Author Topic: [Resolved] Computer acting funny, Sound not working, suspect virus  (Read 3289 times)

Offline chuckles

  • Bronze Member
  • Posts: 95
My computer is acting funny, sound stopped working. I think it might be a virus.
Here's the DDs file scan
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.66.2
Run by Steve at 22:48:04 on 2016-02-14
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12087.9040 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Windows\SysWOW64\atashost.exe
C:\dKEYUSBCradle\SyncService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\dKEYUSBCradle\ProxyDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\dKEYUSBCradle\stunnel-4.10.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Steve\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\dKEYUSBCradle\SyncInfoApp.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://finance.search.yahoo.com/search;_ylt=AwrBJR6X2lNTshsAqWeTmYlQ;_ylc=X1MDMTM1MTE5NTAyNwRfcgMyBGJjawM0MHRqNmI1OG5vczRpJTI2YiUzRDQlMjZkJTNESDIwRWJRTnJZSDF3Q1ZhdGN3YmJiZTRWUVZOSlJvQW0wcVY2bWNDNm1kVnlqQS0tJTI2cyUzRGdnBGZyA3VoM19maW5hbmNlX3ZlcnRfZ3MEZ3ByaWQDdmFFa2l2ejlRYTZMUmJsMjFyenQ5QQRtdGVzdGlkA251bGwEbl9yc2x0AzExBG5fc3VnZwMwBG9yaWdpbgNmaW5hbmNlLnNlYXJjaC55YWhvby5jb20EcG9zAzAEcHFzdHIDBHBxc3RybAMEcXN0cmwDMjYEcXVlcnkDYmVzdCBzdG9jayBzcGxpdHMgY2FsZW5kYXIEdF9zdG1wAzEzOTgwMDQzNjc5MDEEdnRlc3RpZANVU0ZJTjAwOQ--?gprid=vaEkivz9Qa6LRbl21rzt9A&pvid=440JRjk4LjFAdmZZUXxwkgOyMjQuMVNT2pf__e9o&p=best+stock+splits+calendar&fr2=sb-top&fr=uh3_finance_vert_gs&type=2button
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [YouSendIt.exe] C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe -ui none
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Dropbox Update] "C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [BingSvc] C:\Users\Steve\AppData\Local\Microsoft\BingSvc\BingSvc.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [SharpTray.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe"
mRun: [FtpServer.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe" -usedefault
mRun: [IndexTray.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe" /n
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCREEN~1.LNK - C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DISPLA~1.LNK - C:\dKEYUSBCradle\SyncInfoApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
mPolicies-System: EnableSecureUIAPath = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: getoffutt.com
Trusted Zone: marketlinx.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} - hxxp://www.nnerenmls.com/nne/valid/osi_valid9m.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tradestation.webex.com/client/T28L/support/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=2063
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EFABDCBE-21BD-403B-8A95-21C8269076C6} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SN52IPRW] C:\Windows\SysWOW64\SN52SELC.EXE -w
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\aqopvbqa.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://investing.money.msn.com/investments/calendar/stock-splits?
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SL5EDF&PC=SL5E&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npxsciter.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\thinkTDA\npthinkorswim.dll
FF - plugin: C:\Program Files (x86)\thinkTDA\nptossc.dll
FF - plugin: C:\Users\Steve\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Steve\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-12-11 116000]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-26 55280]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-12-11 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-12-11 198432]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-12-11 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-12-11 117024]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-12-11 3873784]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-5-10 118520]
R2 Hp.Skyroom.Windows.Service;HP SkyRoom;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2010-3-3 124472]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-9-15 89352]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 417288]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-11-4 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-24 1513784]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-24 1135416]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-7-26 635416]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-8-19 1248256]
R2 rgsender;Remote Graphics Sender Service;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2011-7-26 379904]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-2-4 7142320]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-11 5419792]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-26 2320920]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-8-1 311296]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-12-11 367200]
R3 e1kexpress;Intel(R) Network Connections Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-10-1 497424]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-26 289280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-2 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-24 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-24 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 silabenm;CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2011-11-11 29576]
R3 silabser;CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2011-11-11 76680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-6-4 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-6-4 166384]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-10-16 249856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-18 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-7-26 158976]
S3 jakstaVA;Digital Video Recorder;C:\Windows\System32\drivers\jaksta_va.sys [2014-12-8 103816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-18 19456]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-6-4 1120752]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-14 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-28 1255736]
.
=============== Created Last 30 ================
.
2016-02-14 06:43:07   11154520   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E0AF994-69CA-465D-BF62-002A3B627D27}\mpengine.dll
2016-02-13 04:25:31   11154520   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-02-05 03:49:32   1190000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C29D8E4-E018-454A-B641-163A4CE7C613}\gapaengine.dll
.
==================== Find3M  ====================
.
2016-02-15 01:09:10   192216   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-02-09 21:06:15   796864   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2016-02-09 21:06:15   142528   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-10 22:06:22   122400   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll
2015-12-10 22:06:21   35328   ----a-w-   C:\Windows\System32\LMIport.dll
2015-12-10 22:06:21   107008   ----a-w-   C:\Windows\System32\LMIinit.dll
2015-12-09 03:39:31   301728   ------w-   C:\Windows\System32\MpSigStub.exe
2015-11-23 19:00:44   97888   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 22:48:51.70 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2011 1:03:57 AM
System Uptime: 2/14/2016 8:05:02 PM (2 hours ago)
.
Motherboard: Hewlett-Packard |  | 0B48h
Processor: Intel(R) Core(TM) i5 CPU         660  @ 3.33GHz | XU1 PROCESSOR | 1178/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 464 GiB total, 307.28 GiB free.
D: is CDROM ()
Y: is NetworkDisk (NTFS) - 3663 GiB total, 1889.116 GiB free.
Z: is NetworkDisk (NTFS) - 1851 GiB total, 514.065 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&FDB5190&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&FDB5190&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP612: 2/3/2016 10:48:37 PM - Windows Update
RP613: 2/7/2016 10:48:01 PM - Windows Update
RP614: 2/10/2016 10:58:37 PM - Windows Update
RP615: 2/14/2016 1:42:51 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acronis True Image 2014
ActiveCheck component for HP Active Support Library
Adobe Flash Player 20 ActiveX
Adobe Flash Player 20 NPAPI
Adobe Reader XI (11.0.14)
Adobe Refresh Manager
Audacity 2.0.4
Brother HL-5250DN
Cisco WebEx Meetings
Citrix Online Launcher
Corel PaintShop Pro X6
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
DirectX 9 Runtime
DirectXInstallService
DisplayKEY USB Cradle
Dropbox
EMCGadgets64
File Uploader
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 7.11.1.4419
HL-5450DN
hotComm® CL
HP Customer Experience Enhancements
HP LaserJet 1020 Series
HP Performance Advisor
HP SkyRoom
HP Support Assistant
HP Support Solutions Framework
HPAsset component for HP Active Support Library
IBFX - MT4 - Tools 4.7.4
IBFX MT4
ICA
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
InterVideo WinDVD 8
IPM_PSP_COM
IPM_PSP_COM64
Java 8 Update 66
Java Auto Updater
LightScribe System Software
LogMeIn
LogMeIn Client
Malwarebytes Anti-Malware version 2.2.0.1024
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Compact 4.0 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox 44.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEW HAMPSHIRE ASSOCIATION REALTORS FORMS
Nikon Message Center
Nikon Message Center 2
Nikon Movie Editor
Nitro Reader 3
PDF Complete Special Edition
Picture Control Utility x64
PipStrider II (tm)
PipStrider(tm)
PowerChute Personal Edition 3.0.2
PrimoPDF -- brought to you by Nitro PDF Software
PSPPContent
PSPPHelp
PSPPro64
QuickBooks
QuickBooks Pro 2014
QuickBooks Runtime Redistributable
Realtek High Definition Audio Driver
Remote Graphics Receiver
Remote Graphics Sender
Replay Video Capture
Replay Video Capture 8
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio RecordNow 10 Music Lab
Roxio RecordNow 9 Music Lab
Roxio Update Manager
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Setup
SHARP MFP TWAIN V Scanner Driver
SHARP MX/DX Series PCL/PS Printer Driver
Sharpdesk
Sonic CinePlayer Decoder Pack
SUPERAntiSpyware
TeamViewer 10
thinkorswim from TD AMERITRADE
Top Producer Editor
TradeStation 9.0
TradeStation 9.1
TradeStation 9.5
TrueForms Online 4.6.0.21
TTM Squeeze 2.2
TTM Squeeze Radar 3.2
TweetDeck
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
VD64Inst
VectorVest 7
VectorVest U.S.
ViewNX 2
WD SmartWare Drive Manager
Windows Live ID Sign-in Assistant
Wisdom-soft ScreenHunter 6.0 Free
YouSendIt Express
zipForm6
.
==== Event Viewer Messages From Past Week ========
.
2/14/2016 8:07:56 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/14/2016 8:06:47 PM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
2/14/2016 8:06:27 PM, Error: NetBT [4321]  - The name "BROWNS         :0" could not be registered on the interface with IP address 10.1.10.56. The computer with the IP address 10.1.10.181 did not allow the name to be claimed by this computer.
2/13/2016 12:25:09 AM, Error: Schannel [36887]  - The following fatal alert was received: 20.
.
==== End Of File ===========================
« Last Edit: February 16, 2016, 02:43:56 PM by seedy21 »

Offline chuckles

  • Bronze Member
  • Posts: 95
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #1 on: February 16, 2016, 09:09:39 AM »
Help! is this in the wrong place? Should I post this in the hardware section?

My computer is acting funny, sound stopped working. I think it might be a virus.
Here's the DDs file scan
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.66.2
Run by Steve at 22:48:04 on 2016-02-14
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12087.9040 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Windows\SysWOW64\atashost.exe
C:\dKEYUSBCradle\SyncService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
C:\dKEYUSBCradle\ProxyDaemon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\dKEYUSBCradle\stunnel-4.10.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\Steve\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\dKEYUSBCradle\SyncInfoApp.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\locator.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe
C:\Windows\splwow64.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://finance.search.yahoo.com/search;_ylt=AwrBJR6X2lNTshsAqWeTmYlQ;_ylc=X1MDMTM1MTE5NTAyNwRfcgMyBGJjawM0MHRqNmI1OG5vczRpJTI2YiUzRDQlMjZkJTNESDIwRWJRTnJZSDF3Q1ZhdGN3YmJiZTRWUVZOSlJvQW0wcVY2bWNDNm1kVnlqQS0tJTI2cyUzRGdnBGZyA3VoM19maW5hbmNlX3ZlcnRfZ3MEZ3ByaWQDdmFFa2l2ejlRYTZMUmJsMjFyenQ5QQRtdGVzdGlkA251bGwEbl9yc2x0AzExBG5fc3VnZwMwBG9yaWdpbgNmaW5hbmNlLnNlYXJjaC55YWhvby5jb20EcG9zAzAEcHFzdHIDBHBxc3RybAMEcXN0cmwDMjYEcXVlcnkDYmVzdCBzdG9jayBzcGxpdHMgY2FsZW5kYXIEdF9zdG1wAzEzOTgwMDQzNjc5MDEEdnRlc3RpZANVU0ZJTjAwOQ--?gprid=vaEkivz9Qa6LRbl21rzt9A&pvid=440JRjk4LjFAdmZZUXxwkgOyMjQuMVNT2pf__e9o&p=best+stock+splits+calendar&fr2=sb-top&fr=uh3_finance_vert_gs&type=2button
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [YouSendIt.exe] C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe -ui none
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Dropbox Update] "C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [BingSvc] C:\Users\Steve\AppData\Local\Microsoft\BingSvc\BingSvc.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [SharpTray.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe"
mRun: [FtpServer.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe" -usedefault
mRun: [IndexTray.exe] "C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe" /n
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Steve\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SCREEN~1.LNK - C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DISPLA~1.LNK - C:\dKEYUSBCradle\SyncInfoApp.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
mPolicies-System: EnableSecureUIAPath = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: getoffutt.com
Trusted Zone: marketlinx.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C269D811-8511-44CF-B310-28CDDFFB1B74} - hxxp://www.nnerenmls.com/nne/valid/osi_valid9m.ocx
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tradestation.webex.com/client/T28L/support/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=2063
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EFABDCBE-21BD-403B-8A95-21C8269076C6} : DHCPNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SN52IPRW] C:\Windows\SysWOW64\SN52SELC.EXE -w
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\aqopvbqa.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://investing.money.msn.com/investments/calendar/stock-splits?
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SL5EDF&PC=SL5E&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npxsciter.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\thinkTDA\npthinkorswim.dll
FF - plugin: C:\Program Files (x86)\thinkTDA\nptossc.dll
FF - plugin: C:\Users\Steve\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\Steve\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2014-12-11 116000]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-26 55280]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2014-12-11 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2014-12-11 198432]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2014-12-11 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2014-12-11 117024]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2014-12-11 3873784]
R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2012-1-24 21880]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2013-5-10 118520]
R2 Hp.Skyroom.Windows.Service;HP SkyRoom;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [2010-3-3 124472]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-9-15 89352]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2011-9-26 417288]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2011-9-16 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2011-11-4 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-24 1513784]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-24 1135416]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 125584]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-7-26 635416]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2013-8-19 1248256]
R2 rgsender;Remote Graphics Sender Service;C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [2011-7-26 379904]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2014-2-4 7142320]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-11 5419792]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-26 2320920]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-8-1 311296]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2014-12-11 367200]
R3 e1kexpress;Intel(R) Network Connections Driver K;C:\Windows\System32\drivers\e1k62x64.sys [2013-10-1 497424]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-26 289280]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-12-2 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-24 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-24 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 silabenm;CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\System32\drivers\silabenm.sys [2011-11-11 29576]
R3 silabser;CP210x USB to UART Bridge Driver;C:\Windows\System32\drivers\silabser.sys [2011-11-11 76680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-6-4 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-6-4 166384]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-10-16 249856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-18 114688]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-7-26 158976]
S3 jakstaVA;Digital Video Recorder;C:\Windows\System32\drivers\jaksta_va.sys [2014-12-8 103816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-12-18 19456]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-6-4 1120752]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-14 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-28 1255736]
.
=============== Created Last 30 ================
.
2016-02-14 06:43:07   11154520   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2E0AF994-69CA-465D-BF62-002A3B627D27}\mpengine.dll
2016-02-13 04:25:31   11154520   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-02-05 03:49:32   1190000   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6C29D8E4-E018-454A-B641-163A4CE7C613}\gapaengine.dll
.
==================== Find3M  ====================
.
2016-02-15 01:09:10   192216   ----a-w-   C:\Windows\System32\drivers\MBAMSwissArmy.sys
2016-02-09 21:06:15   796864   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2016-02-09 21:06:15   142528   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-10 22:06:22   122400   ----a-w-   C:\Windows\System32\LMIRfsClientNP.dll
2015-12-10 22:06:21   35328   ----a-w-   C:\Windows\System32\LMIport.dll
2015-12-10 22:06:21   107008   ----a-w-   C:\Windows\System32\LMIinit.dll
2015-12-09 03:39:31   301728   ------w-   C:\Windows\System32\MpSigStub.exe
2015-11-23 19:00:44   97888   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 22:48:51.70 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/28/2011 1:03:57 AM
System Uptime: 2/14/2016 8:05:02 PM (2 hours ago)
.
Motherboard: Hewlett-Packard |  | 0B48h
Processor: Intel(R) Core(TM) i5 CPU         660  @ 3.33GHz | XU1 PROCESSOR | 1178/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 464 GiB total, 307.28 GiB free.
D: is CDROM ()
Y: is NetworkDisk (NTFS) - 3663 GiB total, 1889.116 GiB free.
Z: is NetworkDisk (NTFS) - 1851 GiB total, 514.065 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&FDB5190&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&FDB5190&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP612: 2/3/2016 10:48:37 PM - Windows Update
RP613: 2/7/2016 10:48:01 PM - Windows Update
RP614: 2/10/2016 10:58:37 PM - Windows Update
RP615: 2/14/2016 1:42:51 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Acronis True Image 2014
ActiveCheck component for HP Active Support Library
Adobe Flash Player 20 ActiveX
Adobe Flash Player 20 NPAPI
Adobe Reader XI (11.0.14)
Adobe Refresh Manager
Audacity 2.0.4
Brother HL-5250DN
Cisco WebEx Meetings
Citrix Online Launcher
Corel PaintShop Pro X6
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
DirectX 9 Runtime
DirectXInstallService
DisplayKEY USB Cradle
Dropbox
EMCGadgets64
File Uploader
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 7.11.1.4419
HL-5450DN
hotComm® CL
HP Customer Experience Enhancements
HP LaserJet 1020 Series
HP Performance Advisor
HP SkyRoom
HP Support Assistant
HP Support Solutions Framework
HPAsset component for HP Active Support Library
IBFX - MT4 - Tools 4.7.4
IBFX MT4
ICA
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
InterVideo WinDVD 8
IPM_PSP_COM
IPM_PSP_COM64
Java 8 Update 66
Java Auto Updater
LightScribe System Software
LogMeIn
LogMeIn Client
Malwarebytes Anti-Malware version 2.2.0.1024
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Compact 4.0 x64 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox 44.0.2 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEW HAMPSHIRE ASSOCIATION REALTORS FORMS
Nikon Message Center
Nikon Message Center 2
Nikon Movie Editor
Nitro Reader 3
PDF Complete Special Edition
Picture Control Utility x64
PipStrider II (tm)
PipStrider(tm)
PowerChute Personal Edition 3.0.2
PrimoPDF -- brought to you by Nitro PDF Software
PSPPContent
PSPPHelp
PSPPro64
QuickBooks
QuickBooks Pro 2014
QuickBooks Runtime Redistributable
Realtek High Definition Audio Driver
Remote Graphics Receiver
Remote Graphics Sender
Replay Video Capture
Replay Video Capture 8
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio RecordNow 10 Music Lab
Roxio RecordNow 9 Music Lab
Roxio Update Manager
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Setup
SHARP MFP TWAIN V Scanner Driver
SHARP MX/DX Series PCL/PS Printer Driver
Sharpdesk
Sonic CinePlayer Decoder Pack
SUPERAntiSpyware
TeamViewer 10
thinkorswim from TD AMERITRADE
Top Producer Editor
TradeStation 9.0
TradeStation 9.1
TradeStation 9.5
TrueForms Online 4.6.0.21
TTM Squeeze 2.2
TTM Squeeze Radar 3.2
TweetDeck
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
VD64Inst
VectorVest 7
VectorVest U.S.
ViewNX 2
WD SmartWare Drive Manager
Windows Live ID Sign-in Assistant
Wisdom-soft ScreenHunter 6.0 Free
YouSendIt Express
zipForm6
.
==== Event Viewer Messages From Past Week ========
.
2/14/2016 8:07:56 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
2/14/2016 8:06:47 PM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
2/14/2016 8:06:27 PM, Error: NetBT [4321]  - The name "BROWNS         :0" could not be registered on the interface with IP address 10.1.10.56. The computer with the IP address 10.1.10.181 did not allow the name to be claimed by this computer.
2/13/2016 12:25:09 AM, Error: Schannel [36887]  - The following fatal alert was received: 20.
.
==== End Of File ===========================

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #2 on: February 16, 2016, 02:43:17 PM »

Hello Chuckles

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.


Step 1


Scan with Malwarebytes' Anti-Malware

Please re-run Malwarebytes' Anti-Malware.

  • First of all, select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the newest Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.

Step 2

Scan with Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Right-click on icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File)
  • When the tool opens click Yes to disclaimer.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please copy and paste their content into your next reply.
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline chuckles

  • Bronze Member
  • Posts: 95
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #3 on: February 16, 2016, 04:56:48 PM »
Ran Malwarebytes as directed:     Results  = 0 Threats   See Below

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/16/2016
Scan Time: 4:07 PM
Logfile: Steve Desk Scan Log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.16.06
Rootkit Database: v2016.02.08.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 412624
Time Elapsed: 24 min, 13 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Downloaded and Ran Farbar as Directed;   Frst and Addition results Below:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Steve (administrator) on STEVEDESK (16-02-2016 17:38:54)
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve (Available Profiles: Steve & fcnadmin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe
(Supra) C:\dKEYUSBCradle\SyncService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Supra) C:\dKEYUSBCradle\ProxyDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\dKEYUSBCradle\stunnel-4.10.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(YouSendIt) C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(© 2015 Microsoft Corporation) C:\Users\Steve\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Supra) C:\dKEYUSBCradle\SyncInfoApp.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\FTPServer.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Dropbox, Inc.) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(SHARP CORPORATION) C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Wisdom Software Inc. ) C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsender_gui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\Plugins\Ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\Hp.SkyRoom.Windows.RgsPlugin.Authentication.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sonic Solutions) C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_20_0_0_306_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8317472 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SN52IPRW] => C:\Windows\SysWOW64\SN52SELC.EXE [135168 2005-02-15] (SHARP CORPORATION)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-06-04] (Sonic Solutions)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [563736 2009-10-23] (PDF Complete Inc)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-11-03] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [SharpTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\SharpTray.exe [131584 2010-03-08] (SHARP CORPORATION)
HKLM-x32\...\Run: [FtpServer.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe [819712 2010-02-21] (SHARP CORPORATION)
HKLM-x32\...\Run: [IndexTray.exe] => C:\Program Files (x86)\Sharp\Sharpdesk\IndexTray.exe [395264 2010-03-08] (SHARP CORPORATION)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2678784 2011-10-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-28] (Google Inc.)
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-05-18] (Hewlett-Packard Company)
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\Run: [YouSendIt.exe] => C:\Program Files (x86)\YouSendIt\Express\YouSendIt.exe [198144 2012-04-10] (YouSendIt)
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935768 2015-09-29] (SUPERAntiSpyware)
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\Run: [Dropbox Update] => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-23] (Dropbox, Inc.)
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\Run: [BingSvc] => C:\Users\Steve\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-11] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\MountPoints2: D - D:\setup.exe
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt.31.dll [2016-02-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk [2013-10-07]
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DisplayKEY eSYNC Info.lnk [2013-10-14]
ShortcutTarget: DisplayKEY eSYNC Info.lnk -> C:\dKEYUSBCradle\SyncInfoApp.exe (Supra)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-10-11]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-10-11]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-10-11]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2014\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk [2013-09-22]
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ScreenHunter 6.0 Free.lnk [2015-11-17]
ShortcutTarget: ScreenHunter 6.0 Free.lnk -> C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe (Wisdom Software Inc. )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{EFABDCBE-21BD-403B-8A95-21C8269076C6}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://finance.search.yahoo.com/search;_ylt=AwrBJR6X2lNTshsAqWeTmYlQ;_ylc=X1MDMTM1MTE5NTAyNwRfcgMyBGJjawM0MHRqNmI1OG5vczRpJTI2YiUzRDQlMjZkJTNESDIwRWJRTnJZSDF3Q1ZhdGN3YmJiZTRWUVZOSlJvQW0wcVY2bWNDNm1kVnlqQS0tJTI2cyUzRGdnBGZyA3VoM19maW5hbmNlX3ZlcnRfZ3MEZ3ByaWQDdmFFa2l2ejlRYTZMUmJsMjFyenQ5QQRtdGVzdGlkA251bGwEbl9yc2x0AzExBG5fc3VnZwMwBG9yaWdpbgNmaW5hbmNlLnNlYXJjaC55YWhvby5jb20EcG9zAzAEcHFzdHIDBHBxc3RybAMEcXN0cmwDMjYEcXVlcnkDYmVzdCBzdG9jayBzcGxpdHMgY2FsZW5kYXIEdF9zdG1wAzEzOTgwMDQzNjc5MDEEdnRlc3RpZANVU0ZJTjAwOQ--?gprid=vaEkivz9Qa6LRbl21rzt9A&pvid=440JRjk4LjFAdmZZUXxwkgOyMjQuMVNT2pf__e9o&p=best+stock+splits+calendar&fr2=sb-top&fr=uh3_finance_vert_gs&type=2button
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPCOM/1
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://investing.money.msn.com/investments/calendar/stock-splits
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SL5M_FRPage
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1791241159-1826100194-129798548-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5ADF&PC=SL5A&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1791241159-1826100194-129798548-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-1791241159-1826100194-129798548-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {C269D811-8511-44CF-B310-28CDDFFB1B74} hxxp://www.nnerenmls.com/nne/valid/osi_valid9m.ocx
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://tradestation.webex.com/client/T28L/support/ieatgpc1.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=2063
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks 2014\HelpAsyncPluggableProtocol.dll [2015-11-04] (Intuit, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\aqopvbqa.default
FF NewTab: hxxp://isearch.shopathome.com/?user_id={38dc78e3-eb58-4c70-81ed-d2cb8c4b4568}
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine.US: Bing
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2:
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://investing.money.msn.com/investments/calendar/stock-splits?
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5EDF&PC=SL5E&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1791241159-1826100194-129798548-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Steve\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-06-25] (Citrix Online)
FF Plugin HKU\S-1-5-21-1791241159-1826100194-129798548-1000: tdameritrade.com/thinkorswim -> C:\Program Files (x86)\thinkTDA\npthinkorswim.dll [2014-12-23] (TD Ameritrade)
FF Plugin HKU\S-1-5-21-1791241159-1826100194-129798548-1000: tdameritrade.com/tossc -> C:\Program Files (x86)\thinkTDA\nptossc.dll [2014-12-23] (TD Ameritrade)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npxsciter.dll [2013-05-27] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npxsciter.dll [2013-05-27] ( )
FF Plugin ProgramFiles/Appdata: C:\Users\Steve\AppData\Roaming\mozilla\plugins\npatgpc.dll [2013-10-16] (Cisco WebEx LLC)
FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\aqopvbqa.default\searchplugins\bing-.xml [2015-12-29]
FF SearchPlugin: C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\aqopvbqa.default\searchplugins\web-search.xml [2014-12-21]
FF Extension: Bing Search - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\aqopvbqa.default\Extensions\bingsearch.full@microsoft.com [2015-08-30] [not signed]
FF Extension: Bing Search - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\aqopvbqa.default\Extensions\bingsearch.full@microsoft.com.xpi [2015-12-28]
FF Extension: ShopAtHome - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\aqopvbqa.default\Extensions\toolbar@shopathome.com.xpi [2014-12-21] [not signed]

Chrome:
=======
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://us.yhs4.search.yahoo.com/web/partner?&hspart=w3i&hsimp=yhs-syctransfer&type=W3i_SP,203,0_0,StartPage,20140415,20033,0,31,0"
CHR DefaultSearchURL: Default -> hxxp://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,202,0_0,Search,20140415,20034,0,31,0
CHR DefaultSearchKeyword: Default -> yahoo
CHR DefaultSuggestURL: Default -> hxxp://ff.search.yahoo.com/gossip?output=fxjson&amp;command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (registryAccess) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\background/registryAccess.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
CHR Profile: C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome RDP) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch [2015-12-01]
CHR Extension: (Google Search) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-01]
CHR Extension: (Bing) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2015-09-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-20]
CHR Extension: (Gmail) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-13]
CHR HKU\S-1-5-21-1791241159-1826100194-129798548-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [249856 2011-11-15] (Brother Industries, Ltd.) [File not signed]
R2 dKeySync; C:\dKEYUSBCradle\SyncService.exe [42496 2011-11-11] (Supra) [File not signed]
R2 Hp.Skyroom.Windows.Service; C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Hp.Skyroom.Windows.Service.exe [124472 2010-03-03] (Hewlett-Packard)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-05-18] (Hewlett-Packard Company) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2015-12-10] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [507400 2015-12-10] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2014-04-28] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2014-04-28] (Hewlett-Packard) [File not signed]
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-11-04] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]
R2 rgsender; c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\rgsendersvc.exe [379904 2009-11-19] (Hewlett-Packard, Inc.) [File not signed]
S3 Roxio UPnP Renderer 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [57344 2006-12-14] (Sonic Solutions) [File not signed]
S2 Roxio Upnp Server 9; C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe [294912 2006-12-14] (Sonic Solutions) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5419792 2014-11-28] (TeamViewer GmbH)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [311296 2011-08-01] (WDC) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-08] (e2eSoft)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-29] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-12-11] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-12-11] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-12-11] (Acronis International GmbH)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-16 17:38 - 2016-02-16 17:39 - 00035575 _____ C:\Users\Steve\Desktop\FRST.txt
2016-02-16 17:38 - 2016-02-16 17:38 - 00000000 ____D C:\FRST
2016-02-16 17:37 - 2016-02-16 17:37 - 02370560 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2016-02-16 17:36 - 2016-02-16 17:37 - 02370560 _____ (Farbar) C:\Users\Steve\Downloads\FRST64.exe
2016-02-16 17:36 - 2016-02-16 17:36 - 00001068 _____ C:\Users\Steve\Desktop\Steve Desk Scan Log.txt
2016-02-14 22:48 - 2016-02-14 22:48 - 00024437 _____ C:\Users\Steve\Desktop\dds.txt
2016-02-14 22:48 - 2016-02-14 22:48 - 00009427 _____ C:\Users\Steve\Desktop\attach.txt
2016-02-14 22:46 - 2016-02-14 22:46 - 00688992 _____ (Swearware) C:\Users\Steve\Downloads\dds.com
2016-02-11 23:14 - 2016-02-13 17:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-11 22:41 - 2016-02-11 22:41 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-02 12:42 - 2016-02-02 12:42 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applian Technologies
2016-01-23 18:09 - 2016-01-23 18:09 - 04492371 _____ C:\Users\Steve\Downloads\attachments-8249936.pdf
2016-01-23 17:42 - 2016-01-23 17:42 - 00649496 _____ C:\Users\Steve\Downloads\attachments-7597803.pdf
2016-01-18 01:11 - 2016-01-18 01:11 - 00877764 _____ C:\Users\Steve\Downloads\attachments-8234384.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-16 17:22 - 2014-10-08 18:20 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1791241159-1826100194-129798548-1000.job
2016-02-16 17:06 - 2012-04-06 07:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-16 17:04 - 2015-06-23 22:53 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1791241159-1826100194-129798548-1000UA.job
2016-02-16 16:54 - 2015-05-31 13:25 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1791241159-1826100194-129798548-1000.job
2016-02-16 16:46 - 2011-10-28 11:14 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-16 16:45 - 2011-11-04 07:54 - 00000000 ____D C:\ProgramData\LogMeIn
2016-02-16 16:06 - 2014-05-24 04:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-16 15:04 - 2015-06-23 22:53 - 00000866 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1791241159-1826100194-129798548-1000Core.job
2016-02-16 10:10 - 2011-10-29 11:24 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C1873BC-F8A1-4D1A-ABBF-05C69BF13F15}
2016-02-16 07:10 - 2011-11-11 21:12 - 00003186 _____ C:\Windows\System32\Tasks\HPCeeScheduleForSteve
2016-02-16 07:10 - 2011-11-11 21:12 - 00000332 _____ C:\Windows\Tasks\HPCeeScheduleForSteve.job
2016-02-16 05:32 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-16 05:32 - 2009-07-13 23:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-15 18:46 - 2011-10-28 11:14 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-15 07:39 - 2012-07-31 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-02-15 07:39 - 2012-07-31 21:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-02-15 07:39 - 2012-07-31 21:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-02-15 07:38 - 2013-10-20 19:15 - 00000000 ____D C:\Users\Steve\AppData\Local\CrashDumps
2016-02-14 20:09 - 2013-10-16 14:26 - 00000000 ___RD C:\Users\Steve\Dropbox
2016-02-14 20:09 - 2013-10-16 14:22 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Dropbox
2016-02-14 20:08 - 2014-01-21 16:23 - 00000990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-02-14 20:08 - 2011-10-28 00:04 - 00000000 ____D C:\Users\Steve
2016-02-14 20:07 - 2013-10-14 13:24 - 00000000 ____D C:\dKEYUSBCradle
2016-02-14 20:07 - 2011-11-04 07:55 - 00001024 _____ C:\.rnd
2016-02-14 20:06 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-14 19:06 - 2013-11-07 16:19 - 00000000 ____D C:\! NEW Real Estate Photos
2016-02-14 00:38 - 2011-07-26 14:11 - 00000000 ____D C:\ProgramData\PDFC
2016-02-13 23:39 - 2012-05-05 10:58 - 00000000 ____D C:\Program Files (x86)\Replay Video Capture
2016-02-13 17:35 - 2013-12-04 01:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-11 04:31 - 2015-05-31 13:25 - 00003686 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1791241159-1826100194-129798548-1000
2016-02-11 04:31 - 2014-10-08 18:20 - 00003590 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1791241159-1826100194-129798548-1000
2016-02-10 12:47 - 2012-11-18 09:54 - 00002214 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-09 16:06 - 2012-04-06 07:47 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-09 16:06 - 2012-04-06 07:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-02-09 16:06 - 2011-10-28 11:14 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-08 19:50 - 2011-10-28 00:05 - 00000000 ____D C:\Users\Steve\AppData\Local\PDFC
2016-02-06 12:26 - 2015-11-23 14:15 - 00032768 ___SH C:\Users\Steve\Thumbs.db
2016-02-05 13:44 - 2011-11-05 17:54 - 00000000 ____D C:\Users\Steve\AppData\Roaming\PrimoPDF
2016-02-03 00:21 - 2015-11-15 08:10 - 00000000 ____D C:\Users\Steve\AppData\Roaming\Replay Video Capture 8
2016-02-02 22:06 - 2013-12-09 23:55 - 00000000 ____D C:\Users\Steve\AppData\Local\Applian
2016-02-02 12:42 - 2015-11-15 09:07 - 00000000 ____D C:\Windows\Replay Video Capture 8
2016-02-02 12:42 - 2015-11-15 09:07 - 00000000 ____D C:\Program Files (x86)\Replay Video Capture 8
2016-02-02 12:18 - 2011-11-18 10:17 - 00000000 ____D C:\Users\Steve\Documents\Outlook Files
2016-02-01 18:41 - 2011-10-28 11:14 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-01 18:41 - 2011-10-28 11:14 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-30 01:43 - 2014-04-02 09:06 - 00000000 ____D C:\Users\Steve\Documents\Sharpdesk Desktop

==================== Files in the root of some directories =======

2013-10-18 17:20 - 2014-01-03 21:18 - 0000000 _____ () C:\Users\Steve\AppData\Roaming\Dialogs
2014-01-03 21:19 - 2014-01-03 21:19 - 0000268 ____R () C:\Users\Steve\AppData\Roaming\Distortion
2014-01-03 21:19 - 2014-01-03 21:19 - 0000268 ____R () C:\Users\Steve\AppData\Roaming\Documentation
2014-01-03 21:19 - 2014-01-03 21:19 - 0000268 ____R () C:\Users\Steve\AppData\Roaming\Documents
2014-01-03 21:18 - 2014-01-03 21:18 - 0000268 ____R () C:\Users\Steve\AppData\Roaming\Error Handlers
2013-10-13 15:41 - 2013-10-13 15:41 - 0933886 _____ () C:\Users\Steve\AppData\Roaming\fontlst2.opf
2011-10-28 01:31 - 2013-07-06 10:02 - 0000320 _____ () C:\Users\Steve\AppData\Roaming\SEC517874.trad
2011-10-28 11:25 - 2011-10-28 11:25 - 0000320 _____ () C:\Users\Steve\AppData\Roaming\SEC540721.trad
2013-10-19 08:49 - 2013-10-19 08:49 - 0000093 _____ () C:\Users\Steve\AppData\Local\fusioncache.dat
2011-11-22 12:16 - 2015-09-08 22:38 - 0007602 _____ () C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
2012-01-09 15:16 - 2013-10-25 17:58 - 0592348 _____ () C:\Users\Steve\AppData\Local\rx_audio.Cache
2012-01-09 15:15 - 2013-04-22 11:23 - 2977680 _____ () C:\Users\Steve\AppData\Local\rx_image.Cache
2013-10-22 14:40 - 2013-10-25 17:58 - 0348336 _____ () C:\Users\Steve\AppData\Local\rx_image32.Cache
2011-10-29 11:13 - 2011-10-29 11:13 - 0000008 __RSH () C:\ProgramData\6222B95FFF.sys
2014-01-03 21:18 - 2014-01-03 21:18 - 0000000 _____ () C:\ProgramData\Dance
2014-01-03 21:18 - 2014-01-03 21:18 - 0000000 _____ () C:\ProgramData\Devices
2014-01-03 21:19 - 2014-01-03 21:19 - 0000268 ___RH () C:\ProgramData\Drums
2014-01-03 21:19 - 2014-01-03 21:19 - 0000268 ___RH () C:\ProgramData\Dynamic Library
2014-01-03 21:19 - 2014-01-03 21:19 - 0000268 ___RH () C:\ProgramData\Echo
2014-01-03 21:18 - 2014-01-03 21:18 - 0000268 ___RH () C:\ProgramData\File Templates
2011-10-29 11:13 - 2013-10-12 20:33 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-05-29 22:47 - 2014-05-29 22:47 - 0000000 _____ () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\DefaultPack.EXE
C:\Users\Steve\AppData\Local\Temp\_isC69C.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-08 00:55

==================== End of FRST.txt ============================

NOTE: I had to split the response into two replies due to excessive character count.

Offline chuckles

  • Bronze Member
  • Posts: 95
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #4 on: February 16, 2016, 04:58:55 PM »

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Steve (2016-02-16 17:39:23)
Running from C:\Users\Steve\Desktop
Windows 7 Professional Service Pack 1 (X64) (2011-10-28 05:03:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1791241159-1826100194-129798548-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1791241159-1826100194-129798548-1004 - Limited - Enabled)
fcnadmin (S-1-5-21-1791241159-1826100194-129798548-1005 - Administrator - Enabled) => C:\Users\fcnadmin
Guest (S-1-5-21-1791241159-1826100194-129798548-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1791241159-1826100194-129798548-1002 - Limited - Enabled)
Steve (S-1-5-21-1791241159-1826100194-129798548-1000 - Administrator - Enabled) => C:\Users\Steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 17.2.1 - Hewlett-Packard) Hidden
Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
ActiveCheck component for HP Active Support Library (x32 Version: 3.0.0.3 - Hewlett-Packard) Hidden
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Brother HL-5250DN (HKLM-x32\...\{A4385793-5A49-4707-8C9A-957978F4A07A}) (Version: 1.00 - Brother)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Corel PaintShop Pro X6 (HKLM-x32\...\_{166D1CB6-DD8A-40DD-9E25-4D31D2D6DE4D}) (Version: 16.2.0.20 - Corel Corporation)
Corel PaintShop Pro X6 (x32 Version: 16.2.0.20 - Corel Corporation) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
DisplayKEY USB Cradle (HKLM\...\{BBA09DF4-4519-4BD0-B203-A58CACB92DFA}) (Version: 2.0.0.329 - Supra)
Dropbox (HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\Dropbox) (Version: 3.14.5 - Dropbox, Inc.)
EMCGadgets64 (Version: 1.1.138 - Sonic) Hidden
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.11.1.4419 (HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\GoToMeeting) (Version: 7.11.1.4419 - CitrixOnline)
HL-5450DN (HKLM-x32\...\{7171B206-5C5A-4B7F-B9E1-1F1827FC769F}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
hotComm® CL (HKLM-x32\...\hotComm® CL) (Version: 7.50.067x - 1stWorks Corporation)
HP LaserJet 1020 Series (HKLM\...\HP LaserJet 1020 Series) (Version:  - )
HP Performance Advisor (HKLM-x32\...\{5E00EEB2-2D15-46F3-BB29-CD11C6BDA299}) (Version: 1.1.1916 - Hewlett-Packard)
HP SkyRoom (HKLM-x32\...\InstallShield_{0DEDF0B4-7737-447D-A705-A8E1831E3FCB}) (Version: 1.1.6.5201. - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{306DD894-F1FA-4548-89F2-43ABDEA45A12}) (Version: 5.1.0.5 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HPAsset component for HP Active Support Library (x32 Version: 3.0.2.2 - Hewlett-Packard) Hidden
IBFX - MT4 - Tools 4.7.4 (HKLM-x32\...\IBFX - MT4 - Tools) (Version: 4.7.4 - Interbank FX, LLC.)
IBFX MT4 (HKLM-x32\...\IBFX MT4) (Version: 4.00 - MetaQuotes Software Corp.)
ICA (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2202 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.64 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.64 - InterVideo Inc.) Hidden
IPM_PSP_COM (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 16.0.0.113 - Corel Corporation) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
LightScribe System Software (HKLM-x32\...\{DD6C316A-FE75-4FBB-9D22-4C1920232B72}) (Version: 1.18.5.1 - LightScribe)
LogMeIn (HKLM-x32\...\{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}) (Version: 4.1.1890 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NEW HAMPSHIRE ASSOCIATION REALTORS FORMS (HKLM-x32\...\{73602FD6-3749-461D-870C-D171C510191A}) (Version: ANH00-NH - )
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.3 - Nikon)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.112 - PDF Complete, Inc)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.16 - Nikon)
PipStrider II (tm) (HKLM-x32\...\PipStrider II (tm)) (Version:  - )
PipStrider(tm) (HKLM-x32\...\PipStrider(tm)) (Version:  - )
PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PSPPContent (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
PSPPro64 (Version: 16.2.0.20 - Corel Corporation) Hidden
QuickBooks (x32 Version: 24.0.4010.2403 - Intuit Inc.) Hidden
QuickBooks Pro 2014 (HKLM-x32\...\{4A21D17E-2FE8-42CD-88B7-ACF8E8860834}) (Version: 24.0.4001.2403 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5973 - Realtek Semiconductor Corp.)
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.3.2 - Hewlett-Packard)
Remote Graphics Receiver (x32 Version: 5.3.2 - Hewlett-Packard) Hidden
Remote Graphics Sender (HKLM-x32\...\{2A08C71B-CC60-42EA-8DA2-FE5486E3B20B}) (Version: 5.3.2 - Hewlett-Packard)
Remote Graphics Sender (x32 Version: 5.3.2 - Hewlett-Packard) Hidden
Replay Video Capture (HKLM-x32\...\Replay Video Capture4.2) (Version: 4.2 - Applian Technologies Inc.)
Replay Video Capture 8 (HKLM-x32\...\Replay Video Capture8.3.2) (Version: 8.3.2 - Applian Technologies Inc.)
Roxio RecordNow 10 Music Lab (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
Roxio RecordNow 9 Music Lab (HKLM-x32\...\{0F2FFDCA-43EB-47C0-A02E-D9A2ECF98A8A}) (Version: 9.0.176 - Roxio)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (x32 Version: 16.0.0.113 - Corel Corporation) Hidden
SHARP MFP TWAIN V Scanner Driver (HKLM-x32\...\SHARP MFP TWAIN V Scanner Driver) (Version: 1.00.000 - SHARP)
SHARP MX/DX Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2300 2700 3500 4500 Series PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
Sharpdesk (HKLM-x32\...\{8664FCE8-F91A-42BC-927C-AA318185E5EA}) (Version: 3.3 - SHARP CORPORATION)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36244 - TeamViewer)
thinkorswim from TD AMERITRADE (HKLM-x32\...\thinkorswim from TD AMERITRADE) (Version:  - TD AMERITRADE, Inc.)
Top Producer Editor (HKLM-x32\...\Top Producer Editor_is1) (Version:  - )
TradeStation 9.0 (HKLM-x32\...\{6EF11260-2361-409D-B91C-373D8732EED8}) (Version: 9.0.0.8997 - TradeStation Technologies)
TradeStation 9.1 (HKLM-x32\...\{B948B39D-214F-486E-BCD9-8AB691F8762A}) (Version: 9.01.00.12681 - TradeStation Technologies)
TradeStation 9.5 (HKLM-x32\...\{E02A3EE0-1193-454C-8E59-BDFCE6EC7B22}) (Version: 9.05.00.2444 - TradeStation Technologies)
TrueForms Online 4.6.0.21 (HKLM-x32\...\{BB4A9F70-FF24-4523-9431-EC8C06BCF9DF}) (Version: 4.6.01.21 - )
TTM Squeeze 2.2 (HKLM-x32\...\TTM Squeeze_is1) (Version:  - TradeTheMarkets.com)
TTM Squeeze Radar 3.2 (HKLM-x32\...\TTM Squeeze Radar_is1) (Version:  - TradeTheMarkets.com)
TweetDeck (HKLM-x32\...\{C5AC39F1-001D-4338-84C6-35109525588A}) (Version: 1.0.0 - Twitter, Inc.)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VectorVest 7 (HKLM-x32\...\{93057e39-ceeb-4f3b-8a79-223512e8cb5b}) (Version: 1.16.175.0 - VectorVest, Inc.)
VectorVest U.S. (HKLM-x32\...\{A6B82920-25DD-41B5-A680-5B6FB65BA6D9}) (Version: 1.4.9 - VectorVest, Inc.)
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.3 - Nikon)
WD SmartWare Drive Manager (HKLM\...\{BEC2EFB7-93E4-4F5F-B056-602ACEC2B759}) (Version: 1.5.0 - Western Digital)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Wisdom-soft ScreenHunter 6.0 Free (HKLM-x32\...\Wisdom-soft ScreenHunter 6.0 Free) (Version:  - Wisdom Software Inc.)
YouSendIt Express (HKLM-x32\...\InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}) (Version: 2.11.2 - YouSendIt)
YouSendIt Express (x32 Version: 2.11.2 - YouSendIt) Hidden
zipForm6 (HKLM-x32\...\zipForm6) (Version: 1.0.0.0 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1791241159-1826100194-129798548-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1791241159-1826100194-129798548-1000_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1791241159-1826100194-129798548-1000_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1791241159-1826100194-129798548-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\1132\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1791241159-1826100194-129798548-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-1791241159-1826100194-129798548-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-1791241159-1826100194-129798548-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File
CustomCLSID: HKU\S-1-5-21-1791241159-1826100194-129798548-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Steve\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1CBAFB34-BBC2-426A-928D-2EC676822FE6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-07-13] (Hewlett-Packard Company)
Task: {1D45D207-81E2-442B-A5CD-DD5F0FF777DF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
Task: {206C9D0D-7812-47C2-9FE1-7AA3E48CDFF0} - System32\Tasks\{842457FD-7499-45AB-820A-2A5C84AF6854} => pcalua.exe -a "C:\Program Files (x86)\Nikon software\S-VNX2__-020803WF-NSAEN-64BIT_.exe" -d "C:\Program Files (x86)\Nikon software"
Task: {4400CB5B-2E62-4B2C-B423-FAEA4819AB67} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2010-07-13] (Hewlett-Packard Company)
Task: {4C070DB2-8F8A-4788-8CE5-B18E48D01D57} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {56FC54A9-07D7-4332-9ED2-80A29B68ECB6} - System32\Tasks\{A7979AEE-52C5-4255-9774-64411EA191BB} => pcalua.exe -a "C:\Users\Steve\AppData\Local\Temp\Temp1_Sharp Printer Stutus Moniter_32-64bit.zip\Sharp Printer Stutus Moniter_32-64bit.exe"
Task: {66DAAC7F-C3A5-4E1D-A6DF-5F3D01EA7CA6} - System32\Tasks\G2MUploadTask-S-1-5-21-1791241159-1826100194-129798548-1000 => C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\4419\g2mupload.exe [2016-02-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {71D394E5-F4CC-41F5-9DFF-4224874C62C2} - System32\Tasks\{8AC0D0D9-A79F-4C5B-A564-CF0CF79EB58E} => pcalua.exe -a "C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q97DKKRZ\thinkorswim_windows_installer.exe" -d C:\Users\Steve\Desktop
Task: {8DCFDBC7-1A00-4464-B923-680B145FF5B6} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1791241159-1826100194-129798548-1000Core => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {9712E711-7940-4A3D-8A15-1CBCDDA51568} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9B367AAB-82CB-464E-AC3F-E3A108E200C6} - System32\Tasks\{BA7EF2DA-0495-43D1-9B54-981CF1D57AAB} => C:\Program Files (x86)\TradeStation 9.1\Program\ORPlat.exe [2013-11-07] (TradeStation Technologies, Inc.)
Task: {A214A824-2C20-42CA-997B-7F8134D77D9E} - System32\Tasks\HPCeeScheduleForSteve => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07] (Hewlett-Packard)
Task: {AB8B69B0-221C-49D5-B892-77B16AAAAEB9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C9341FB7-5BA9-4219-BF94-A0FD618A129C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1791241159-1826100194-129798548-1000UA => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-23] (Dropbox, Inc.)
Task: {D19F20BE-34E9-43B9-BBA0-363540F98922} - System32\Tasks\G2MUpdateTask-S-1-5-21-1791241159-1826100194-129798548-1000 => C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\4419\g2mupdate.exe [2016-02-11] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D20C3365-0016-42D0-9B9A-C86C3CD2E694} - System32\Tasks\{204E72C8-B08C-418A-BDF7-89AE96EA4F0D} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{8850DEC8-22FD-4F05-A3AA-49B91200C24F}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {F8273BBD-B8D4-4363-867F-776A7BEDA1F4} - System32\Tasks\{A15248A1-80AB-4BFE-9FF9-A22AB9831811} => pcalua.exe -a "C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IAHI537\TradeStation%209.0%20Setup[1].exe" -d C:\Users\Steve\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1791241159-1826100194-129798548-1000Core.job => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1791241159-1826100194-129798548-1000UA.job => C:\Users\Steve\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1791241159-1826100194-129798548-1000.job => C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\4419\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1791241159-1826100194-129798548-1000.job => C:\Users\Steve\AppData\Local\Citrix\GoToMeeting\4419\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForSteve.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Steve Brown Sells Homes 1386094405.job => C:\Program Files (x86)\Intuit\QuickBooks 2014\AutoBackupEXE.exeh/FC:\Users\Public\Documents\Intuit\QuickBooks\Company Files\Steve Brown Sells Homes.qbw

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\VectorVest U.S..lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.vectorvest.com/VVLogin/License.aspx?type=1

==================== Loaded Modules (Whitelisted) ==============

2014-12-18 02:58 - 2012-09-18 15:27 - 00192512 _____ () C:\Windows\System32\zlhp1020.dll
2011-11-05 17:50 - 2011-02-28 17:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2014-12-18 02:58 - 2012-09-18 15:27 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-10-07 21:14 - 2012-09-18 15:27 - 03162624 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\suhp1020.dll
2014-10-07 21:14 - 2012-09-18 15:27 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\gchp1020.dll
2013-10-01 10:26 - 2013-10-01 10:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2011-08-31 21:13 - 2011-08-31 21:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-11 13:27 - 2011-11-11 13:27 - 00073216 _____ () C:\dKEYUSBCradle\stunnel-4.10.exe
2009-06-19 11:21 - 2009-06-19 11:21 - 01249280 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\ice32.dll
2009-06-19 11:21 - 2009-06-19 11:21 - 00159744 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\iceutil32.dll
2009-06-19 11:21 - 2009-06-19 11:21 - 00065536 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\bzip2.dll
2009-06-19 11:21 - 2009-06-19 11:21 - 00167936 _____ () C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\IceSSL32.dll
2005-03-28 23:58 - 2005-03-28 23:58 - 00847872 _____ () C:\dKEYUSBCradle\libeay32.dll
2010-03-16 08:52 - 2010-03-16 08:52 - 00159744 _____ () C:\dKEYUSBCradle\libssl32.dll
2009-05-18 12:55 - 2009-05-18 12:55 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2009-05-18 12:55 - 2009-05-18 12:55 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2009-05-18 12:55 - 2009-05-18 12:55 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2015-11-04 00:46 - 2015-11-04 00:46 - 00623384 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_regex-vc100-mt-1_47.dll
2015-11-04 00:48 - 2015-11-04 00:48 - 00021272 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBCompressor.dll
2013-08-19 09:03 - 2013-08-19 09:03 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\zlib1.dll
2015-11-04 00:48 - 2015-11-04 00:48 - 00149272 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBMAPILibrary.dll
2015-11-04 00:46 - 2015-11-04 00:46 - 00247064 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\boost_serialization-vc100-mt-1_47.dll
2015-11-04 00:47 - 2015-11-04 00:47 - 00623896 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FtuEngine.dll
2015-11-04 00:46 - 2015-11-04 00:46 - 00582424 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\BackupLib.dll
2015-11-04 00:48 - 2015-11-04 00:48 - 00142616 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\QBProActiveCore.dll
2015-11-04 00:47 - 2015-11-04 00:47 - 00793368 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\FeaturesBridge.dll
2015-11-04 00:48 - 2015-11-04 00:48 - 00043800 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2014\mbpopup.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2015-12-12 00:48 - 2016-01-12 13:44 - 00034768 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-02-11 22:41 - 2016-01-12 13:45 - 00019408 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-12 00:48 - 2016-01-12 13:44 - 00116688 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 00:48 - 2016-01-12 13:44 - 00093640 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 00:48 - 2016-01-12 13:44 - 00018376 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 00019760 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 00:48 - 2016-01-12 13:46 - 00105928 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-12 00:48 - 2016-01-12 13:44 - 00392144 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 00:48 - 2016-02-08 20:59 - 00381752 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 00:48 - 2016-01-12 13:44 - 00692688 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00020816 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 00:48 - 2016-01-12 13:45 - 00112592 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 01682760 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00020808 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 00020800 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 00021840 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00038696 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-12 00:48 - 2016-01-12 13:46 - 00020936 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 00:48 - 2016-01-12 13:46 - 00024528 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 00:48 - 2016-01-12 13:47 - 00114640 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 00:48 - 2016-01-12 13:46 - 00124880 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00021832 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 00:48 - 2016-01-12 13:46 - 00024016 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 00:48 - 2016-01-12 13:46 - 00175560 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 00:48 - 2016-01-12 13:47 - 00030160 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 00:48 - 2016-01-12 13:47 - 00043472 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 00:48 - 2016-01-12 13:47 - 00028616 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 00:48 - 2016-01-12 13:47 - 00048592 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00026456 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 00:48 - 2016-01-12 13:46 - 00057808 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 00:48 - 2016-01-12 13:47 - 00024016 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00117056 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 00024392 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-02-11 22:41 - 2016-01-12 13:47 - 00036296 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 00:48 - 2016-02-08 20:59 - 00023376 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 00:48 - 2016-01-12 13:44 - 00134608 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-12 00:48 - 2016-01-12 13:44 - 00134088 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-02-11 22:41 - 2016-01-12 13:45 - 00240584 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 00052024 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00020800 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00021824 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00019776 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00020800 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00020280 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 00:48 - 2016-01-12 13:47 - 00350152 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00022352 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00084792 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-12 00:48 - 2016-02-08 20:59 - 01826096 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 00:48 - 2016-01-12 13:45 - 00083912 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 03928880 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 01971504 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 00531248 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 00132912 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 00223544 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 00207672 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00158008 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-11 22:41 - 2016-02-08 20:59 - 00042808 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-02-11 22:41 - 2016-01-12 13:49 - 00017864 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-02-11 22:41 - 2016-01-12 13:49 - 01631184 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-12 00:48 - 2016-02-08 20:59 - 00024904 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 00546096 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-12 00:48 - 2016-02-08 20:59 - 00357680 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-03-04 16:45 - 2016-01-12 13:52 - 00697304 _____ () C:\Users\Steve\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2010-02-21 21:44 - 2010-02-21 21:44 - 00006144 _____ () C:\Program Files (x86)\Sharp\Sharpdesk\discoveryps.dll
2010-02-21 21:50 - 2010-02-21 21:50 - 00930304 _____ () C:\Program Files (x86)\Sharp\Sharpdesk\SCprMfpif.dll
2006-12-13 23:32 - 2006-12-13 23:32 - 04587520 ____R () C:\Program Files (x86)\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2011-07-26 14:18 - 2009-07-24 14:10 - 02199552 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtCore4.dll
2011-07-26 14:18 - 2009-07-24 14:10 - 08024064 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\QtGui4.dll
2011-07-26 14:18 - 2008-01-09 13:08 - 01245184 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\ice32.dll
2011-07-26 14:18 - 2008-01-09 13:10 - 00159744 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\iceutil32.dll
2011-07-26 14:18 - 2008-01-09 13:06 - 00065536 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\bzip2.dll
2011-07-26 14:18 - 2008-01-09 13:10 - 00167936 ____R () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\IceSSL32.dll
2011-07-26 14:19 - 2009-06-19 11:21 - 01249280 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\ice32.dll
2011-07-26 14:19 - 2009-06-19 11:21 - 00159744 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\iceutil32.dll
2011-07-26 14:19 - 2009-06-19 11:21 - 00065536 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\bzip2.dll
2011-07-26 14:19 - 2009-06-19 11:21 - 00167936 _____ () c:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\remote graphics sender\plugins\ice\Hp.SkyRoom.Windows.RgsPlugin.Authentication\IceSSL32.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Steve\Desktop\acronis:Roxio EMC Stream
AlternateDataStreams: C:\Users\Steve\Documents\Applian:Roxio EMC Stream

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\getoffutt.com -> getoffutt.com
IE trusted site: HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\marketlinx.com -> marketlinx.com
IE trusted site: HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\nnerenmls.com -> hxxp://www.nnerenmls.com
IE trusted site: HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\trueforms.com -> hxxps://*.trueforms.com
IE trusted site: HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\trueforms.com -> hxxp://*.trueforms.com
IE trusted site: HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\trueformsonline.com -> hxxps://*.trueformsonline.com
IE trusted site: HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\vectorvest.com -> www.vectorvest.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1791241159-1826100194-129798548-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{DCB9E3BD-D579-4423-9E7F-6B06AD7F1DD7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\HP.SkyRoom.exe
FirewallRules: [{8FC23D46-4787-46A8-A1AF-F8BA2815D07A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\HP.SkyRoom.exe
FirewallRules: [{D9788A91-0795-40F6-A923-0DCED0E54BA6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{E40CE104-3901-43BE-87B9-292DCEB26433}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Remote Graphics Receiver\rgreceiver.exe
FirewallRules: [{F1F8933C-5364-46B7-BF3D-335ACE55BE02}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Remote Graphics Sender\rgsender.exe
FirewallRules: [{4AB8E7ED-9F7F-47CB-BBDA-3C2CF4F58A17}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Remote Graphics Sender\rgsender.exe
FirewallRules: [{9081124E-11BF-4B2C-95A6-0A3D71A16A6E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Remote Graphics Sender\rgsender_gui.exe
FirewallRules: [{34C21B62-1CC7-4974-90F8-60EBE61692AA}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP SkyRoom\Remote Graphics Sender\rgsender_gui.exe
FirewallRules: [TCP Query User{D369C687-30DA-498E-9008-B8351FF62FFB}C:\program files (x86)\thinkorswim\usergui\1802.20\ieembed.exe] => (Allow) C:\program files (x86)\thinkorswim\usergui\1802.20\ieembed.exe
FirewallRules: [UDP Query User{E61B4BAF-FFBD-4C8B-BA68-690BC9382453}C:\program files (x86)\thinkorswim\usergui\1802.20\ieembed.exe] => (Allow) C:\program files (x86)\thinkorswim\usergui\1802.20\ieembed.exe
FirewallRules: [TCP Query User{4593B04F-240C-41F5-BD8B-36DDED29187B}C:\program files (x86)\thinkorswim\usergui\1802.24\ieembed.exe] => (Allow) C:\program files (x86)\thinkorswim\usergui\1802.24\ieembed.exe
FirewallRules: [UDP Query User{5B208026-9D47-4FB7-B94A-DA4F69EF9CB2}C:\program files (x86)\thinkorswim\usergui\1802.24\ieembed.exe] => (Allow) C:\program files (x86)\thinkorswim\usergui\1802.24\ieembed.exe
FirewallRules: [TCP Query User{4DC77DE2-FA4F-4A2E-8D52-A8E38BA1B9DE}C:\program files (x86)\thinkorswim\usergui\1802.25\ieembed.exe] => (Allow) C:\program files (x86)\thinkorswim\usergui\1802.25\ieembed.exe
FirewallRules: [UDP Query User{CC11AAC4-81BA-44E9-A40B-0E6A4A101733}C:\program files (x86)\thinkorswim\usergui\1802.25\ieembed.exe] => (Allow) C:\program files (x86)\thinkorswim\usergui\1802.25\ieembed.exe
FirewallRules: [TCP Query User{A391CE63-FB49-443F-823A-02941B75147D}C:\program files (x86)\thinkorswim\usergui\1806.19\ieembed.exe] => (Allow) C:\program files (x86)\thinkorswim\usergui\1806.19\ieembed.exe
FirewallRules: [UDP Query User{35F587F8-37B5-40D7-B414-58F8024749D9}C:\program files (x86)\thinkorswim\usergui\1806.19\ieembed.exe] => (Allow) C:\program files (x86)\thinkorswim\usergui\1806.19\ieembed.exe
FirewallRules: [TCP Query User{85B4DB50-2FEE-435C-9D5F-85F9FD6DA272}C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe] => (Allow) C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe
FirewallRules: [UDP Query User{3AA85B17-B1D3-49FD-B2A7-2307E512133C}C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe] => (Allow) C:\program files (x86)\1stworks\hotcommcl\bin\hotcomm.exe
FirewallRules: [TCP Query User{8C3AC585-F8F5-46E4-BBB0-AF1B228B5B00}C:\program files (x86)\thinkorswim\usergui\1806.21\ieembed.exe] => (Block) C:\program files (x86)\thinkorswim\usergui\1806.21\ieembed.exe
FirewallRules: [UDP Query User{E2BE03E4-5368-47AE-B7BE-7C4E681B5683}C:\program files (x86)\thinkorswim\usergui\1806.21\ieembed.exe] => (Block) C:\program files (x86)\thinkorswim\usergui\1806.21\ieembed.exe
FirewallRules: [TCP Query User{C5A62A36-5270-4F25-AF85-71E83EDB42A6}C:\program files (x86)\thinkorswim\usergui\1808.19\ieembed.exe] => (Allow) C:\program files (x86)\thinkorswim\usergui\1808.19\ieembed.exe
FirewallRules: [UDP Query User{ED411C68-5770-443C-8D62-C38DA96D2364}C:\program files (x86)\thinkorswim\usergui\1808.19\ieembed.exe] => (Allow) C:\program files (x86)\thinkorswim\usergui\1808.19\ieembed.exe
FirewallRules: [TCP Query User{4568319B-E28B-42F7-800D-65FBE1D7BA1F}C:\program files (x86)\thinkorswim\usergui\1808.21\ieembed.exe] => (Allow) C:\program files (x86)\thinkorswim\usergui\1808.21\ieembed.exe
FirewallRules: [UDP Query User{1A26585E-9FF7-4239-A810-BD95909B59AB}C:\program files (x86)\thinkorswim\usergui\1808.21\ieembed.exe] => (Allow) C:\program files (x86)\thinkorswim\usergui\1808.21\ieembed.exe
FirewallRules: [TCP Query User{2F910BAC-4B52-423D-8253-AD624E08CE6A}C:\program files (x86)\thinkorswim\usergui\1808.26\ieembed.exe] => (Block) C:\program files (x86)\thinkorswim\usergui\1808.26\ieembed.exe
FirewallRules: [UDP Query User{CF953B58-E1CC-4258-AA30-992E3FC02328}C:\program files (x86)\thinkorswim\usergui\1808.26\ieembed.exe] => (Block) C:\program files (x86)\thinkorswim\usergui\1808.26\ieembed.exe
FirewallRules: [TCP Query User{F4BF2767-17BB-45E4-BCA5-E29A04BE3C93}C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe] => (Block) C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe
FirewallRules: [UDP Query User{E14AAA30-1E21-41DF-8C33-AD93B893C2BF}C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe] => (Block) C:\program files (x86)\roxio\audio master 9\musicdisccreator9.exe
FirewallRules: [TCP Query User{D56D4579-C280-4A72-B2BF-AEDF69EB03B7}C:\program files (x86)\sharp\sharpdesk\ftpserver.exe] => (Allow) C:\program files (x86)\sharp\sharpdesk\ftpserver.exe
FirewallRules: [UDP Query User{D8A700CE-51CC-4279-9012-86B23D56090E}C:\program files (x86)\sharp\sharpdesk\ftpserver.exe] => (Allow) C:\program files (x86)\sharp\sharpdesk\ftpserver.exe
FirewallRules: [TCP Query User{6598C99E-34C1-44D6-B58F-E1F4405887CC}C:\program files (x86)\sharp\printer status monitor\smon.exe] => (Allow) C:\program files (x86)\sharp\printer status monitor\smon.exe
FirewallRules: [UDP Query User{ADE3C198-1262-44F4-8660-B3E1796C561F}C:\program files (x86)\sharp\printer status monitor\smon.exe] => (Allow) C:\program files (x86)\sharp\printer status monitor\smon.exe
FirewallRules: [{962E8D21-D0FB-483D-B455-3A5365C3187A}] => (Allow) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EA6DCCB3-C762-4206-8AF5-2263A39761E8}] => (Allow) C:\Users\Steve\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{0480E2BD-1844-4A04-9D85-431AA14BB1D2}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{143B7BC8-D98B-4410-B4F1-806DE84BA70C}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{00523587-F34A-406B-9392-5AD6C70A0A39}C:\program files (x86)\sharp\sharpdesk\ftpserver.exe] => (Allow) C:\program files (x86)\sharp\sharpdesk\ftpserver.exe
FirewallRules: [UDP Query User{AC26DF2C-451D-4E3A-ABC5-34757153AF4D}C:\program files (x86)\sharp\sharpdesk\ftpserver.exe] => (Allow) C:\program files (x86)\sharp\sharpdesk\ftpserver.exe
FirewallRules: [TCP Query User{758B66EB-A5B7-406D-BAD5-876A072D6F83}C:\program files (x86)\sharp\printer status monitor\smon.exe] => (Block) C:\program files (x86)\sharp\printer status monitor\smon.exe
FirewallRules: [UDP Query User{715DB40C-ED90-4496-AFD2-352D3A43884C}C:\program files (x86)\sharp\printer status monitor\smon.exe] => (Block) C:\program files (x86)\sharp\printer status monitor\smon.exe
FirewallRules: [{325704EE-E274-4FC2-966A-01A88F57FEFE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{B4882FDA-1D24-42A8-82D6-AD85F4ACBCF9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F0ED37A7-0FF3-4B45-A2C2-B9DDA0F0CE51}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{596ACEDA-56DB-46E2-9FA3-BCC642AEB819}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{81EC03B0-71D1-4D44-805C-D7CDBB5684D3}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{175C680A-9DD3-40E1-AE62-530467E86B9A}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{54967CA5-4BA8-4D43-8ECD-8EF8599DDFB3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7F3678C6-E40E-49BD-9ACF-5D8C3C4DF446}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D89147C8-E0EF-45EE-B583-A1A71FB9C725}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{91FB41DE-384C-4E82-A941-9BE7AF205766}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{9CEABE98-7018-4AF2-9E24-9034EC1AFA3C}C:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{F7A1A851-EF5B-4983-8085-84308D77F195}C:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\steve\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{BEF44662-B08C-4AA8-8565-B05E34F0813A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC8520D0-66E8-41DB-AD9E-B9C164327AAB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0FB197EC-47C0-4C2E-8F7C-FE6AD6DBC8A1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

03-02-2016 22:48:37 Windows Update
07-02-2016 22:48:01 Windows Update
10-02-2016 22:58:37 Windows Update
14-02-2016 01:42:51 Windows Update

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/15/2016 11:34:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_invagent.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: aeinv.dll, version: 10.0.9896.0, time stamp: 0x547fcaae
Exception code: 0xc0000005
Fault offset: 0x0000000000008797
Faulting process id: 0x270
Faulting application start time: 0xrundll32.exe_invagent.dll0
Faulting application path: rundll32.exe_invagent.dll1
Faulting module path: rundll32.exe_invagent.dll2
Report Id: rundll32.exe_invagent.dll3

Error: (02/15/2016 07:38:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc0000005
Fault offset: 0x00204753
Faulting process id: 0x890
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (02/15/2016 07:37:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc0000005
Fault offset: 0x00204753
Faulting process id: 0x1694
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (02/15/2016 01:19:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_invagent.dll, version: 6.1.7600.16385, time stamp: 0x4a5bc9e0
Faulting module name: aeinv.dll, version: 10.0.9896.0, time stamp: 0x547fcaae
Exception code: 0xc0000005
Fault offset: 0x0000000000008797
Faulting process id: 0x9c0
Faulting application start time: 0xrundll32.exe_invagent.dll0
Faulting application path: rundll32.exe_invagent.dll1
Faulting module path: rundll32.exe_invagent.dll2
Report Id: rundll32.exe_invagent.dll3

Error: (02/14/2016 08:08:01 PM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )
Description: Operation timed out when pinging IP 192.168.1.50.  (0x82150737)

Error: (02/14/2016 08:07:53 PM) (Source: NSSDK.MfpifValidator.1) (EventID: 8226) (User: )
Description: IP 192.168.1.50 cannot be reached on the network.  (0x8215110b)

Error: (02/14/2016 04:09:29 PM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )
Description: Operation timed out when pinging IP 192.168.1.50.  (0x82150737)

Error: (02/14/2016 04:09:21 PM) (Source: NSSDK.MfpifValidator.1) (EventID: 8226) (User: )
Description: IP 192.168.1.50 cannot be reached on the network.  (0x8215110b)

Error: (02/14/2016 11:57:06 AM) (Source: NSSDK.CprMfpif.1) (EventID: 8226) (User: )
Description: Operation timed out when pinging IP 192.168.1.50.  (0x82150737)

Error: (02/14/2016 11:56:59 AM) (Source: NSSDK.MfpifValidator.1) (EventID: 8226) (User: )
Description: IP 192.168.1.50 cannot be reached on the network.  (0x8215110b)


System errors:
=============
Error: (02/14/2016 08:07:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/14/2016 08:06:47 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/14/2016 08:06:27 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "BROWNS         :0" could not be registered on the interface with IP address 10.1.10.56.
The computer with the IP address 10.1.10.181 did not allow the name to be claimed by
this computer.

Error: (02/14/2016 08:02:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/14/2016 04:09:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/14/2016 04:08:14 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (02/14/2016 04:08:00 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "BROWNS         :0" could not be registered on the interface with IP address 10.1.10.56.
The computer with the IP address 10.1.10.181 did not allow the name to be claimed by
this computer.

Error: (02/14/2016 04:06:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/14/2016 11:56:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/14/2016 11:55:51 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz
Percentage of memory in use: 46%
Total physical RAM: 12087.25 MB
Available physical RAM: 6477.11 MB
Total Virtual: 24172.69 MB
Available Virtual: 18835.27 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:463.76 GB) (Free:306.68 GB) NTFS
Drive y: (Share Drive) (Network) (Total:3663.11 GB) (Free:1806.4 GB) NTFS
Drive z: () (Network) (Total:1851.41 GB) (Free:514.06 GB)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 32EB5A72)
Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=463.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Thank You,   Fabar recovery scan tool window still open on my desktop.
I have not clicked anything. Fix button is highlighted darker  than middle two buttons.
I will wait for your instructions.
Chuckles

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #5 on: February 17, 2016, 01:54:27 PM »
Hi Chuckles,

Thank you for the logs you may close FRST program.


Before we start reviewing the logs I must ask if this is a Business machine? If so do you have permission to fix the machine ?
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline chuckles

  • Bronze Member
  • Posts: 95
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #6 on: February 17, 2016, 03:13:19 PM »
I am a Realtor and I have 4 of my own computers in my home office. This computer is used primarily for personal however as a convenience I often log on to real estate related programs.
I am the sole owner of this computer. I do not work for any other company who has any interest in this computer.
Thank you for asking, I came back to you guys because you are so thorough.
Chuckles

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #7 on: February 17, 2016, 04:01:49 PM »
Hi Chuckles,

Thank you for answering my question. The reason we ask is we don't want to work on a machine where we don't have permission to fix it (companies having an IT Department can get funny when an Employee gets someone else to look at there corporate machine) .

Now that's out of the way, Lets start to try and fix your issues.


Step 1

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Press the + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
Code: [Select]
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\MountPoints2: D - D:\setup.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1791241159-1826100194-129798548-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
FF NewTab: hxxp://isearch.shopathome.com/?user_id={38dc78e3-eb58-4c70-81ed-d2cb8c4b4568}
FF Extension: ShopAtHome - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\aqopvbqa.default\Extensions\toolbar@shopathome.com.xpi [2014-12-21] [not signed]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (registryAccess) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\background/registryAccess.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
S4 LMIRfsClientNP; no ImagePath
C:\Users\Steve\AppData\Local\Temp\DefaultPack.EXE
C:\Users\Steve\AppData\Local\Temp\_isC69C.exe
EmptyTemp:
end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on icon and select Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


Step 2

Scan with RogueKiller

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on icon and select Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.
Please include the content of this logfile in your next reply.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline chuckles

  • Bronze Member
  • Posts: 95
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #8 on: February 17, 2016, 10:24:13 PM »
Both results below:


Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Steve (2016-02-17 22:46:16) Run:1
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve (Available Profiles: Steve & fcnadmin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1791241159-1826100194-129798548-1000\...\MountPoints2: D - D:\setup.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-1791241159-1826100194-129798548-1000 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL =
FF NewTab: hxxp://isearch.shopathome.com/?user_id={38dc78e3-eb58-4c70-81ed-d2cb8c4b4568}
FF Extension: ShopAtHome - C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\aqopvbqa.default\Extensions\toolbar@shopathome.com.xpi [2014-12-21] [not signed]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => No File
CHR Plugin: (registryAccess) - C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\background/registryAccess.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Nitro PDF Plug-In) - C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => No File
S4 LMIRfsClientNP; no ImagePath
C:\Users\Steve\AppData\Local\Temp\DefaultPack.EXE
C:\Users\Steve\AppData\Local\Temp\_isC69C.exe
EmptyTemp:
end
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKU\S-1-5-21-1791241159-1826100194-129798548-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-1791241159-1826100194-129798548-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => key removed successfully
HKCR\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => key not found.
Firefox "newtab" removed successfully
C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\aqopvbqa.default\Extensions\toolbar@shopathome.com.xpi => moved successfully
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\pdf.dll => not found.
C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0\background/registryAccess.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => not found.
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll => not found.
C:\Windows\SysWOW64\npDeployJava1.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll => not found.
LMIRfsClientNP => service removed successfully
C:\Users\Steve\AppData\Local\Temp\DefaultPack.EXE => moved successfully
C:\Users\Steve\AppData\Local\Temp\_isC69C.exe => moved successfully

Rogue Killer Results:
RogueKiller V11.0.12.0 [Feb 15 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Steve [Administrator]
Started from : C:\Users\Steve\Desktop\RogueKiller.exe
Mode : Scan -- Date : 02/17/2016 23:14:59

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Applian Technologies -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1791241159-1826100194-129798548-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://finance.search.yahoo.com/search;_ylt=AwrBJR6X2lNTshsAqWeTmYlQ;_ylc=X1MDMTM1MTE5NTAyNwRfcgMyBGJjawM0MHRqNmI1OG5vczRpJTI2YiUzRDQlMjZkJTNESDIwRWJRTnJZSDF3Q1ZhdGN3YmJiZTRWUVZOSlJvQW0wcVY2bWNDNm1kVnlqQS0tJTI2cyUzRGdnBGZyA3VoM19maW5hbmNlX3ZlcnRfZ3MEZ3ByaWQDdmFFa2l2ejlRYTZMUmJsMjFyenQ5QQRtdGVzdGlkA251bGwEbl9yc2x0AzExBG5fc3VnZwMwBG9yaWdpbgNmaW5hbmNlLnNlYXJjaC55YWhvby5jb20EcG9zAzAEcHFzdHIDBHBxc3RybAMEcXN0cmwDMjYEcXVlcnkDYmVzdCBzdG9jayBzcGxpdHMgY2FsZW5kYXIEdF9zdG1wAzEzOTgwMDQzNjc5MDEEdnRlc3RpZANVU0ZJTjAwOQ--?gprid=vaEkivz9Qa6LRbl21rzt9A&pvid=440JRjk4LjFAdmZZUXxwkgOyMjQuMVNT2pf__e9o&p=best+stock+splits+calendar&fr2=sb-top&fr=uh3_finance_vert_gs&type=2button  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1791241159-1826100194-129798548-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://finance.search.yahoo.com/search;_ylt=AwrBJR6X2lNTshsAqWeTmYlQ;_ylc=X1MDMTM1MTE5NTAyNwRfcgMyBGJjawM0MHRqNmI1OG5vczRpJTI2YiUzRDQlMjZkJTNESDIwRWJRTnJZSDF3Q1ZhdGN3YmJiZTRWUVZOSlJvQW0wcVY2bWNDNm1kVnlqQS0tJTI2cyUzRGdnBGZyA3VoM19maW5hbmNlX3ZlcnRfZ3MEZ3ByaWQDdmFFa2l2ejlRYTZMUmJsMjFyenQ5QQRtdGVzdGlkA251bGwEbl9yc2x0AzExBG5fc3VnZwMwBG9yaWdpbgNmaW5hbmNlLnNlYXJjaC55YWhvby5jb20EcG9zAzAEcHFzdHIDBHBxc3RybAMEcXN0cmwDMjYEcXVlcnkDYmVzdCBzdG9jayBzcGxpdHMgY2FsZW5kYXIEdF9zdG1wAzEzOTgwMDQzNjc5MDEEdnRlc3RpZANVU0ZJTjAwOQ--?gprid=vaEkivz9Qa6LRbl21rzt9A&pvid=440JRjk4LjFAdmZZUXxwkgOyMjQuMVNT2pf__e9o&p=best+stock+splits+calendar&fr2=sb-top&fr=uh3_finance_vert_gs&type=2button  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP][Folder] C:\ProgramData\{9C82277D-6D0C-4447-8BB1-4BB7F78D524F} -> Found
[PUP][Folder] C:\Program Files (x86)\Applian Technologies -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] aqopvbqa.default : user_pref("browser.startup.homepage", "http://investing.money.msn.com/investments/calendar/stock-splits?"); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721050CLA662 +++++
--- User ---
[MBR] 12ecea553df45dd7ee8c15aa5b03eb76
[BSP] 63605af66d0c711717ba74f5f557bf26 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 2047 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 4194304 | Size: 474891 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK


Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #9 on: February 18, 2016, 12:00:40 PM »
Hi Chuckles.

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline chuckles

  • Bronze Member
  • Posts: 95
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #10 on: February 18, 2016, 09:50:44 PM »
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f2f53d18674b424ebfebb58d961f6182
# end=init
# utc_time=2016-02-19 12:07:43
# local_time=2016-02-18 07:07:43 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 28200
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=f2f53d18674b424ebfebb58d961f6182
# end=updated
# utc_time=2016-02-19 12:11:02
# local_time=2016-02-18 07:11:02 (-0500, Eastern Standard Time)
# country="United States"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=f2f53d18674b424ebfebb58d961f6182
# engine=28200
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-02-19 02:27:32
# local_time=2016-02-18 09:27:32 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 36040881 149076062 0 0
# scanned=613665
# found=4
# cleaned=0
# scan_time=8190
sh=0E866AD4F46242C642EB759D87B2FBAE770CAE14 ft=1 fh=0deb9e865b8c7d3b vn="a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application" ac=I fn="C:\Users\Steve\AppData\LocalLow\Sun\Java\jre1.7.0_55\java_sp.dll"
sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Steve\Downloads\ccsetup407.exe"
sh=82487B76948FC977CE533F4E4A040DAC9429917A ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows\Downloaded Installations\{D764D5AB-33E4-49F7-A517-5898AB6E5564}\YouSendIt Express.msi"
sh=82487B76948FC977CE533F4E4A040DAC9429917A ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Windows\Installer\5b95a.msi"

Offline chuckles

  • Bronze Member
  • Posts: 95
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #11 on: February 20, 2016, 03:28:56 PM »
Can you tell me what you think is causing the no sound? I just recorded a video on this computer. No audio on this computer, but when I play back the recording on the other computer the sound is there!!!

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #12 on: February 21, 2016, 11:05:26 AM »
Hi,

Sorry for the delay I am having some bad internet connections over this weekend. I hope it fixes itself soon .....

I would start by following this Microsoft Article.

http://windows.microsoft.com/en-gb/windows/tips-fixing-common-sound-problems#tips-fixing-common-sound-problems=windows-7

Can you let me know how this goes and how your machine is running?


Seedy21
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

Offline chuckles

  • Bronze Member
  • Posts: 95
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #13 on: February 21, 2016, 12:48:37 PM »
It's fixed!
I ran it back to the speakers being unplugged.
 
The computer did have a funny boot up where it stayed black screen and said it didn't recognize input.
I shut it off and it started the next time.
I don't have a boot dick for this windows 7 machine. Can you tell me how to make one?
Do you think my machine is now clean of virus?
Thank you.

Offline seedy21

  • Malware Removal Staff
  • Gold Member
  • Posts: 2419
Re: [Resolved] Computer acting funny, Sound not working, suspect virus
« Reply #14 on: February 22, 2016, 02:15:50 PM »
Hi Chuckes

Quote
It's fixed!
I ran it back to the speakers being unplugged.

Excellent news. :t

Quote
I don't have a boot disc for this windows 7 machine. Can you tell me how to make one?

You can make a System Repair disc for Windows 7

* Click Start > Control Panel > System Maintenance > Back-up and Restore
* On the left hand side they will be an option for Create a system repair disc, Click on this and follow the on screen prompts.

Quote
Do you think my machine is now clean of virus?

Correct.

If you have no further problems you can uninstall the tools we have used and follow this advice :-

Remove Tools Used :

Clean up with Delfix
Download "Delfix by Xplode" and save it to your desktop.

   
  • Double Click to start the program
If you are using Vista or higher, please right-click and choose run as administrator
    Make Sure the following items are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
   
Now click on " Run " and wait patiently until the tool have completed.

The tool will create a log when it has completed. We don't need you to post this.

Make Sure Automatic Updates Are Turn On :

Turn On  Automatic Updates

1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them


Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Under Security Level for this Zone make sure that you are set to Medium -High as seen in the image below:-



  • Also verify that Enable Protected Mode is checked

  • Next press the Apply button and then the OK to exit the Internet Properties page.
Finally I would highly advice you to read this topic Best Practices for Safe Computing - Tips to protect yourself against malware infection

If you have any problems you know where we are :)
“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club