1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

[Solved] someone logged into my computer

Discussion in 'Malware Removal Help' started by Tony D, Nov 15, 2015.

  1. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,082
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    This gal got a pop up on the screen saying that she had a trojan. She called the number and let whoever log into her computer. I see that Show_My_PC was installed at that time. Just wanted to make sure nothing malicious was installed. Hoping the experts will evaluate the scan logs. Thank you.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/15/2015
    Scan Time: 7:36:10 AM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.11.15.01
    Rootkit Database: v2015.11.14.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x86
    File System: NTFS
    User: Duerr

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 330559
    Time Elapsed: 17 min, 4 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)

    (end)

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
    Ran by Duerr (administrator) on DUERR-PC (15-11-2015 08:32:19)
    Running from C:\Users\Duerr\Documents\old stuff\Downloads\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop
    Loaded Profiles: Duerr (Available Profiles: Duerr & LogMeInRemoteUser)
    Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    (Lexmark International, Inc.) C:\Windows\System32\LexBceS.exe
    (Lexmark International, Inc.) C:\Windows\System32\Lexpps.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
    (Apple, Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
    (Ralink Technology, Corp.) C:\Program Files\Belkin\F9L1103\v1\Common\RaRegistry.exe
    (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    (Radialpoint Inc.) C:\Program Files\Verizon\VSP\ServicepointService.exe
    (Sophos Limited) C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
    (Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    (Sophos Limited) C:\Program Files\Sophos\Remote Management System\RouterNT.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
    (GlavSoft LLC.) C:\Program Files\ShowMyPCService\tvnserver.exe
    () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    (GlavSoft LLC.) C:\Program Files\ShowMyPCService\tvnserver.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
    HKLM\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files\Sophos\AutoUpdate\almon.exe [1592104 2015-07-31] (Sophos Limited)
    HKLM\...\Run: [tvncontrol] => C:\Program Files\ShowMyPCService\tvnserver.exe [815704 2013-11-13] (GlavSoft LLC.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: ##6.175.84.30#MSUpdates$ - Z:\SPLSOfflineUpdater.exe
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: {6e66b7f0-ded3-11e4-b22b-806e6f6e6963} - F:\ETToolbox\ETToolbox.exe
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: {8499d75e-1bd4-11e4-bdf8-001aa04bed81} - F:\ETToolbox\ETToolbox.exe
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: {be829160-1b28-11e3-80f0-001aa04bed81} - F:\ETToolbox\ETToolbox.exe
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: {e579f860-624d-11e1-9b8d-001aa04bed81} - G:\RunClubSanDisk.exe
    AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-10-26] (Google)
    AppInit_DLLs: , C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-01-13] (Sophos Limited)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2007-07-09]
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2007-07-24] (Apple Inc.)
    Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{B2D04A8D-3D94-483C-ACAF-B66CF5964E73}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{C90A49C5-8371-4F7F-842E-2E54743A0039}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{E6DFAB8B-333B-4268-993F-54808A996962}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070710
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070710
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070710
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.dell.com/support/index.aspx?c=us&l=en&s=gen
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-15] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-15] (Oracle Corporation)
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2008-02-19] ()
    FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-15] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-15] (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files\Verizon\VSP\nprpspa.dll [2011-01-10] (Verizon)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-11] [not signed]

    Chrome:
    =======
    CHR Profile: C:\Users\Duerr\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Duerr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Duerr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-20]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
    R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2008-02-18] (Apple, Inc.) [File not signed]
    R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
    S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
    S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-10-26] (Google)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [143360 2011-05-24] () [File not signed]
    R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [311296 2001-03-27] (Lexmark International, Inc.) [File not signed]
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
    R2 RalinkRegistryWriter; C:\Program Files\Belkin\F9L1103\v1\Common\RaRegistry.exe [374112 2011-11-22] (Ralink Technology, Corp.)
    S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
    R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
    R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-06-20] (Sophos Limited)
    R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-09-26] (Sophos Limited)
    R2 ServicepointService; C:\Program Files\Verizon\VSP\ServicepointService.exe [689464 2011-01-10] (Radialpoint Inc.)
    R2 Sophos Agent; C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe [395560 2015-04-17] (Sophos Limited)
    R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [340264 2015-07-31] (Sophos Limited)
    R2 Sophos Message Router; C:\Program Files\Sophos\Remote Management System\RouterNT.exe [1069864 2015-04-17] (Sophos Limited)
    R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-09-26] (Sophos Limited)
    S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
    R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-01-13] (Sophos Limited)
    S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1487144 2015-01-13] (Sophos Limited)
    R2 tvnserver; C:\Program Files\ShowMyPCService\tvnserver.exe [815704 2013-11-13] (GlavSoft LLC.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
    R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)
    S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
    S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1172544 2011-12-19] (Ralink Technology Corp.)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
    R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
    S3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror.sys [3328 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
    R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [134912 2014-06-20] (Sophos Limited)
    R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
    S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [34560 2014-06-20] (Sophos Limited)
    R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33408 2014-06-20] (Sophos Limited)
    S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [23680 2014-06-20] (Sophos Limited)
    S3 USB_RNDIS_XP; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-11] (Microsoft Corporation)
    S3 XG762_VS; C:\Windows\System32\DRIVERS\WlanGZG.sys [873472 2008-10-28] (Atheros Communications, Inc.)
    S3 ZDCNDIS5; C:\Windows\system32\ZDCNDIS5.SYS [20736 2008-10-28] (ZDC., Inc. (ZDC)) [File not signed]
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 LMIRfsClientNP; no ImagePath
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-15 08:32 - 2015-11-15 08:32 - 00000000 ____D C:\FRST
    2015-11-15 08:20 - 2015-11-15 08:20 - 00000000 ____D C:\Users\Duerr\AppData\Roaming\Oracle
    2015-11-15 08:18 - 2015-11-15 08:18 - 00000000 ____D C:\Users\Duerr\AppData\Roaming\Sun
    2015-11-15 08:18 - 2015-11-15 08:18 - 00000000 ____D C:\Users\Duerr\.oracle_jre_usage
    2015-11-15 08:18 - 2015-11-15 08:18 - 00000000 ____D C:\Program Files\Common Files\Java
    2015-11-15 08:15 - 2015-11-15 08:15 - 00000000 ____D C:\Users\Duerr\AppData\LocalLow\Oracle
    2015-11-15 07:26 - 2015-11-15 07:26 - 00000034 _____ C:\Windows\setupact.log
    2015-11-15 07:26 - 2015-11-15 07:26 - 00000000 _____ C:\Windows\setuperr.log
    2015-11-14 12:40 - 2015-11-14 12:41 - 00000000 ____D C:\Program Files\ShowMyPCService
    2015-11-12 19:01 - 2015-10-17 09:24 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-11-12 18:51 - 2015-10-17 11:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-11-12 18:51 - 2015-10-14 15:22 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-11-12 18:51 - 2015-10-14 11:01 - 03606464 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-11-12 18:51 - 2015-10-14 11:01 - 03554752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-11-12 18:51 - 2015-10-13 09:31 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-11-12 18:51 - 2015-10-13 09:31 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-11-12 18:49 - 2015-10-10 11:02 - 00526272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-11-12 18:45 - 2015-09-26 11:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-11-12 18:45 - 2015-09-26 11:04 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-11-12 18:45 - 2015-09-26 08:21 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2015-11-12 18:45 - 2015-09-22 08:11 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-11-12 12:12 - 2015-10-31 13:40 - 12376576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-11-12 12:12 - 2015-10-31 13:38 - 09727488 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-11-12 12:12 - 2015-10-31 13:38 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-11-12 12:12 - 2015-10-31 13:37 - 01830912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-11-12 12:12 - 2015-10-31 13:36 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-11-12 12:12 - 2015-10-31 13:36 - 01093632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 01088512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00711168 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-11-12 12:12 - 2015-10-31 13:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-11-12 12:12 - 2015-10-31 13:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-15 08:30 - 2015-04-09 13:58 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-11-15 08:30 - 2006-11-02 05:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-11-15 08:27 - 2015-05-20 19:45 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-11-15 08:26 - 2015-05-20 19:45 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2015-11-15 08:26 - 2007-07-09 17:40 - 01104218 _____ C:\Windows\WindowsUpdate.log
    2015-11-15 08:22 - 2013-09-28 15:49 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-11-15 08:22 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-11-15 08:22 - 2006-11-02 07:45 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-11-15 08:22 - 2006-11-02 07:45 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-11-15 08:20 - 2015-05-20 19:56 - 00000000 ____D C:\ProgramData\Oracle
    2015-11-15 08:20 - 2006-11-02 07:58 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-11-15 08:19 - 2015-05-20 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-11-15 08:19 - 2007-07-09 17:50 - 00000000 ____D C:\Program Files\Java
    2015-11-15 08:18 - 2007-08-06 15:03 - 00000000 ____D C:\Users\Duerr
    2015-11-15 08:16 - 2015-05-20 19:58 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-11-15 07:52 - 2015-05-20 19:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-11-15 07:38 - 2013-09-28 15:49 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-11-15 07:34 - 2015-05-19 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-11-15 07:34 - 2015-05-19 11:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-11-15 07:26 - 2014-08-02 21:15 - 00000883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
    2015-11-15 07:26 - 2014-08-02 21:15 - 00000867 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
    2015-11-15 07:26 - 2009-04-28 10:54 - 00000000 ____D C:\ProgramData\LogMeIn
    2015-11-13 10:25 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
    2015-11-13 10:18 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
    2015-11-13 10:08 - 2006-11-02 07:44 - 00367264 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-11-12 19:01 - 2013-07-25 16:37 - 00000000 ____D C:\Windows\system32\MRT
    2015-11-12 18:52 - 2006-11-02 05:24 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-11-10 14:52 - 2015-05-20 19:28 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-11-10 14:52 - 2015-05-20 19:28 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-11-01 19:00 - 2014-09-11 07:23 - 00000530 _____ C:\Windows\Tasks\Weekly Scan.job

    ==================== Files in the root of some directories =======

    2012-01-05 00:30 - 2012-01-05 00:30 - 0000000 _____ () C:\Users\Duerr\AppData\Roaming\wklnhst.dat
    2007-08-12 09:48 - 2013-09-11 12:33 - 0006944 _____ () C:\Users\Duerr\AppData\Local\d3d9caps.dat
    2007-08-06 15:19 - 2009-08-13 10:07 - 0014848 _____ () C:\Users\Duerr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-08-09 10:44 - 2013-08-09 10:44 - 0000057 _____ () C:\ProgramData\Ament.ini
    2009-02-20 18:15 - 2012-12-07 14:31 - 0012180 _____ () C:\ProgramData\hpzinstall.log

    Files to move or delete:
    ====================
    C:\Users\Duerr\GoToAssist_phone__317_en.exe
    C:\Users\Duerr\Verizon_Servicepoint_Setup.exe


    Some files in TEMP:
    ====================
    C:\Users\Duerr\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Duerr\AppData\Local\Temp\jre-8u60-windows-au.exe
    C:\Users\Duerr\AppData\Local\Temp\jre-8u65-windows-au.exe
    C:\Users\Duerr\AppData\Local\Temp\Quarantine.exe
    C:\Users\Duerr\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2015-11-15 08:29

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
    Ran by Duerr (2015-11-15 08:32:57)
    Running from C:\Users\Duerr\Documents\old stuff\Downloads\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop
    Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) (2007-07-09 22:41:05)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2203469928-2316641163-1201929448-500 - Administrator - Disabled)
    Duerr (S-1-5-21-2203469928-2316641163-1201929448-1000 - Administrator - Enabled) => C:\Users\Duerr
    Guest (S-1-5-21-2203469928-2316641163-1201929448-501 - Limited - Disabled)
    LogMeInRemoteUser (S-1-5-21-2203469928-2316641163-1201929448-1002 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
    SophosSAUDUERR-PC0 (S-1-5-21-2203469928-2316641163-1201929448-1003 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
    AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
    Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.16) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
    AOL Install (HKLM\...\{2357B8BC-88C9-4A72-818C-050CC4EB0778}) (Version: 1.0.0 - America Online, Inc)
    Apple Mobile Device Support (HKLM\...\{44734179-8A79-4DEE-BB08-73037F065543}) (Version: 1.1.4.7 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Belkin N750 Dual Band Wireless USB Adapter (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.11.0 - Belkin International, Inc.)
    Bonjour (HKLM\...\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}) (Version: 1.0.104 - Apple Inc.)
    Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
    Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
    Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
    Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
    Dell DataSafe Online (HKLM\...\{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}) (Version: 1.0.15 - Dell, Inc.)
    Dell Support Center (HKLM\...\{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}) (Version: 1.0.07131 - Dell)
    Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)
    DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3075 - Dell)
    Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
    EarthLink Setup Files (HKLM\...\{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}) (Version: 2005.2.178.0.2.2 - EarthLink, Inc.)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)
    Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
    Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
    HP Deskjet 3510 series Basic Device Software (HKLM\...\{9F1F6E90-519F-4217-9A4B-466632D5CCCB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3510 series Help (HKLM\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
    HP Deskjet 3510 series Product Improvement Study (HKLM\...\{1006DA78-79A1-43AD-BEB9-7CDCDAEFD588}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    IHA_MessageCenter (HKLM\...\{BEDF5135-3DDC-4488-BA2C-D94AB4BB8DA2}) (Version: 1.4.7 - Verizon)
    iTunes (HKLM\...\{80FD852F-5AAC-4129-B931-06AAFFA43138}) (Version: 7.6.1.9 - Apple Inc.)
    Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
    LogMeIn (HKLM\...\{7F831576-6246-42C7-B523-55B3F96509CC}) (Version: 4.0.784 - LogMeIn, Inc.)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office XP Professional (HKLM\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)
    MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
    NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
    NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.4 - NVIDIA Corporation)
    NVIDIANetworkDiagnostic (HKLM\...\InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}) (Version: 1.00.0000 - NVIDIA Corporation)
    OpenOffice 4.0.0 (HKLM\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
    PowerDVD (HKLM\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)
    Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
    QuickTime (HKLM\...\{BFD96B89-B769-4CD6-B11E-E79FFD46F067}) (Version: 7.4.1.14 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
    Rosetta Stone Version 3 (HKLM\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
    Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
    Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
    Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
    Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)
    Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
    RPS CRT (Version: 7.0.25 - Verizon) Hidden
    RPS CRT (Version: 8.0.27 - Verizon) Hidden
    Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
    Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
    Sophos Anti-Virus (HKLM\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.15 - Sophos Limited)
    Sophos AutoUpdate (HKLM\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.3.10.27 - Sophos Limited)
    Sophos Remote Management System (HKLM\...\{FED1005D-CBC8-45D5-A288-FFC7BB304121}) (Version: 4.0.2 - Sophos Limited)
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
    Verizon Online DSL (HKLM\...\Verizon Online DSL_is1) (Version: - )
    Verizon Servicepoint 3.7.44 (HKLM\...\RadialpointClientGateway_is1) (Version: 3.7.44 - Verizon)
    Vz In Home Agent (HKLM\...\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}) (Version: 8.03.53 - Verizon)
    Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
    Yahoo! Music Jukebox (HKLM\...\{7C49EA42-5647-4051-84C2-E6404F25A931}) (Version: 2.0.1.041 - Yahoo!)
    ZyXEL G-220v3 Wireless USB Adapter Utility (HKLM\...\{29DFAB41-7D73-4E92-9329-FB1ECBD2EF83}) (Version: 1.00.0000 - ZyXEL)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2203469928-2316641163-1201929448-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)

    ==================== Restore Points =========================

    27-10-2015 23:00:05 Scheduled Checkpoint
    29-10-2015 07:13:36 Scheduled Checkpoint
    30-10-2015 06:01:12 Windows Update
    31-10-2015 11:08:46 Scheduled Checkpoint
    01-11-2015 08:12:28 Scheduled Checkpoint
    02-11-2015 09:55:49 Scheduled Checkpoint
    03-11-2015 07:26:48 Windows Update
    04-11-2015 13:41:31 Scheduled Checkpoint
    05-11-2015 08:15:16 Scheduled Checkpoint
    06-11-2015 00:00:05 Scheduled Checkpoint
    09-11-2015 14:13:17 Scheduled Checkpoint
    10-11-2015 06:38:57 Windows Update
    11-11-2015 08:13:29 Scheduled Checkpoint
    12-11-2015 07:30:43 Scheduled Checkpoint
    12-11-2015 18:45:04 Windows Update
    13-11-2015 11:08:09 Scheduled Checkpoint
    14-11-2015 08:08:30 Scheduled Checkpoint

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2D599A86-C1B9-4A1B-A474-A6C588DEDA72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {38B9FAC5-C204-4E4E-8E72-52D1F04A06FB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-18] (Microsoft Corporation)
    Task: {5742BC14-816C-4643-80D2-BAD5A2ED6308} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {78409C2C-BB33-41D2-8802-8DE5571CDCE1} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2014-08-04] ()
    Task: {8AEDDE77-7B78-4CBC-A6F0-B84E19A80AD3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
    Task: {ABE20E34-7DDC-44D4-B256-327C318CAD3A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
    Task: {C0E26914-9C92-4135-A16F-EA9203E2AC0E} - System32\Tasks\Weekly Scan => C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2014-06-20] (Sophos Limited)
    Task: {D5A76ED1-4089-44E2-91CB-A17D92D10B49} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {D9D1DD23-1C11-428F-A4F1-E03B67C642FF} - System32\Tasks\HP AR Program Upload - 5b34a65bb0b340f7859f2631093fd0bab28a7122f13241a1904c4bce1500140c => C:\Program Files\HP\HP Deskjet 3510 series\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
    Task: {E2184FD9-C86C-4BCC-AC3B-18BED56C423B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\Weekly Scan.job => C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
    2015-04-17 09:37 - 2015-04-17 09:37 - 01276712 _____ () C:\Program Files\Sophos\Remote Management System\ACE.dll
    2015-04-17 09:37 - 2015-04-17 09:37 - 01094440 _____ () C:\Program Files\Sophos\Remote Management System\TAO.dll
    2015-04-17 09:38 - 2015-04-17 09:38 - 00347432 _____ () C:\Program Files\Sophos\Remote Management System\TAO_DynamicAny.dll
    2015-04-17 09:38 - 2015-04-17 09:38 - 00465192 _____ () C:\Program Files\Sophos\Remote Management System\TAO_AnyTypeCode.dll
    2015-04-17 09:37 - 2015-04-17 09:37 - 00087848 _____ () C:\Program Files\Sophos\Remote Management System\TAO_Valuetype.dll
    2015-04-17 09:38 - 2015-04-17 09:38 - 00254248 _____ () C:\Program Files\Sophos\Remote Management System\TAO_SSLIOP.dll
    2015-04-17 09:38 - 2015-04-17 09:38 - 00511784 _____ () C:\Program Files\Sophos\Remote Management System\TAO_PortableServer.dll
    2015-04-17 09:37 - 2015-04-17 09:37 - 00059176 _____ () C:\Program Files\Sophos\Remote Management System\TAO_CodecFactory.dll
    2015-04-17 09:38 - 2015-04-17 09:38 - 00149800 _____ () C:\Program Files\Sophos\Remote Management System\TAO_PI.dll
    2015-04-17 09:37 - 2015-04-17 09:37 - 00832296 _____ () C:\Program Files\Sophos\Remote Management System\TAO_Security.dll
    2015-04-17 09:37 - 2015-04-17 09:37 - 00044840 _____ () C:\Program Files\Sophos\Remote Management System\TAO_Svc_Utils.dll
    2015-04-17 09:38 - 2015-04-17 09:38 - 00075048 _____ () C:\Program Files\Sophos\Remote Management System\ACE_SSL.dll
    2015-04-17 09:38 - 2015-04-17 09:38 - 00069416 _____ () C:\Program Files\Sophos\Remote Management System\TAO_PI_Server.dll
    2015-04-17 09:37 - 2015-04-17 09:37 - 00052520 _____ () C:\Program Files\Sophos\Remote Management System\TAO_Codeset.dll
    2013-09-11 12:14 - 2011-12-07 17:31 - 00303360 _____ () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    2013-09-11 12:14 - 2011-10-25 13:54 - 00372736 _____ () C:\Program Files\NETGEAR\WNA3100\WifiLib.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ServicepointService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Duerr\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NETGEAR WNA3100 Genie.lnk => C:\Windows\pss\NETGEAR WNA3100 Genie.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZyXEL G-220v3 Wireless USB Adapter Utility.lnk => C:\Windows\pss\ZyXEL G-220v3 Wireless USB Adapter Utility.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Duerr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 3510 series (Network).lnk.Startup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    MSCONFIG\startupreg: DellSupport => "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    MSCONFIG\startupreg: ECenter => c:\dell\E-Center\EULALauncher.exe
    MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    MSCONFIG\startupreg: HP Deskjet 3510 series (NET) => "C:\Program Files\HP\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN3661NGNC05Y7:NW" -scfn "HP Deskjet 3510 series (NET)" -AutoStart 1
    MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
    MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: VerizonServicepoint.exe => "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
    FirewallRules: [{56AAF574-B9F1-49BF-AB56-BE36167F1854}] => (Allow) C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe
    FirewallRules: [{499E8B0F-B2F7-4F49-93B8-42A7B7A52EEA}] => (Allow) C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe
    FirewallRules: [{5BD41475-AAF3-4527-8722-C662304A8A45}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{5D2EE697-025F-44F9-8AEB-E940B67BE039}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{745293D8-4932-4DE3-9849-E155E043C656}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{F0E1DD58-A1B1-4E46-A1D7-929F98D21F43}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{A26BFC61-8C8B-4FAD-AD2C-93FEBF682C2E}] => (Allow) support inRosettaStoneLtdServices.exe
    FirewallRules: [{E9CB1A84-B56A-443C-B521-9A14C7E79A77}] => (Allow) RosettaStoneVersion3.exe
    FirewallRules: [{839FF61E-2B4E-4A1C-ADDE-13C5DD68A9C9}] => (Allow) support inRosettaStoneLtdServices.exe
    FirewallRules: [{ED6DD53D-DE15-4E3E-BCEC-1C737807791F}] => (Allow) RosettaStoneVersion3.exe
    FirewallRules: [{E1468CEA-B25E-4678-920A-257A05A05CCD}] => (Allow) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    FirewallRules: [{92A286AB-F855-4C24-8134-BDF2764642A6}] => (Allow) C:\Program Files\Verizon\VSP\ServicepointService.exe
    FirewallRules: [{6BAAFDE7-1CBD-4D65-ACE3-F2DC4A10FD2C}] => (Allow) C:\Program Files\Verizon\VSP\ServicepointService.exe
    FirewallRules: [{386D922B-4E93-434B-BCB9-03C6192C32F0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{07CEB1CE-0B9B-494A-8693-D77189B65970}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{BC6C022F-7273-407C-908F-BFC7F05541B7}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{9F7C921D-6437-4964-BB14-C4FBEE560A37}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{ECF2F264-7518-498B-9F8D-1BCB1FC1864A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{C5CB6E43-E0E2-437D-878D-D89D98D6EF6D}] => (Allow) C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe
    FirewallRules: [{838D59F8-001D-427E-A6E4-F1420A25A42D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
    FirewallRules: [{12510911-BE2B-4D04-B753-E2D020AC29D1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe
    FirewallRules: [{4FEDA9BB-A460-4715-9BE3-D27BB5918248}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{644979DB-4D77-4C1B-847B-7F88E094946C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
    FirewallRules: [{97537A29-3F98-4C5A-A502-A4ED80EABA32}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{94544750-6596-4DA5-ADF6-7F0EA57E4743}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{C82E90F0-E2D6-4705-A2B8-08BABF09F60E}] => (Allow) LPort=50000
    FirewallRules: [{FB28A1C2-F880-48AC-82A4-DCBF986132D2}] => (Allow) LPort=50000
    FirewallRules: [{3BCB5CD2-36D2-478E-BB88-63D6FB084F22}] => (Allow) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
    FirewallRules: [{DADEC7C0-EB95-477D-AF18-13C231AFD763}] => (Allow) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe
    FirewallRules: [{2C10F6EE-71E8-4254-8CBA-7E3904882DB8}] => (Allow) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
    FirewallRules: [{D5D4B3E3-A10C-4A91-B53E-4ACCC7A254CA}] => (Allow) C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe
    FirewallRules: [{2B4E6BF4-E800-40FE-8796-B193FAABDF2F}] => (Allow) LPort=50001
    FirewallRules: [{1498D605-3BD6-4040-8D30-362A9146ECC5}] => (Allow) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    FirewallRules: [{86F97FF6-3D11-42D7-9604-DA5B219BF1E2}] => (Allow) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    FirewallRules: [{02878690-0653-4F01-9FF6-B6633B0CD2CF}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
    FirewallRules: [{E97ED5F0-50F8-4C0D-9580-63BC9F92F71F}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{736454EB-332C-4E21-BBA8-C04CBA61688C}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [TCP Query User{50D677FF-B229-4B98-86C9-1F88F5340FEF}C:\windows\system32\msiexec.exe] => (Allow) C:\windows\system32\msiexec.exe
    FirewallRules: [UDP Query User{64903731-BE40-4A78-923C-C51B9A623B6C}C:\windows\system32\msiexec.exe] => (Allow) C:\windows\system32\msiexec.exe
    FirewallRules: [{24C32E73-77B9-4F15-B967-7EC32124B202}] => (Allow) LPort=80
    FirewallRules: [{07DA3A44-1285-4D30-A6C8-4C4E345DA0A6}] => (Allow) LPort=80
    FirewallRules: [{F35EA2B6-4B05-4C96-AD63-6AC8E1DCB1FC}] => (Allow) LPort=80
    FirewallRules: [{482F422A-3296-4856-A179-CD3DFE887367}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{4A0BF898-D69C-4F57-A1AF-24E911842716}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{8FAFC2F3-D105-4E2F-B1C6-4A749846F6C2}] => (Allow) C:\Users\Duerr\AppData\Local\Temp\ShowMyPC\-Show_My_Pc\SMPCSetup.exe
    FirewallRules: [{5617B272-7D40-4E20-8C3F-69BFF39306CA}] => (Allow) C:\Users\Duerr\AppData\Local\Temp\ShowMyPC\-Show_My_Pc\tvnserver.exe
    FirewallRules: [{071D7653-4E35-4B14-A08C-4EABEA2B2E20}] => (Allow) C:\Users\Duerr\AppData\Local\Temp\ShowMyPC\-Show_My_Pc\smwinvnc.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/12/2015 07:01:01 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

    Error: (11/12/2015 07:01:00 PM) (Source: Perflib) (EventID: 1010) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

    Error: (11/10/2015 03:41:37 PM) (Source: Sophos Message Router) (EventID: 8006) (User: NT AUTHORITY)
    Description: The network identity (also known as the Interoperable Object Reference or IOR) of the local computer is invalid.%%3

    Error: (11/10/2015 03:41:37 PM) (Source: Sophos Message Router) (EventID: 8005) (User: NT AUTHORITY)
    Description: DNS lookup failure trying to resolve the following addresses: ec04-mr09,ec04-mr09.oneviewonline.com.%%3

    Error: (10/15/2015 09:29:49 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

    Error: (10/15/2015 09:29:49 PM) (Source: Perflib) (EventID: 1010) (User: )
    Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

    Error: (10/03/2015 07:50:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program WinMail.exe version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
    Process ID: 1360
    Start Time: 01d0fdd9dbb24760
    Termination Time: 0

    Error: (09/22/2015 07:21:18 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application QuickTimePlayer.exe, version 7.4.1.14, time stamp 0x47a28143, faulting module QuickTimePlayer.exe, version 7.4.1.14, time stamp 0x47a28143, exception code 0xc0000409, fault offset 0x0000130d,
    process id 0x43364, application start time 0xQuickTimePlayer.exe0.

    Error: (09/22/2015 07:20:59 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application QuickTimePlayer.exe, version 7.4.1.14, time stamp 0x47a28143, faulting module QuickTimePlayer.exe, version 7.4.1.14, time stamp 0x47a28143, exception code 0xc0000409, fault offset 0x0000130d,
    process id 0x4336c, application start time 0xQuickTimePlayer.exe0.

    Error: (09/14/2015 04:42:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application QuickTimePlayer.exe, version 7.4.1.14, time stamp 0x47a28143, faulting module QuickTimePlayer.exe, version 7.4.1.14, time stamp 0x47a28143, exception code 0xc0000409, fault offset 0x0000130d,
    process id 0x3f468, application start time 0xQuickTimePlayer.exe0.


    System errors:
    =============
    Error: (11/15/2015 08:32:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: IHA_MessageCenter1

    Error: (11/15/2015 08:26:44 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Windows Search%%1053

    Error: (11/15/2015 08:26:44 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: 30000Windows Search

    Error: (11/15/2015 08:26:43 AM) (Source: DCOM) (EventID: 10005) (User: )
    Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

    Error: (11/15/2015 08:23:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: Pml Driver HPZ12%%126

    Error: (11/15/2015 08:23:17 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: Net Driver HPZ12%%126

    Error: (11/15/2015 08:23:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: Parallel port driver%%1058

    Error: (11/15/2015 08:21:59 AM) (Source: volmgr) (EventID: 46) (User: )
    Description: Crash dump initialization failed!

    Error: (11/15/2015 08:21:53 AM) (Source: volmgr) (EventID: 46) (User: )
    Description: Crash dump initialization failed!

    Error: (11/15/2015 07:35:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: IHA_MessageCenter1


    CodeIntegrity:
    ===================================
    Date: 2015-11-15 08:32:29.525
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-15 08:32:28.994
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-15 08:32:28.448
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-15 08:32:27.887
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-15 07:53:14.364
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\savonaccess.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-15 07:53:13.755
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\savonaccess.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-15 07:53:13.163
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\savonaccess.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-15 07:53:12.539
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\savonaccess.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-15 07:53:11.837
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\savonaccess.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-15 07:53:11.197
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\savonaccess.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
    Percentage of memory in use: 34%
    Total physical RAM: 3517.57 MB
    Available physical RAM: 2312.89 MB
    Total Virtual: 7265.63 MB
    Available Virtual: 6238.93 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:77.38 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.57 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 10000000)
    Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)
    Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
    Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    # AdwCleaner v5.021 - Logfile created 15/11/2015 at 08:51:03
    # Updated 14/11/2015 by Xplode
    # Database : 2015-11-13.3 [Server]
    # Operating system : Windows Vista (TM) Home Basic Service Pack 2 (x86)
    # Username : Duerr - DUERR-PC
    # Running from : C:\Users\Duerr\Documents\old stuff\Downloads\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\AdwCleaner.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files\ShowMyPCService
    [-] Folder Deleted : C:\Users\Duerr\AppData\Roaming\Yahoo!\Companion

    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
    [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
    [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\myway.com
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com

    ***** [ Web browsers ] *****

    [-] [C:\Users\Duerr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
    [-] [C:\Users\Duerr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1753 bytes] ##########
     
  2. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    What a strange location to run the tools from ??

    Does this user actually use: LogMeIn
    and did they set up this account themselves: LogMeInRemoteUser (S-1-5-21-2203469928-2316641163-1201929448-1002 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

    A common mistake this..... FRST was run before AdwCleaner.
    So some entries showing in FRST won't actually be there now.

    Can you let me have a fresh set of FRST reports.

    Please re-run FRST.
    • Make sure that Addition.txt is selected at the bottom
    • Press Scan button.

      1b8c7ec40ba5fc57455a82d8388da693.png
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • It will also make another log (Addition.txt). Please copy and paste it to your reply also.


    In your next reply, please submit:
    new FRST reports
    and let me know about LogMeIn.


    Thanks.
     
  3. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,082
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    I hear ya on the desktop location. Someone had this before me and apparently moved files from another computer. It's working, I'n not gonna mess with it.

    On the LogMeIn, she may be using it. Saying because it wasn't recently installed. I'll find out for sure.

    I'll be back with a fresh FRST scan shortly.
     
  4. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,082
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Here's the new one.

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-11-2015
    Ran by Duerr (administrator) on DUERR-PC (15-11-2015 13:22:13)
    Running from C:\Users\Duerr\Documents\old stuff\Downloads\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop
    Loaded Profiles: Duerr (Available Profiles: Duerr & LogMeInRemoteUser)
    Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
    (Lexmark International, Inc.) C:\Windows\System32\LexBceS.exe
    (Lexmark International, Inc.) C:\Windows\System32\Lexpps.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
    (Apple, Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    () C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    (LogMeIn, Inc.) C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
    (Ralink Technology, Corp.) C:\Program Files\Belkin\F9L1103\v1\Common\RaRegistry.exe
    (Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
    (Radialpoint Inc.) C:\Program Files\Verizon\VSP\ServicepointService.exe
    (Sophos Limited) C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
    (Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
    (Sophos Limited) C:\Program Files\Sophos\Remote Management System\RouterNT.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
    (Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
    () C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe
    (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
    (Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
    (Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
    HKLM\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files\Sophos\AutoUpdate\almon.exe [1592104 2015-07-31] (Sophos Limited)
    HKLM\...\Run: [tvncontrol] => "C:\Program Files\ShowMyPCService\tvnserver.exe" -controlservice -slave
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: ##6.175.84.30#MSUpdates$ - Z:\SPLSOfflineUpdater.exe
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: {6e66b7f0-ded3-11e4-b22b-806e6f6e6963} - F:\ETToolbox\ETToolbox.exe
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: {8499d75e-1bd4-11e4-bdf8-001aa04bed81} - F:\ETToolbox\ETToolbox.exe
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: {be829160-1b28-11e3-80f0-001aa04bed81} - F:\ETToolbox\ETToolbox.exe
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: {e579f860-624d-11e1-9b8d-001aa04bed81} - G:\RunClubSanDisk.exe
    AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-10-26] (Google)
    AppInit_DLLs: , C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-01-13] (Sophos Limited)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2007-07-09]
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [147456 2007-07-24] (Apple Inc.)
    Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Winsock: Catalog9 63 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2015-04-17] (Sophos Limited)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{B2D04A8D-3D94-483C-ACAF-B66CF5964E73}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{C90A49C5-8371-4F7F-842E-2E54743A0039}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{E6DFAB8B-333B-4268-993F-54808A996962}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070710
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070710
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3070710
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://support.dell.com/support/index.aspx?c=us&l=en&s=gen
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-11-15] (Oracle Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-15] (Oracle Corporation)
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2006-06-05] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2008-02-19] ()
    FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-15] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-15] (Oracle Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
    FF Plugin: @radialpoint.com/SPA,version=1 -> C:\Program Files\Verizon\VSP\nprpspa.dll [2011-01-10] (Verizon)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-03-11] [not signed]

    Chrome:
    =======
    CHR Profile: C:\Users\Duerr\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Duerr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Duerr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-20]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
    R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2008-02-18] (Apple, Inc.) [File not signed]
    R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
    S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () [File not signed]
    S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-10-26] (Google)
    S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [143360 2011-05-24] () [File not signed]
    R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [311296 2001-03-27] (Lexmark International, Inc.) [File not signed]
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
    R2 RalinkRegistryWriter; C:\Program Files\Belkin\F9L1103\v1\Common\RaRegistry.exe [374112 2011-11-22] (Ralink Technology, Corp.)
    S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]
    R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]
    R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-06-20] (Sophos Limited)
    R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-09-26] (Sophos Limited)
    R2 ServicepointService; C:\Program Files\Verizon\VSP\ServicepointService.exe [689464 2011-01-10] (Radialpoint Inc.)
    R2 Sophos Agent; C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe [395560 2015-04-17] (Sophos Limited)
    R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [340264 2015-07-31] (Sophos Limited)
    R2 Sophos Message Router; C:\Program Files\Sophos\Remote Management System\RouterNT.exe [1069864 2015-04-17] (Sophos Limited)
    R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-09-26] (Sophos Limited)
    S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
    R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-01-13] (Sophos Limited)
    S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1487144 2015-01-13] (Sophos Limited)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)
    R2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
    S2 tvnserver; "C:\Program Files\ShowMyPCService\tvnserver.exe" -service [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [1074944 2011-12-12] (Broadcom Corporation)
    S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
    S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1172544 2011-12-19] (Ralink Technology Corp.)
    S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [50704 2010-02-03] (CACE Technologies, Inc.)
    R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
    S3 rcmirror; C:\Windows\System32\DRIVERS\rcmirror.sys [3328 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
    R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [134912 2014-06-20] (Sophos Limited)
    R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows (R) Codename Longhorn DDK provider)
    S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [34560 2014-06-20] (Sophos Limited)
    R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33408 2014-06-20] (Sophos Limited)
    S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [23680 2014-06-20] (Sophos Limited)
    S3 USB_RNDIS_XP; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2013-02-11] (Microsoft Corporation)
    S3 XG762_VS; C:\Windows\System32\DRIVERS\WlanGZG.sys [873472 2008-10-28] (Atheros Communications, Inc.)
    S3 ZDCNDIS5; C:\Windows\system32\ZDCNDIS5.SYS [20736 2008-10-28] (ZDC., Inc. (ZDC)) [File not signed]
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 LMIRfsClientNP; no ImagePath
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-15 08:32 - 2015-11-15 13:22 - 00000000 ____D C:\FRST
    2015-11-15 08:20 - 2015-11-15 08:20 - 00000000 ____D C:\Users\Duerr\AppData\Roaming\Oracle
    2015-11-15 08:18 - 2015-11-15 08:18 - 00000000 ____D C:\Users\Duerr\AppData\Roaming\Sun
    2015-11-15 08:18 - 2015-11-15 08:18 - 00000000 ____D C:\Users\Duerr\.oracle_jre_usage
    2015-11-15 08:18 - 2015-11-15 08:18 - 00000000 ____D C:\Program Files\Common Files\Java
    2015-11-15 08:15 - 2015-11-15 08:15 - 00000000 ____D C:\Users\Duerr\AppData\LocalLow\Oracle
    2015-11-15 07:26 - 2015-11-15 07:26 - 00000034 _____ C:\Windows\setupact.log
    2015-11-15 07:26 - 2015-11-15 07:26 - 00000000 _____ C:\Windows\setuperr.log
    2015-11-12 19:01 - 2015-10-17 09:24 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-11-12 18:51 - 2015-10-17 11:01 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-11-12 18:51 - 2015-10-14 15:22 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-11-12 18:51 - 2015-10-14 11:01 - 03606464 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-11-12 18:51 - 2015-10-14 11:01 - 03554752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-11-12 18:51 - 2015-10-13 09:31 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2015-11-12 18:51 - 2015-10-13 09:31 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2015-11-12 18:49 - 2015-10-10 11:02 - 00526272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2015-11-12 18:45 - 2015-09-26 11:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-11-12 18:45 - 2015-09-26 11:04 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-11-12 18:45 - 2015-09-26 08:21 - 00274432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2015-11-12 18:45 - 2015-09-22 08:11 - 00440768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-11-12 12:12 - 2015-10-31 13:40 - 12376576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-11-12 12:12 - 2015-10-31 13:38 - 09727488 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-11-12 12:12 - 2015-10-31 13:38 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-11-12 12:12 - 2015-10-31 13:37 - 01830912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-11-12 12:12 - 2015-10-31 13:36 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-11-12 12:12 - 2015-10-31 13:36 - 01093632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 01088512 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00711168 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-11-12 12:12 - 2015-10-31 13:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2015-11-12 12:12 - 2015-10-31 13:36 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2015-11-12 12:12 - 2015-10-31 13:36 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-15 13:19 - 2007-07-09 17:40 - 01111174 _____ C:\Windows\WindowsUpdate.log
    2015-11-15 13:15 - 2013-09-28 15:49 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-11-15 13:15 - 2006-11-02 07:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-11-15 13:15 - 2006-11-02 07:45 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-11-15 13:15 - 2006-11-02 07:45 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-11-15 11:03 - 2006-11-02 07:58 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2015-11-15 10:52 - 2015-05-20 19:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-11-15 10:38 - 2013-09-28 15:49 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-11-15 08:59 - 2006-11-02 05:33 - 00758370 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-11-15 08:58 - 2015-04-09 13:58 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-11-15 08:51 - 2015-05-19 11:55 - 00000000 ____D C:\AdwCleaner
    2015-11-15 08:51 - 2011-06-15 17:08 - 00000000 ____D C:\Users\Duerr\AppData\Roaming\Yahoo!
    2015-11-15 08:27 - 2015-05-20 19:45 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2015-11-15 08:26 - 2015-05-20 19:45 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2015-11-15 08:20 - 2015-05-20 19:56 - 00000000 ____D C:\ProgramData\Oracle
    2015-11-15 08:19 - 2015-05-20 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-11-15 08:19 - 2007-07-09 17:50 - 00000000 ____D C:\Program Files\Java
    2015-11-15 08:18 - 2007-08-06 15:03 - 00000000 ____D C:\Users\Duerr
    2015-11-15 08:16 - 2015-05-20 19:58 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-11-15 07:34 - 2015-05-19 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-11-15 07:34 - 2015-05-19 11:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
    2015-11-15 07:26 - 2014-08-02 21:15 - 00000883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
    2015-11-15 07:26 - 2014-08-02 21:15 - 00000867 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
    2015-11-15 07:26 - 2009-04-28 10:54 - 00000000 ____D C:\ProgramData\LogMeIn
    2015-11-13 10:25 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\rescache
    2015-11-13 10:18 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
    2015-11-13 10:08 - 2006-11-02 07:44 - 00367264 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-11-12 19:01 - 2013-07-25 16:37 - 00000000 ____D C:\Windows\system32\MRT
    2015-11-12 18:52 - 2006-11-02 05:24 - 143250520 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2015-11-10 14:52 - 2015-05-20 19:28 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-11-10 14:52 - 2015-05-20 19:28 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-11-01 19:00 - 2014-09-11 07:23 - 00000530 _____ C:\Windows\Tasks\Weekly Scan.job

    ==================== Files in the root of some directories =======

    2012-01-05 00:30 - 2012-01-05 00:30 - 0000000 _____ () C:\Users\Duerr\AppData\Roaming\wklnhst.dat
    2007-08-12 09:48 - 2013-09-11 12:33 - 0006944 _____ () C:\Users\Duerr\AppData\Local\d3d9caps.dat
    2007-08-06 15:19 - 2009-08-13 10:07 - 0014848 _____ () C:\Users\Duerr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-08-09 10:44 - 2013-08-09 10:44 - 0000057 _____ () C:\ProgramData\Ament.ini
    2009-02-20 18:15 - 2012-12-07 14:31 - 0012180 _____ () C:\ProgramData\hpzinstall.log

    Files to move or delete:
    ====================
    C:\Users\Duerr\GoToAssist_phone__317_en.exe
    C:\Users\Duerr\Verizon_Servicepoint_Setup.exe


    Some files in TEMP:
    ====================
    C:\Users\Duerr\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Duerr\AppData\Local\Temp\jre-8u60-windows-au.exe
    C:\Users\Duerr\AppData\Local\Temp\jre-8u65-windows-au.exe
    C:\Users\Duerr\AppData\Local\Temp\Quarantine.exe
    C:\Users\Duerr\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-11-15 13:21

    ==================== End of FRST.txt ============================
     
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    Ok, that's fine.

    Step 1
    This is not the way to stop WD from running....as you can see from this:
    What you need to do is to re-enable it again from MsConfig and then:

    • Click Start >> Control Panel >> Windows Defender or launch from the system tray icon.
    • Click on Tools & Settings >> Options.
    • Under Real-time protection options, uncheck the "Real-time protection" check box.
    • Click Save.
    • Go to Start >> Control Panel >> Security >> Windows Defender, at the bottom of the Window Defenders page uncheck under Administrator Options "use Windows Defender" and then Save.


      Step 2
      Please download the attached fixlist.txt file (bottom of this post) and save it to : C:\Users\Duerr\Documents\old stuff\Downloads\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop
      NOTE.
      It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

      NOTICE: This script was written specifically for this user, for use on that particular machine.
      Running this on another machine may cause damage to your operating system


      Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

      2cf1672fdd2151dad6f349c704143429.png

      The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


      Step 3
      As a double check.........

      I'd like you to do an ESET OnlineScan

      You may find it beneficial to close your resident AV program before running the scan.

      It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
      To prevent this happening:
      When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

      Enable Anti-Stealth technology

      9be2a7734ccc4d2fa4b41730731e62da.png
      • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
        ESET OnlineScan
      • Click the [​IMG] button.
      • If asked, allow the activex control to install
      • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
        • Click on 055deec288d25013a021ebee13325559.png to download the ESET Smart Installer.
          Save it to your desktop.
        • Double click on the [​IMG] icon on your desktop.
      • Check [​IMG]
      • Click the 4cb888989b2b46a17d2069242390cd99.png button.
      • Accept any security warnings from your browser.
      • Check [​IMG]
      • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
      • Click the Start button.
      • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      • When the scan completes, push [​IMG]
      • Click [​IMG], and save the file to your desktop using a unique name, such as ESETScan.
        Include the contents of this report in your next reply.
      • Click the [​IMG] button.
      • Click 07074901bf17a603c2cb1ea31965e1aa.png
      A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


      In your next reply, please submit:
      Fixlog.txt
      Eset scan report if anything is found.


      Thanks.
     

    Attached Files:

  6. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,082
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Hello again Starbuck,

    The ESET report was clean - nothing found. She used to use LogMeIn but no longer does. I'll uninstall that program.

    Here's the FRST fixlog.

    Fix result of Farbar Recovery Scan Tool (x86) Version:07-11-2015
    Ran by Duerr (2015-11-15 15:20:53) Run:1
    Running from C:\Users\Duerr\Documents\old stuff\Downloads\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop
    Loaded Profiles: Duerr (Available Profiles: Duerr & LogMeInRemoteUser)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    HKLM\...\Run: [tvncontrol] => "C:\Program Files\ShowMyPCService\tvnserver.exe" -controlservice -slave
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: ##6.175.84.30#MSUpdates$ - Z:\SPLSOfflineUpdater.exe
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: {6e66b7f0-ded3-11e4-b22b-806e6f6e6963} - F:\ETToolbox\ETToolbox.exe
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: {8499d75e-1bd4-11e4-bdf8-001aa04bed81} - F:\ETToolbox\ETToolbox.exe
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: {be829160-1b28-11e3-80f0-001aa04bed81} - F:\ETToolbox\ETToolbox.exe
    HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\...\MountPoints2: {e579f860-624d-11e1-9b8d-001aa04bed81} - G:\RunClubSanDisk.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
    S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
    S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
    S2 tvnserver; "C:\Program Files\ShowMyPCService\tvnserver.exe" -service [X]
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 LMIRfsClientNP; no ImagePath
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    C:\Users\Duerr\GoToAssist_phone__317_en.exe
    C:\Users\Duerr\Verizon_Servicepoint_Setup.exe
    C:\Users\Duerr\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Duerr\AppData\Local\Temp\jre-8u60-windows-au.exe
    C:\Users\Duerr\AppData\Local\Temp\jre-8u65-windows-au.exe
    C:\Users\Duerr\AppData\Local\Temp\Quarantine.exe
    C:\Users\Duerr\AppData\Local\Temp\sqlite3.dll
    Task: {78409C2C-BB33-41D2-8802-8DE5571CDCE1} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk [2014-08-04] ()
    FirewallRules: [{E1468CEA-B25E-4678-920A-257A05A05CCD}] => (Allow) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    FirewallRules: [{8FAFC2F3-D105-4E2F-B1C6-4A749846F6C2}] => (Allow) C:\Users\Duerr\AppData\Local\Temp\ShowMyPC\-Show_My_Pc\SMPCSetup.exe
    FirewallRules: [{5617B272-7D40-4E20-8C3F-69BFF39306CA}] => (Allow) C:\Users\Duerr\AppData\Local\Temp\ShowMyPC\-Show_My_Pc\tvnserver.exe
    FirewallRules: [{071D7653-4E35-4B14-A08C-4EABEA2B2E20}] => (Allow) C:\Users\Duerr\AppData\Local\Temp\ShowMyPC\-Show_My_Pc\smwinvnc.exe
    C:\Program Files\ShowMyPCService
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    *****************

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\tvncontrol => value removed successfully.
    "HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##6.175.84.30#MSUpdates$" => key removed successfully.
    "HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e66b7f0-ded3-11e4-b22b-806e6f6e6963}" => key removed successfully.
    HKCR\CLSID\{6e66b7f0-ded3-11e4-b22b-806e6f6e6963} => key not found.
    "HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8499d75e-1bd4-11e4-bdf8-001aa04bed81}" => key removed successfully.
    HKCR\CLSID\{8499d75e-1bd4-11e4-bdf8-001aa04bed81} => key not found.
    "HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be829160-1b28-11e3-80f0-001aa04bed81}" => key removed successfully.
    HKCR\CLSID\{be829160-1b28-11e3-80f0-001aa04bed81} => key not found.
    "HKU\S-1-5-21-2203469928-2316641163-1201929448-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e579f860-624d-11e1-9b8d-001aa04bed81}" => key removed successfully.
    HKCR\CLSID\{e579f860-624d-11e1-9b8d-001aa04bed81} => key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
    HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully.
    HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found.
    Net Driver HPZ12 => service removed successfully.
    Pml Driver HPZ12 => service removed successfully.
    tvnserver => service removed successfully.
    blbdrive => service removed successfully.
    IpInIp => service removed successfully.
    LMIRfsClientNP => service removed successfully.
    NwlnkFlt => service removed successfully.
    NwlnkFwd => service removed successfully.
    C:\Users\Duerr\GoToAssist_phone__317_en.exe => moved successfully
    C:\Users\Duerr\Verizon_Servicepoint_Setup.exe => moved successfully
    C:\Users\Duerr\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\Duerr\AppData\Local\Temp\jre-8u60-windows-au.exe => moved successfully
    C:\Users\Duerr\AppData\Local\Temp\jre-8u65-windows-au.exe => moved successfully
    C:\Users\Duerr\AppData\Local\Temp\Quarantine.exe => moved successfully
    C:\Users\Duerr\AppData\Local\Temp\sqlite3.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78409C2C-BB33-41D2-8802-8DE5571CDCE1}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78409C2C-BB33-41D2-8802-8DE5571CDCE1}" => key removed successfully.
    C:\Windows\System32\Tasks\iolo System Checkup => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iolo System Checkup" => key removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1468CEA-B25E-4678-920A-257A05A05CCD} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8FAFC2F3-D105-4E2F-B1C6-4A749846F6C2} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5617B272-7D40-4E20-8C3F-69BFF39306CA} => value removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{071D7653-4E35-4B14-A08C-4EABEA2B2E20} => value removed successfully.
    "C:\Program Files\ShowMyPCService" => not found.

    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    EmptyTemp: => 1.2 GB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 15:27:06 ====
     
  7. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Hi Tony,

    That's good then.

    I'd also remove the Logmein account as well. (LogMeInRemoteUser)

    FRST fix results look good.

    Don't forget to remove AdwCleaner and FRST. :)
     
  8. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,082
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    You're the best!!!!! Appreciate all you do here. Must be getting late in the UK. Get some rest.
     

Share This Page