On top of the multiple threads in my task manager for the COM surrogate dllhost.exe*32, I recently discovered the following in almost every folder in my documents folder in my library:
What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.
Admin edit- disabled urls.
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.http: //paytordmbdekmizq.bortor. com/1RYjjmz
2.http: //paytordmbdekmizq.torpacho. com/1RYjjmz
3.http: //paytordmbdekmizq.torsanctions. com/1RYjjmz
4.http: //paytordmbdekmizq.torwild. com/1RYjjmz
If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http: // www.torproject.org/projects/torbrowser.html.en
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: pay tord mbdekmizq.onion/1RYjjmz
4.Follow the instructions on the site.
I installed Spybot on Friday and ran a full scan. Found 710 threats and quarantined them all (I think)
I hope someone can help! It is impossible to do anything right now!!!! Below are my logs:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Melissa (administrator) on LAPTOP on 11-11-2014 17:48:04
Running from C:\Users\Melissa\Desktop
Loaded Profile: Melissa (Available profiles: Melissa & QBDataServiceUser21)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Windstream) C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Radialpoint SafeCare Inc.) C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Windstream) C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3200672 2010-06-30] (Dell Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10918504 2010-06-14] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [392048 2010-06-04] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [Windstream Service Agent.exe] => C:\Program Files (x86)\Windstream\Service Agent\Windstream Service Agent.exe [10204472 2011-10-13] (Windstream)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [298376 2012-09-28] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [560128 2011-09-19] (Dell)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a\o. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3154378874-1875084861-2286133563-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-3154378874-1875084861-2286133563-1001\...\MountPoints2: {6e8cc5bf-7b93-11e2-bb1d-f04da291e1f2} - E:\TLBootstrap_WPP.exe
HKU\S-1-5-21-3154378874-1875084861-2286133563-1001\...\MountPoints2: {8b9c99fc-401b-11e1-9a06-061bb1456f9c} - E:\LaunchU3.exe
HKU\S-1-5-21-3154378874-1875084861-2286133563-1001\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3154378874-1875084861-2286133563-1001\$3b99f81f31d5dbab1bcf87d0107a285a\n. ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3154378874-1875084861-2286133563-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
HKU\S-1-5-18\...\Run: [3e3266] => C:\3e3266e\3e3266e.exe [274500 2014-11-11] ( )
HKU\S-1-5-18\...\Run: [3e3266e] => C:\Users\Melissa\AppData\Roaming\3e3266e.exe [274500 2014-11-11] ( )
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3e3266e.exe ( )
Startup: C:\Users\QBDataServiceUser21\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - DefaultScope {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M3D70D438-989F-4ECB-BA82-CCA300550E22&SearchSource=58&CUI=&UM=6&UP=SPD3324CD6-0783-4263-9C08-267860FCEFE1&q={searchTerms}&SSPV=
SearchScopes: HKCU - {114DB5FA-0AFB-BB92-A75B-F44D3CE875CD} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330390&octid=EB_ORIGINAL_CTID&ISID=M3D70D438-989F-4ECB-BA82-CCA300550E22&SearchSource=58&CUI=&UM=6&UP=SPD3324CD6-0783-4263-9C08-267860FCEFE1&q={searchTerms}&SSPV=
SearchScopes: HKCU - {38E8554E-EFF1-4E7A-A9FA-700C7D4C906D} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
SearchScopes: HKCU - {4989EE16-E9A9-4D8E-B14C-7303338FE56F} URL = http://www.flickr.com/search/?q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {B298DA9B-6161-4E52-A5E0-C37F9266DD75} URL = http://delicious.com/search?p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKU\S-1-5-21-3154378874-1875084861-2286133563-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/Driver...reqlab_nvd.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd...detect119b.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activ...eX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - No File
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_35 -> C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @radialpoint.com/SPA,version=1 -> C:\Program Files (x86)\Windstream\Service Agent\nprpspa.dll (Windstream)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3154378874-1875084861-2286133563-1001: @nds.com/PCShowPlugin -> C:\Users\Melissa\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKU\S-1-5-21-3154378874-1875084861-2286133563-1001: @nds.com/PlayerPlugin -> C:\Users\Melissa\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF Plugin HKU\S-1-5-21-3154378874-1875084861-2286133563-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-3154378874-1875084861-2286133563-1001: NDS.com/PlayerPlugin -> C:\Users\Melissa\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-12-08]
Chrome:
=======
CHR Profile: C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-20]
CHR Extension: (Google Drive) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-20]
CHR Extension: (YouTube) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-20]
CHR Extension: (Google Search) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-20]
CHR Extension: (Radialpoint SPD Extension) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmmhpfbhngkongobaoibpmnijjokabmj [2012-09-19]
CHR Extension: (Google Wallet) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]
CHR Extension: (Gmail) - C:\Users\Melissa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-20]
CHR HKLM-x32\...\Chrome\Extension: [lmmhpfbhngkongobaoibpmnijjokabmj] - C:\Program Files (x86)\Windstream\Service Agent\ChromeExtension.crx [2012-03-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HsdService; C:\Program Files (x86)\Windstream\Diagnostic Tools\HsdService.exe [1393976 2011-04-25] (Windstream)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-05-13] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-05-13] (Alcatel-Lucent) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2013-11-08] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-01-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-01-10] (Intuit Inc.) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ServicepointService; C:\Program Files (x86)\Windstream\Service Agent\ServicepointService.exe [10315064 2011-10-13] (Radialpoint SafeCare Inc.)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2008-04-01] (LeapFrog)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-03-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 Normandy; C:\Windows\SysWow64\Drivers\Normandy.sys [34560 2010-11-18] () [File not signed]
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [114856 2007-07-03] (MCCI Corporation)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-11 17:48 - 2014-11-11 17:54 - 00023204 _____ () C:\Users\Melissa\Desktop\FRST.txt
2014-11-11 17:46 - 2014-11-11 17:49 - 00000000 ____D () C:\FRST
2014-11-11 17:44 - 2014-11-11 17:44 - 02116096 _____ (Farbar) C:\Users\Melissa\Desktop\FRST64.exe
2014-11-11 17:37 - 2014-11-11 17:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LAPTOP-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-11-11 17:33 - 2014-11-11 17:33 - 17926832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-11 17:29 - 2014-11-11 17:29 - 00000000 ____D () C:\RegBackup
2014-11-11 17:27 - 2014-11-11 17:27 - 00002201 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-11 17:27 - 2014-11-11 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-11 17:27 - 2014-11-11 17:27 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-11-11 17:24 - 2014-11-11 17:25 - 04215584 _____ () C:\Users\Melissa\Desktop\tweaking.com_registry_backup_setup.exe
2014-11-11 13:52 - 2014-11-11 13:52 - 00008538 _____ () C:\Users\Melissa\Downloads\DECRYPT_INSTRUCTION.HTML
2014-11-11 13:52 - 2014-11-11 13:52 - 00004212 _____ () C:\Users\Melissa\Downloads\DECRYPT_INSTRUCTION.TXT
2014-11-11 13:52 - 2014-11-11 13:52 - 00000268 _____ () C:\Users\Melissa\Downloads\DECRYPT_INSTRUCTION.URL
2014-11-11 13:51 - 2014-11-11 13:51 - 00008538 _____ () C:\Users\Melissa\Documents\DECRYPT_INSTRUCTION.HTML
2014-11-11 13:51 - 2014-11-11 13:51 - 00004212 _____ () C:\Users\Melissa\Documents\DECRYPT_INSTRUCTION.TXT
2014-11-11 13:51 - 2014-11-11 13:51 - 00000268 _____ () C:\Users\Melissa\Documents\DECRYPT_INSTRUCTION.URL
2014-11-11 13:33 - 2014-11-11 13:33 - 00008538 _____ () C:\Users\Melissa\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-11-11 13:33 - 2014-11-11 13:33 - 00008538 _____ () C:\Users\Melissa\AppData\DECRYPT_INSTRUCTION.HTML
2014-11-11 13:33 - 2014-11-11 13:33 - 00004212 _____ () C:\Users\Melissa\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-11-11 13:33 - 2014-11-11 13:33 - 00004212 _____ () C:\Users\Melissa\AppData\DECRYPT_INSTRUCTION.TXT
2014-11-11 13:33 - 2014-11-11 13:33 - 00000268 _____ () C:\Users\Melissa\AppData\Roaming\DECRYPT_INSTRUCTION.URL
2014-11-11 13:33 - 2014-11-11 13:33 - 00000268 _____ () C:\Users\Melissa\AppData\DECRYPT_INSTRUCTION.URL
2014-11-11 13:31 - 2014-11-11 13:31 - 00008538 _____ () C:\Users\Melissa\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-11-11 13:31 - 2014-11-11 13:31 - 00004212 _____ () C:\Users\Melissa\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-11-11 13:31 - 2014-11-11 13:31 - 00000268 _____ () C:\Users\Melissa\AppData\Local\DECRYPT_INSTRUCTION.URL
2014-11-11 13:23 - 2014-11-11 13:23 - 00008538 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-11-11 13:23 - 2014-11-11 13:23 - 00004212 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-11-11 13:23 - 2014-11-11 13:23 - 00000268 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.URL
2014-11-11 13:03 - 2014-11-11 13:03 - 00274500 _____ ( ) C:\Users\Melissa\AppData\Roaming\3e3266e.exe
2014-11-11 13:03 - 2014-11-11 13:03 - 00000000 ___HD () C:\3e3266e
2014-11-11 13:03 - 2014-11-11 13:03 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-11-07 22:27 - 2014-11-08 09:13 - 00002222 _____ () C:\Windows\wininit.ini
2014-11-07 19:08 - 2014-11-08 07:59 - 00047082 _____ () C:\Windows\SysWOW64\bddel.dat
2014-11-07 18:40 - 2014-11-08 07:43 - 00000000 ____D () C:\Program Files (x86)\Browser Features
2014-11-07 18:40 - 2014-11-07 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Features
2014-11-07 18:38 - 2014-11-08 07:41 - 00000000 ____D () C:\Users\Melissa\AppData\Local\SearchProtect
2014-11-07 18:38 - 2014-11-07 22:30 - 00000000 ____D () C:\Program Files (x86)\Browser Enhancements
2014-11-07 18:38 - 2014-11-07 22:27 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-11-07 18:38 - 2014-11-07 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser Enhancements
2014-11-07 18:36 - 2014-11-07 18:36 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-11-07 11:46 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141107-114626.backup
2014-11-06 12:50 - 2014-11-06 12:50 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-06 12:49 - 2014-11-06 12:49 - 00001357 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-06 12:49 - 2014-11-06 12:49 - 00001345 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-06 12:49 - 2014-11-06 12:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-06 12:47 - 2014-11-11 13:23 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-06 12:47 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-06 11:39 - 2014-11-06 11:40 - 00560968 _____ (Safer-Networking Ltd. ) C:\Users\Melissa\Downloads\spybot2-license.exe
2014-11-06 11:34 - 2014-11-06 13:15 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-06 09:35 - 2014-11-06 09:45 - 00000046 _____ () C:\Users\Melissa\AppData\Roaming\FactoryInstaller.xml
2014-11-06 09:35 - 2014-11-06 09:35 - 00000000 ____D () C:\Users\Melissa\AppData\Local\Absolute_Software
2014-11-05 12:21 - 2014-11-05 12:21 - 00000000 ____D () C:\Windows\pss
2014-11-05 12:04 - 2014-03-19 22:24 - 00114688 _____ () C:\Users\Melissa\AppData\Local\ChromeHitoryDB
2014-11-04 08:50 - 2014-11-07 21:54 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Laptop-Melissa Laptop
2014-10-18 07:25 - 2014-10-18 07:27 - 00019968 ___SH () C:\Users\Melissa\Documents\Thumbs.db
2014-10-18 07:25 - 2014-10-18 07:26 - 00000000 ____D () C:\Users\Melissa\AppData\Local\{19D1A341-988F-4F90-8893-504C640BA873}
2014-10-18 07:14 - 2014-10-18 07:14 - 00000000 ____D () C:\Users\Melissa\AppData\Local\{0C8F4456-1BB7-4103-9258-84AA0A6EF203}
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-11 17:59 - 2011-04-07 12:23 - 00000000 ____D () C:\Users\Melissa\Documents\MAdrac Farms
2014-11-11 17:48 - 2012-03-26 13:20 - 00000000 ____D () C:\ProgramData\Radialpoint
2014-11-11 17:47 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 17:47 - 2009-07-13 23:45 - 00013872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 17:34 - 2012-04-03 16:13 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-11 17:34 - 2012-04-03 16:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 17:34 - 2012-04-03 16:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 17:34 - 2011-05-21 15:29 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-11 16:41 - 2011-06-23 15:10 - 00000000 ____D () C:\Users\Melissa\Documents\Outlook Files
2014-11-11 16:40 - 2010-10-25 08:43 - 00000000 ____D () C:\Users\Melissa\Documents\personal
2014-11-11 16:25 - 2010-09-18 13:05 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-11 16:24 - 2009-07-14 00:13 - 00006320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-11 13:51 - 2011-04-15 07:58 - 00000000 ____D () C:\Users\Melissa\Documents\Taxes
2014-11-11 13:51 - 2010-10-25 08:43 - 00000000 ____D () C:\Users\Melissa\Documents\WBENC
2014-11-11 13:51 - 2010-10-25 08:43 - 00000000 ____D () C:\Users\Melissa\Documents\pics
2014-11-11 13:48 - 2011-10-18 09:23 - 00000000 ____D () C:\Users\Melissa\Documents\OLD jobs
2014-11-11 13:44 - 2011-09-26 11:01 - 00000000 ____D () C:\Users\Melissa\Documents\OgeeChee
2014-11-11 13:43 - 2010-12-17 11:52 - 00000000 ____D () C:\Users\Melissa\Documents\My Scans
2014-11-11 13:40 - 2014-06-12 10:52 - 00000000 ____D () C:\Users\Melissa\Documents\Invoices
2014-11-11 13:40 - 2012-02-10 12:51 - 00000000 ____D () C:\Users\Melissa\Documents\Largo Tibet
2014-11-11 13:39 - 2014-02-10 08:16 - 00000000 ____D () C:\Users\Melissa\Documents\Guerry
2014-11-11 13:39 - 2013-05-06 15:15 - 00000000 ____D () C:\Users\Melissa\Documents\Heard elementary
2014-11-11 13:39 - 2011-08-10 10:29 - 00000000 ____D () C:\Users\Melissa\Documents\HAAF engagement
2014-11-11 13:38 - 2013-04-02 10:52 - 00000000 ____D () C:\Users\Melissa\Documents\gaffney's cheap seats
2014-11-11 13:38 - 2012-08-09 16:14 - 00000000 ____D () C:\Users\Melissa\Documents\FT. Stewart Training Facility
2014-11-11 13:37 - 2014-04-08 13:00 - 00000000 ____D () C:\Users\Melissa\Documents\Contractors
2014-11-11 13:37 - 2011-11-28 11:16 - 00000000 ____D () C:\Users\Melissa\Documents\Countryside
2014-11-11 13:36 - 2010-10-25 08:42 - 00000000 ____D () C:\Users\Melissa\Documents\commercial bids
2014-11-11 13:35 - 2012-09-05 15:29 - 00000000 ____D () C:\Users\Melissa\Documents\Coffee bluff Marina
2014-11-11 13:35 - 2010-10-25 08:43 - 00000000 ____D () C:\Users\Melissa\Documents\business forms
2014-11-11 13:34 - 2012-10-31 10:52 - 00000000 ____D () C:\Users\Melissa\Documents\Amazon MP3
2014-11-11 13:34 - 2012-09-05 09:51 - 00000000 ____D () C:\Users\Melissa\Documents\Bible Lutheran
2014-11-11 13:34 - 2011-11-28 16:42 - 00000000 ____D () C:\Users\Melissa\Desktop\Visualizations
2014-11-11 13:34 - 2011-11-28 16:42 - 00000000 ____D () C:\Users\Melissa\Desktop\Sequences
2014-11-11 13:34 - 2011-11-28 16:42 - 00000000 ____D () C:\Users\Melissa\Desktop\Audio
2014-11-11 13:34 - 2010-10-25 08:42 - 00000000 ____D () C:\Users\Melissa\Documents\Bell computer
2014-11-11 13:33 - 2011-05-21 15:38 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\PCDr
2014-11-11 13:33 - 2010-10-15 18:30 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\Skype
2014-11-11 13:32 - 2014-05-16 10:41 - 00000000 ____D () C:\Users\Melissa\AppData\OICE_15_974FA576_32C1D314_1139
2014-11-11 13:32 - 2013-08-27 12:47 - 00000000 ____D () C:\Users\Melissa\AppData\OICE_15_974FA576_32C1D314_2CDE
2014-11-11 13:32 - 2012-10-31 10:52 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\Amazon
2014-11-11 13:32 - 2010-12-08 16:35 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\HP
2014-11-11 13:32 - 2010-10-11 16:45 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\Adobe
2014-11-11 13:32 - 2010-10-11 16:42 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\Dell
2014-11-11 13:31 - 2010-12-03 17:13 - 00000000 ____D () C:\Users\Melissa\AppData\Local\Microsoft Games
2014-11-11 13:24 - 2014-03-25 22:12 - 00000000 ____D () C:\Users\Melissa\AppData\Local\DIRECTV Player
2014-11-11 13:24 - 2014-01-12 21:11 - 00000000 ____D () C:\Users\Melissa\AppData\Local\Apple Computer
2014-11-11 13:24 - 2010-10-21 13:38 - 00000000 ____D () C:\Users\Melissa\AppData\Local\Google
2014-11-11 13:24 - 2010-10-12 14:14 - 00000000 ____D () C:\Users\Melissa\AppData\Local\Intuit
2014-11-11 13:23 - 2012-03-26 13:20 - 00000000 ____D () C:\ProgramData\Windstream
2014-11-11 13:23 - 2010-09-18 12:57 - 00000000 ____D () C:\ProgramData\Skype
2014-11-11 13:23 - 2010-09-18 12:43 - 00000000 ____D () C:\ProgramData\Sonic
2014-11-11 13:22 - 2010-09-18 12:41 - 00000000 ____D () C:\ProgramData\PCDr
2014-11-11 13:19 - 2012-03-26 13:18 - 00000000 ____D () C:\ProgramData\Motive
2014-11-11 13:19 - 2011-11-28 16:20 - 00000000 ____D () C:\ProgramData\Light-O-Rama
2014-11-11 13:19 - 2010-11-28 15:15 - 00000000 ____D () C:\ProgramData\Leapfrog
2014-11-11 13:19 - 2010-10-12 14:03 - 00000000 ____D () C:\ProgramData\Intuit
2014-11-11 13:19 - 2010-09-18 12:42 - 00000000 ____D () C:\ProgramData\Macrovision
2014-11-11 13:08 - 2010-12-08 16:18 - 00000000 ____D () C:\ProgramData\HP
2014-11-11 13:07 - 2014-02-24 12:26 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-11 13:07 - 2010-09-18 16:16 - 00000000 ____D () C:\Dell
2014-11-11 13:07 - 2010-09-18 12:32 - 00000000 ____D () C:\ProgramData\Dell
2014-11-11 10:33 - 2012-03-26 13:20 - 00000000 ____D () C:\Users\Melissa\AppData\Roaming\Radialpoint
2014-11-10 16:06 - 2010-09-18 11:58 - 02081760 _____ () C:\Windows\WindowsUpdate.log
2014-11-10 16:02 - 2013-05-22 13:17 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-11-09 13:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-09 13:13 - 2013-11-20 09:24 - 00000476 _____ () C:\Windows\Tasks\SDMsgUpdate (TE).job
2014-11-09 13:11 - 2010-10-11 16:41 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-09 13:11 - 2010-10-11 16:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-09 13:09 - 2013-11-20 09:24 - 00000484 _____ () C:\Windows\Tasks\SDMsgUpdate (Local).job
2014-11-09 13:08 - 2010-10-11 17:14 - 00452548 _____ () C:\Windows\PFRO.log
2014-11-09 13:08 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-09 13:08 - 2009-07-13 23:51 - 00067532 _____ () C:\Windows\setupact.log
2014-11-08 07:46 - 2014-09-02 20:23 - 00000000 ____D () C:\Program Files (x86)\FUPM Browser
2014-11-07 19:02 - 2010-10-11 18:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-07 18:56 - 2013-03-18 08:45 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-06 13:32 - 2013-03-18 09:36 - 00000000 ___RD () C:\Users\Melissa\SkyDrive
2014-11-06 11:03 - 2012-06-12 18:19 - 02656768 ___SH () C:\Users\Melissa\Desktop\Thumbs.db
2014-11-05 12:10 - 2012-09-19 09:58 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-24 07:45 - 2012-09-19 09:59 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3154378874-1875084861-2286133563-1001\$3b99f81f31d5dbab1bcf87d0107a285a
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$3b99f81f31d5dbab1bcf87d0107a285a
Some content of TEMP:
====================
C:\Users\Melissa\AppData\Local\Temp\bs.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-05 10:31
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Melissa at 2014-11-11 18:05:37
Running from C:\Users\Melissa\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1990.41618 - ABBYY Software House)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.4.13090 - Adobe Systems Inc.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Enhancements version 3.17 (HKLM-x32\...\{85A37836-5888-4152-8990-EF4502A5EFB1}}_is1) (Version: 3.17 - Browser Enhancements)
Browser Features version 2.22 (HKLM-x32\...\{6C250DDC-A10E-4F36-95B4-59A76592DA20}}_is1) (Version: 2.22 - Browser Features)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0011 - Dell, Inc.)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.101.209 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
DIRECTV Player (HKLM-x32\...\{a1bb9be6-729f-4049-a36a-aad335c86c01}) (Version: 9.2 - DIRECTV)
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FUPM Browser version 1.2.1 (HKLM-x32\...\{B86A5F28-E714-49DD-9C61-6DC5BB867255}}_is1) (Version: 1.2.1 - Find Ultra Premium Merchants)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510n-z (HKLM\...\{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}) (Version: 13.0 - HP)
HP Product Detection (HKLM-x32\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java(TM) 6 Update 18 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416018F0}) (Version: 6.0.180 - Sun Microsystems, Inc.)
Java(TM) 6 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Java(TM) 6 Update 35 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216035FF}) (Version: 6.0.350 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)
LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 4.2.11.15696 - LeapFrog) Hidden
LeapFrog Tag Plugin (x32 Version: 4.2.9.15649 - LeapFrog) Hidden
Light-O-Rama (HKLM-x32\...\{E744BFEA-E027-441E-83A2-36202F661E31}) (Version: 3.0.2 - Light-O-Rama)
LoJack Factory Installer (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 1.0.0 - Absolute Software)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 2.0 SDK (x64) - ENU (HKLM\...\Microsoft .NET Framework 2.0 SDK (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3154378874-1875084861-2286133563-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
QuickBooks (x32 Version: 22.0.4015.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM-x32\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4015.2206 - Intuit Inc.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.06.02 - Dell Inc.)
Radialpoint Security Advisor 2.5.15 (x32 Version: 2.5.15 - Radialpoint SafeCare Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6136 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Skype™ 5.10 (HKLM-x32\...\{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}) (Version: 5.10.116 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version: - LeapFrog)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) (HKLM-x32\...\TagPlugin) (Version: 4.2.9.15649 - LeapFrog)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windstream Diagnostic Tools 3.0.21 (x32 Version: 3.0.21 - Windstream) Hidden
Windstream Service Agent 4.1.15 (HKLM-x32\...\RadialpointClientGateway_is1) (Version: 4.1.15 - Windstream)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3154378874-1875084861-2286133563-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3154378874-1875084861-2286133563-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3154378874-1875084861-2286133563-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3154378874-1875084861-2286133563-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-3154378874-1875084861-2286133563-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3154378874-1875084861-2286133563-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3154378874-1875084861-2286133563-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3154378874-1875084861-2286133563-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3154378874-1875084861-2286133563-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Melissa\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3154378874-1875084861-2286133563-1001_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
==================== Restore Points =========================
03-11-2014 21:59:09 Scheduled Checkpoint
08-11-2014 14:12:38 Cleaner (Spybot - Search & Destroy+AV 2.4, administrator privile
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2014-11-07 11:46 - 00450713 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {03AFC8D3-C38E-4AAF-92C7-E9381AD98AD3} - System32\Tasks\LoJack for Laptops Install => C:\Program Files (x86)\Absolute Software\LoJack Install\FactoryInstaller.exe [2009-11-26] (Absolute Software)
Task: {18C6765E-5D46-4C5F-8848-72EF568C4659} - System32\Tasks\SDMsgUpdate (Local) => C:\Program Files (x86)\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {36C156F5-C7A4-4C99-B5BB-09282CBEE9FF} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {3E48F351-0754-4911-83AA-353F3119CA4F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Laptop-Melissa Laptop => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-10-19] (Microsoft Corporation)
Task: {5AC44A0B-3312-4E1D-9BF7-3C2E821F64C0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {62616662-CF62-4526-A7A6-CED697EC2426} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {683A5625-6256-47DA-9826-603CA72B75B6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {7956B706-6AF6-46AC-93E3-CD43C90CFA00} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {93076A17-E729-42E1-9755-C1279D093CA1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9CC368BA-943A-4114-9FC4-A624E96FA95C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {A5452B19-D4D6-414C-8816-F8FA28ABD812} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw CI\Messages\SDNotify.exe [2012-08-13] ()
Task: {ABE4E42F-B172-4B4C-A399-FE26F426F5A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {B5F2B017-85B0-471B-A3E4-8D437BE2ADD8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-19] (Microsoft Corporation)
Task: {BB2C18C8-08A9-4BA7-8A70-71A878A6E49E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {BF8469D9-CF86-4312-AB10-4DEE368B374D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {CF448ED9-A4F5-4B3D-8B26-CEBAF27DC871} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {DA59EBEE-9F99-4A87-9BD1-D11E4D367E4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E037F955-36E3-41F5-946A-B2A2370049C3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\SDMsgUpdate (Local).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe
==================== Loaded Modules (whitelisted) =============
2014-11-07 18:53 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-01-15 12:19 - 2014-10-19 12:58 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-09-18 13:05 - 2011-08-18 10:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-06 12:47 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-06 12:47 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-06 12:47 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-06 12:47 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-06 12:47 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2012-05-12 02:45 - 2012-05-12 02:45 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\97d05107b8c95b1a62a45a87a7c8165f\IsdiInterop.ni.dll
2010-09-18 12:32 - 2010-06-08 10:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\QBCompressor.dll
2012-01-10 09:56 - 2012-01-10 09:56 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\zlib1.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00380744 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\BackupLib.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00138568 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\QBMAPILibrary.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\mbpopup.dll
2013-11-08 08:49 - 2013-11-08 08:49 - 00121672 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\ReportBridge.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00070472 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\QB2WPFBridge.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00400200 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\FeaturesBridge.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00083272 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\IPDWidgetBridge.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00093512 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\IPDWidgetInterop.dll
2013-11-08 08:49 - 2013-11-08 08:49 - 00110920 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\Webification.dll
2013-11-08 08:48 - 2013-11-08 08:48 - 00058184 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\htmlhelper.dll
2014-09-25 14:49 - 2014-09-25 14:49 - 00081056 _____ () C:\Users\Melissa\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\LoggingPlatform.DLL
2014-03-16 05:56 - 2014-10-19 12:53 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2014-04-11 11:19 - 2014-10-19 12:47 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HsdService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ntrexeservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTRSupport => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks_Standard_21.lnk => C:\Windows\pss\QuickBooks_Standard_21.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DiagnosticTools.exe => "C:\Program Files (x86)\Windstream\Diagnostic Tools\DiagnosticTools.exe" /AUTORUN
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-3154378874-1875084861-2286133563-500 - Administrator - Disabled)
Guest (S-1-5-21-3154378874-1875084861-2286133563-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3154378874-1875084861-2286133563-1002 - Limited - Enabled)
Melissa (S-1-5-21-3154378874-1875084861-2286133563-1001 - Administrator - Enabled) => C:\Users\Melissa
QBDataServiceUser21 (S-1-5-21-3154378874-1875084861-2286133563-1003 - Limited - Enabled) => C:\Users\QBDataServiceUser21
==================== Faulty Device Manager Devices =============
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Officejet 4500 G510n-z
Description: Officejet 4500 G510n-z
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/11/2014 06:02:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6426.22, time stamp: 0x52cfadb3
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b8479b
Exception code: 0xe0434352
Fault offset: 0x0000000000009e5d
Faulting process id: 0xa9c8
Faulting application start time: 0xpcdrcui.exe0
Faulting application path: pcdrcui.exe1
Faulting module path: pcdrcui.exe2
Report Id: pcdrcui.exe3
Error: (11/11/2014 06:02:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Pcd.DataStore.DatabaseError
Stack:
at wpfview.Program.StartController_HandelAsapiAuthenticationErrors(System.String[])
at wpfview.Program.Main(System.String[])
Error: (11/11/2014 05:06:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2012":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
Error: (11/11/2014 05:06:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2012":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Documents and Settings\All Users\Documents\Intuit\QuickBooks\Company Files\Gaffney's Cheap Seats 1.QBW;ENG=QB_data_engine_22;DBN=6c298313e375462cb8a279d8c50ecf34
Error: (11/11/2014 05:06:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2012":
Connection Error:Invalid user ID or password
Error: (11/11/2014 04:49:55 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2012":
DMError Information:-6069Additional Info:An Invalid Id or password was specified.
Error: (11/11/2014 04:49:55 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2012":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
Error: (11/11/2014 04:49:55 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2012":
Connection String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Rahn's Electric.qbw;ENG=QB_data_engine_22;DBN=b07cd0a6b825403cbbf680344b4c72a6
Error: (11/11/2014 04:49:55 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2012":
Connection Error:Invalid user ID or password
Error: (11/11/2014 04:49:35 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks Pro Plus 2012":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
System errors:
=============
Error: (11/11/2014 05:37:47 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (11/11/2014 05:37:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Error: (11/11/2014 05:37:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (11/11/2014 03:40:31 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (11/11/2014 03:40:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Error: (11/11/2014 00:53:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (11/11/2014 00:53:51 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Error: (11/11/2014 00:53:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Error: (11/11/2014 00:53:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891
Error: (11/11/2014 00:48:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891
Microsoft Office Sessions:
=========================
Error: (11/11/2014 06:02:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: pcdrcui.exe6.0.6426.2252cfadb3KERNELBASE.dll6.1.7601.1801550b8479be04343520000000000009e5da9c801cffe0356499ae7C:\Program Files\My Dell\pcdrcui.exeC:\Windows\system32\KERNELBASE.dlld3a3a084-69f6-11e4-945d-f04da291e1f2
Error: (11/11/2014 06:02:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Pcd.DataStore.DatabaseError
Stack:
at wpfview.Program.StartController_HandelAsapiAuthenticationErrors(System.String[])
at wpfview.Program.Main(System.String[])
Error: (11/11/2014 05:06:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro Plus 2012DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
Error: (11/11/2014 05:06:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro Plus 2012Connection String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Documents and Settings\All Users\Documents\Intuit\QuickBooks\Company Files\Gaffney's Cheap Seats 1.QBW;ENG=QB_data_engine_22;DBN=6c298313e375462cb8a279d8c50ecf34
Error: (11/11/2014 05:06:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro Plus 2012Connection Error:Invalid user ID or password
Error: (11/11/2014 04:49:55 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro Plus 2012DMError Information:-6069Additional Info:An Invalid Id or password was specified.
Error: (11/11/2014 04:49:55 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro Plus 2012DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
Error: (11/11/2014 04:49:55 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro Plus 2012Connection String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Rahn's Electric.qbw;ENG=QB_data_engine_22;DBN=b07cd0a6b825403cbbf680344b4c72a6
Error: (11/11/2014 04:49:55 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro Plus 2012Connection Error:Invalid user ID or password
Error: (11/11/2014 04:49:35 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooks Pro Plus 2012DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from function:'DBMgr::DBConnPool::init'
CodeIntegrity Errors:
===================================
Date: 2014-11-11 08:42:38.405
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-11 08:34:20.527
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-10 19:54:00.930
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-10 10:54:19.358
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-10 10:29:29.983
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-10 09:28:50.013
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-10 09:13:24.943
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-10 09:02:43.345
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 20:33:57.444
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 20:12:01.115
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 70%
Total physical RAM: 4058.36 MB
Available physical RAM: 1190.91 MB
Total Pagefile: 8114.91 MB
Available Pagefile: 3800.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:295.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive y: (Recovery) (Fixed) (Total:14.65 GB) (Free:8.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 51ED4EC9)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
==================== End Of Log ============================
aswMBR version 1.0.1.2201 Copyright(c) 2014 AVAST Software
Run date: 2014-11-11 18:51:33
-----------------------------
18:51:33.407 OS Version: Windows x64 6.1.7601 Service Pack 1
18:51:33.407 Number of processors: 2 586 0x170A
18:51:33.407 ComputerName: LAPTOP UserName:
18:51:37.853 Initialize success
18:51:37.994 VM: initialized successfully
18:51:37.994 VM: Intel CPU virtualization not supported
18:52:15.493 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:52:15.509 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
18:52:16.180 Disk 0 MBR read successfully
18:52:16.180 Disk 0 MBR scan
18:52:16.180 Disk 0 Windows 7 default MBR code
18:52:16.195 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
18:52:16.211 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
18:52:16.226 Disk 0 Boot: NTFS code=1
18:52:16.258 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
18:52:17.646 Disk 0 scanning C:\Windows\system32\drivers
18:52:32.918 Service scanning
18:53:31.387 Modules scanning
18:53:31.902 Disk 0 trace - called modules:
18:53:31.918 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:53:31.933 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004458060]
18:53:31.933 3 CLASSPNP.SYS[fffff88001b7443f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040f9050]
18:53:31.933 Disk 0 statistics 95791/0/0 @ 3.51 MB/s
18:53:31.949 Scan finished successfully
18:58:01.055 Disk 0 MBR has been saved successfully to "C:\Users\Melissa\Desktop\MBR.dat"
18:58:01.066 The log file has been saved successfully to "C:\Users\Melissa\Desktop\aswMBR.txt"