData\Local\Temp\dxwebsetup.exe
C:\Users\Jennifer\AppData\Local\Temp\EBU6296.exe
C:\Users\Jennifer\AppData\Local\Temp\EBU6B5D.DLL
C:\Users\Jennifer\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Jennifer\AppData\Local\Temp\GLFAC6.tmp.tbSwag.dll
C:\Users\Jennifer\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Jennifer\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Jennifer\AppData\Local\Temp\mny736C.exe
C:\Users\Jennifer\AppData\Local\Temp\ModelCheckUtility.exe
C:\Users\Jennifer\AppData\Local\Temp\msxml6-KB927977-enu-x86.exe
C:\Users\Jennifer\AppData\Local\Temp\NASUPnP.dll
C:\Users\Jennifer\AppData\Local\Temp\nsb3CB4.tmp.ConduitEngineEmbbed.exe
C:\Users\Jennifer\AppData\Local\Temp\nsjA9A2.tmp.ConduitEngineEmbbed.exe
C:\Users\Jennifer\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Jennifer\AppData\Local\Temp\nvStInst.exe
C:\Users\Jennifer\AppData\Local\Temp\ose00000.exe
C:\Users\Jennifer\AppData\Local\Temp\Relay.dll
C:\Users\Jennifer\AppData\Local\Temp\RelayL.dll
C:\Users\Jennifer\AppData\Local\Temp\setup_3.0.5606.exe
C:\Users\Jennifer\AppData\Local\Temp\setup_3.0.5617.exe
C:\Users\Jennifer\AppData\Local\Temp\setup_3.2.10.exe
C:\Users\Jennifer\AppData\Local\Temp\setup_3.2.20.exe
C:\Users\Jennifer\AppData\Local\Temp\TB_350C.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-10 08:34

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2014 01
Ran by Jennifer at 2014-11-10 09:29:08
Running from C:\Users\Jennifer\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.4 - Hewlett-Packard) Hidden
913D Camera (HKLM\...\{B0A5E43A-DBDE-4C9B-BCC5-689CED407B4D}) (Version: 1.00.000 - )
Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
AOMEI Backupper (HKLM\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{235EBB33-3DA1-46DF-AADE-9955123409CB}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AudibleManager (HKLM\...\AudibleManager) (Version: 4759644.48.2147311616.4759644 - Audible, Inc.)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2021 - AVAST Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon MF Toolbox 4.9.1.1.mf04 (HKLM\...\{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}) (Version: 2.3.0 - )
Canon MF Toolbox 4.9.1.1.mf04 (HKLM\...\{3BDDF462-8A95-4C50-86DA-4D41F3483EA5}) (Version: 2.3.0 - Canon)
Canon MF Toolbox 4.9.1.1.mf04 (HKLM\...\{DD929BD3-5D41-4407-BE04-119B4A631869}) (Version:  - )
Canon MF4100 Series (HKLM\...\{239A8D60-270B-42e8-82D3-60D70A2942E0}) (Version:  - )
Citrix Online Launcher (HKLM\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
CompanionLink (HKLM\...\{506EA5AF-B1FF-4340-AFC5-7A3EAC61737F}) (Version: 5.00.5050 - CompanionLink Software, Inc.)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows4.0) (Version: 4.0 - Coupons, Inc.) <==== ATTENTION
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Support Center (HKLM\...\{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}) (Version: 1.0.07192 - Dell)
Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
iCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.550 - Oracle)
Java™ SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kidzui (HKLM\...\Kidzui) (Version:  - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft IntelliPoint 6.2 (HKLM\...\{8C5FAD77-F678-4758-A296-C12F08D179E0}) (Version: 6.20.182.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Virtual PC 2007 (HKLM\...\{8A7CAA24-7B23-410B-A7C3-F994B0944160}) (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Nielsen//NetRatings (HKLM\...\NetSight) (Version:  - )
Norton Security Scan (HKLM\...\{48B82226-75E3-4E90-92CC-D30F79EA6380}) (Version: 1.4.0 - Symantec Corporation)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Graphics Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
NVIDIANetworkDiagnostic (HKLM\...\InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}) (Version: 1.00.0000 - NVIDIA Corporation)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Online Plug-in (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
OverDrive Media Console (HKLM\...\{D07205E7-F6D3-4333-AFCC-782A07685B72}) (Version: 3.2.20 - OverDrive, Inc.)
PCLinq2 High-Speed USB Bridge Cable (HKLM\...\{95381165-5D16-4CD4-9162-57799A3F3AB5}) (Version:  - )
Platform (Version: 1.15 - VIA Technologies, Inc.) Hidden
Presto! PageManager 7.15.14 (HKLM\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.14E - NewSoft)
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Quicken 2011 (HKLM\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
Samsung Story Album Viewer (HKLM\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
ScanSoft OmniPage SE 4.0 (HKLM\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Swag_Bucks Toolbar (HKLM\...\Swag_Bucks Toolbar) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Service (Version: 4.1.0 - <no manufacturer>) Hidden
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version:  - )
Utility (Version: 1.00.0002 - ASUSTek) Hidden
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.15 - VIA Technologies, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (11/20/2012 5.0.0.122) (HKLM\...\86199C640F0CE30123C41E46925419EA5E095763) (Version: 11/20/2012 5.0.0.122 - Google, Inc.)
Windows Essentials Media Codec Pack 3.5 [32-Bit] (HKLM\...\Windows Essentials Media Codec Pack) (Version: 3.5 - Media Codec)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wise Registry Cleaner 8.21 (HKLM\...\Wise Registry Cleaner_is1) (Version: 8.21 - WiseCleaner.com, Inc.)
XviD MPEG-4 Video Codec (HKLM\...\xvid) (Version:  - XviD Development Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{188047CE-0F0A-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\Palm\QUICKI~1.EXE No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{1D67C047-F016-11D6-831E-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PictPreview.dll No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{209DAEB8-0F02-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\Palm\QUICKI~1.EXE No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{3B52D512-935F-11D6-82D4-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{43F73EA1-92AE-11D6-82D3-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{6357BCA7-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\DefaultPlugin.dll No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{6357BCBC-B06E-11D6-82EF-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PqiIcon.dll No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Conduit\Community Alerts\Alert.dll (ClientConnect Ltd.)
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{763F9014-A89C-11D6-82E7-00C04FA03755}\localserver32 -> C:\PROGRA~1\Palm\QUICKI~1.EXE No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{831B49E8-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\ExpenseExt.ocx No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{831B49E9-91A6-11D5-820F-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\ExpenseExt.ocx No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jennifer\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{868C6D64-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\NotePadExt.ocx No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{868C6D65-8B98-11D5-8209-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\NotePadExt.ocx No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{AB40E4E0-0F0C-11D7-8331-00C04FA03755}\localserver32 -> C:\PROGRA~1\Palm\QUICKI~1.EXE No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{B2565128-0F22-11D7-8331-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{BE1B5231-A3E2-11D6-82E3-00C04FA03755}\localserver32 -> C:\PROGRA~1\Palm\QUICKI~1.EXE No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{BE1B5233-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{BE1B5235-A3E2-11D6-82E3-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{DFD4C164-AE18-11D6-82EC-00C04FA03755}\localserver32 -> C:\PROGRA~1\Palm\QUICKI~1.EXE No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{EE469827-4ED9-443B-9FB0-EFA81FEA6646}\InprocServer32 -> C:\Program Files\Palm\Components\DelDups.dll No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{F21AC7C7-D6F5-11D6-8306-00C04FA03755}\InprocServer32 -> C:\Program Files\Palm\PRouter.dll No File
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3649128416-2311760161-3228670520-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

30-10-2014 05:00:02 Scheduled Checkpoint
31-10-2014 05:00:01 Scheduled Checkpoint
31-10-2014 18:36:26 Scheduled Checkpoint
01-11-2014 17:34:07 Scheduled Checkpoint
03-11-2014 02:00:39 Scheduled Checkpoint
04-11-2014 06:00:01 Scheduled Checkpoint
05-11-2014 06:00:00 Scheduled Checkpoint
06-11-2014 06:00:01 Scheduled Checkpoint
07-11-2014 03:20:07 Scheduled Checkpoint
08-11-2014 06:00:01 Scheduled Checkpoint
09-11-2014 10:37:47 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2011-10-03 06:20 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05CE52D8-11A0-4A20-8FD1-7525A273D536} - System32\Tasks\144f9397-2cec-4287-b3ce-3ffcfc9ada3a.AOMEI => C:\Program Files\AOMEI Backupper\Backupper.exe [2013-08-26] (AOMEI Tech Co., Ltd.)
Task: {23B889D4-4C40-4CDA-B3D0-6D0FF3748141} - System32\Tasks\avast! Emergency Update => C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe [2014-07-05] (AVAST Software)
Task: {37390A51-B76F-4C69-8CDA-4FB343606467} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2007-08-31] (Microsoft Corporation)
Task: {59AB7DAF-D8B1-4D35-95AF-5D6603C3064A} - System32\Tasks\Windows Codec Update Service => C:\Program Files\Essentials Codec Pack\WECPUpdate.exe [2012-02-22] (MediaCodec.Org)
Task: {60A8604C-4D81-48C1-B846-D29F8E103711} - System32\Tasks\Startup\S-1-5-21-3649128416-2311760161-3228670520-1000\StartupFolder\Dropbox.lnk => Rundll32.exe shell32.dll,ShellExec_RunDLL C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
Task: {738E9831-71B1-4594-953D-69715BE3DD6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {82EA69C6-46FA-4A30-A03A-F1CCF39E48FD} - System32\Tasks\G2MUpdateTask-S-1-5-21-3649128416-2311760161-3228670520-1000 => C:\Users\Jennifer\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-29] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D1235612-A416-48E5-B225-D417F293809D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {D56AC3A1-C3C6-4615-90CA-FA11AE90A214} - System32\Tasks\Avast => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-07-31] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\144f9397-2cec-4287-b3ce-3ffcfc9ada3a.AOMEI.job => C:\Program Files\AOMEI Backupper\Backupper.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3649128416-2311760161-3228670520-1000.job => C:\Users\Jennifer\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-03 23:02 - 2014-07-05 19:28 - 00301152 _____ () C:\Program Files\Alwil Software\Avast5\aswProperty.dll
2014-11-10 06:46 - 2014-11-10 06:46 - 02900992 _____ () C:\Program Files\Alwil Software\Avast5\defs\14111001\algo.dll
2009-06-30 22:27 - 2007-07-12 21:33 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00196312 _____ () C:\Program Files\AOMEI Backupper\UiLogic.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00220888 _____ () C:\Program Files\AOMEI Backupper\diskmgr.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00171736 _____ () C:\Program Files\AOMEI Backupper\Comn.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00077528 _____ () C:\Program Files\AOMEI Backupper\Ldm.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00061144 _____ () C:\Program Files\AOMEI Backupper\Device.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00257752 _____ () C:\Program Files\AOMEI Backupper\BrFat.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00368344 _____ () C:\Program Files\AOMEI Backupper\BrNtfs.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00057048 _____ () C:\Program Files\AOMEI Backupper\FuncLogic.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00167640 _____ () C:\Program Files\AOMEI Backupper\Clone.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00245464 _____ () C:\Program Files\AOMEI Backupper\ImgFile.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00028376 _____ () C:\Program Files\AOMEI Backupper\Encrypt.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00073432 _____ () C:\Program Files\AOMEI Backupper\Compress.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00093912 _____ () C:\Program Files\AOMEI Backupper\BrVol.dll
2014-01-23 20:49 - 2013-08-26 17:15 - 00043736 _____ () C:\Program Files\AOMEI Backupper\Backup.dll
2006-11-05 09:28 - 2006-11-05 09:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2009-02-01 21:43 - 2014-09-03 13:01 - 00504832 _____ () C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
2014-11-10 08:41 - 2014-11-10 08:41 - 00043008 _____ () c:\users\jennifer\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpvyu0ch.dll
2013-08-23 13:01 - 2013-08-23 13:01 - 25100288 _____ () C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-12 08:57 - 2014-07-05 19:28 - 19329904 _____ () C:\Program Files\Alwil Software\Avast5\libcef.dll
2008-01-02 22:54 - 2006-09-20 08:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
2008-01-02 22:54 - 2006-09-19 16:05 - 00024576 _____ () C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: WinDefend => 2
MSCONFIG\startupreg: VBTUCopy => C:\Program Files\VBTUCopy\VBTUCopy.exe /a /f
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

========================= Accounts: ==========================

Administrator (S-1-5-21-3649128416-2311760161-3228670520-500 - Administrator - Disabled)
Guest (S-1-5-21-3649128416-2311760161-3228670520-501 - Limited - Disabled)
Jennifer (S-1-5-21-3649128416-2311760161-3228670520-1000 - Administrator - Enabled) => C:\Users\Jennifer
Mike (S-1-5-21-3649128416-2311760161-3228670520-1003 - Administrator - Enabled) => C:\Users\Mike
UpdatusUser (S-1-5-21-3649128416-2311760161-3228670520-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2014 09:07:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16584, time stamp 0x4549b14e, faulting module MSHTML.dll, version 9.0.8112.16584, time stamp 0x541cb3c5, exception code 0xc0000005, fault offset 0x00260cee,
process id 0x16d0, application start time 0xiexplore.exe0.

Error: (11/10/2014 07:10:11 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 9.0.8112.16584 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1a60
Start Time: 01cffce728d5e168
Termination Time: 228

Error: (11/10/2014 06:35:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NielsenOnline.exe, version 6.1.0.41, time stamp 0x54075717, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x00048762,
process id 0x345c, application start time 0xNielsenOnline.exe0.

Error: (11/10/2014 04:08:51 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (11/10/2014 04:08:51 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point on volume (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Descripton = Scheduled Checkpoint; Hr = 0x81000101).

Error: (11/10/2014 03:22:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application NielsenOnline.exe, version 6.1.0.41, time stamp 0x54075717, faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000005, fault offset 0x00048762,
process id 0x1c20, application start time 0xNielsenOnline.exe0.

Error: (11/10/2014 03:14:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16584, time stamp 0x4549b14e, faulting module MSHTML.dll, version 9.0.8112.16584, time stamp 0x541cb3c5, exception code 0xc0000005, fault offset 0x00260cee,
process id 0x1bf8, application start time 0xiexplore.exe0.

Error: (11/10/2014 03:13:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16584, time stamp 0x4549b14e, faulting module MSHTML.dll, version 9.0.8112.16584, time stamp 0x541cb3c5, exception code 0xc0000005, fault offset 0x00260cee,
process id 0x9cc, application start time 0xiexplore.exe0.

Error: (11/10/2014 01:01:01 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {79697df9-eafd-4669-ae96-017ca0924661}

Error: (11/09/2014 09:20:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application iexplore.exe, version 9.0.8112.16584, time stamp 0x4549b14e, faulting module MSHTML.dll, version 9.0.8112.16584, time stamp 0x541cb3c5, exception code 0xc0000005, fault offset 0x0024b7d3,
process id 0x1cb0, application start time 0xiexplore.exe0.

System errors:
=============
Error: (11/10/2014 08:31:39 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (11/10/2014 08:31:23 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0228576F-6E6C-4E1A-B175-0E46A316AFE2}

Error: (11/10/2014 08:31:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (11/10/2014 08:31:03 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (11/10/2014 08:29:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Update AtuZi%%2

Error: (11/10/2014 08:29:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058

Error: (11/10/2014 08:28:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (11/10/2014 08:27:29 AM) (Source: Microsoft-Windows-TaskScheduler) (EventID: 412) (User: NT AUTHORITY)
Description: 2147942402

Error: (11/10/2014 08:16:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (11/10/2014 08:16:20 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Microsoft Office Sessions:
=========================
Error: (10/25/2014 07:39:29 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/23/2014 10:18:21 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 21 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (10/10/2014 04:37:19 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 14645 seconds with 1800 seconds of active time.  This session ended with a crash.

Error: (09/07/2014 08:53:57 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5341 seconds with 1980 seconds of active time.  This session ended with a crash.

Error: (08/30/2014 09:38:27 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2676 seconds with 2220 seconds of active time.  This session ended with a crash.

Error: (05/29/2014 08:02:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 71 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/12/2014 03:43:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 903 seconds with 180 seconds of active time.  This session ended with a crash.

Error: (04/24/2014 02:03:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 12120 seconds with 5580 seconds of active time.  This session ended with a crash.

Error: (04/24/2014 10:40:55 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2963 seconds with 1440 seconds of active time.  This session ended with a crash.

Error: (04/22/2014 09:02:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-11-10 09:01:24.611
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-10 09:01:22.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-10 09:01:18.449
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-10 09:01:15.572
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-10 09:00:57.178
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-10 09:00:53.693
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-10 09:00:51.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-10 09:00:48.258
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 19:54:16.012
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-09 19:54:14.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+
Percentage of memory in use: 63%
Total physical RAM: 3581.57 MB
Available physical RAM: 1309.97 MB
Total Pagefile: 11502.03 MB
Available Pagefile: 8735.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.61 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:51.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.1 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 10000000)
Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#3
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Hi. My name is Brian, and I would be happy to look into your issue.
 
I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts.



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed. You will be able to request that the topic be re-opened by sending me a PM (Personal Message) or PM a moderator.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

I'll get to work and review your logs.

 


  • 0

#4
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

Step#1 - Create Restore Point
1. Please click your start button, right-click on the Computer menu item and select Properties as show below.

ComputerProperties.JPG
 
2. Click on the Advanced system settings link.
AdvancedSystemSettings.JPG
 
3. Click the System Protection tab and then click the Create button.
 
SystemProperties.JPG
 
4. You will be asked to provide a description. Please type G2G and click Create.
 
SystemProtection.JPG
 
5. You will get a message telling you when it's complete. Click Close on the message. Note: If you get any error message trying to create the restore point let me know and don't continue.

 

 

Step#2 - Uninstalls
 
Please uninstall the following programs one at a time. Instructions for doing so are here. All of these are either outdated and will be updated later, have a bad reputation or are no longer needed. If you wish to keep any of them just let me know.

If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot.

Coupon Printer for Windows
Java 7 Update 55
Java™ SE Runtime Environment 6
Norton Security Scan
Swag_Bucks Toolbar
Wise Registry Cleaner 8.21 (Registry cleaning programs like these can cause more harm than good and are not needed).

 

 

Step#3 - FRST Fix
 
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   2.52KB   148 downloads
Note. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#5 - Fresh Set of Logs
 1. Right click on FRST.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
  
 
Items for your next post

1. FRST Fix Log

2. AdwCleaner log
3. FRST and Addition logs

4. How's your machine doing now?


  • 0

#5
mfulkerson

mfulkerson

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Thank you for assisting me Brian unfortunately my computer decided to crash completely and I have had to reinstall everything from scratch.  Been a long couple days.  I was looking forward to eradicating the malware and feeling somewhat vindicated.  On that note what is/are the Malware programs you recommend I have on my system to help stop future attacks. Much appreciated.

 

Thanks again for your time.

 

Mike


  • 0

#6
BrianDrab

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,583 posts

No problem. Thanks for letting us know.

 

I have listed a couple recommended free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves.

avast! Home Edition an excellent free AV.
Microsoft Security Essentials
 
I also recommend having Malwarebytes installed as a secondary scanner. Malwarebytes does not actively monitoring your machine so it won't conflict with the Antivirus that you decide to install. I would recommend that you open up this program, allow it to update and scan your machine at least quarterly...monthly if you can.

 

Take care. I'll go ahead and close this case.
 


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics


Also tagged with one or more of these keywords: poweliks, com surrogate

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP