Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUM's, Win32/Spy.Zbot.YW and Adobe Reader update issues.


  • This topic is locked This topic is locked
20 replies to this topic

#1 Tiggy65

Tiggy65

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 October 2014 - 11:41 AM

Hi Gary! Thanks for helping me! B)

 

I bought Anti-Malwarebytes recently and installed on all computers in my home, after a scare when trying to repair someone else's laptop! It found several PUM's, cleaned it up but then I ran several other types of scans to be sure nothing lingered. Finally, Eset online security found Spy.Zbot.YW, Eset & took care of it.  But did it really?  I need to be sure.  Also, I want to confirm my home network and connection are safe from hacking, & if settings are tight. My husband works from home with thousands of customers in a database; he is on same network, different PC.  I am having issues updating Adobe Reader.  I also tried to download the free version of Avast for virus protection, I clicked to download and immediately see a BSOD, this was 3 days ago.  I have Malwarebytes Anti-Exploit and Premium Anti-Malware, Windows Defender.  I switched to Defender after reading some issues with MSE. Now receiving alerts to install a Virus software.  All of the above has been within the last several days.  The Spy.Bot.YW was attached to a software program I downloaded months ago.  PC, runs very good before any scans - removals and still now.

 

I have all the scan logs, I cannot even see my desktop from all the downloads and scan logs, - elevated paranoia.  :blink:



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 10 October 2014 - 11:51 AM

Hi Robyn and welcome again. :)

Let's start with the normal scans. Please do this for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 October 2014 - 12:11 PM

Hi!  Here we go.... Please be easy on me. lol

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-10-2014 01
Ran by Robyn (administrator) on SOPHIE on 10-10-2014 13:03:59
Running from C:\Users\Robyn\Desktop
Loaded Profile: Robyn (Available profiles: Robyn & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\SAgent4.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2014-02-21] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2014-02-21] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-807050525-432628958-1299976767-1000\...\Run: [SkyDrive] => C:\Users\Robyn\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [251040 2014-07-31] (Microsoft Corporation)
HKU\S-1-5-21-807050525-432628958-1299976767-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7767832 2014-10-01] (SUPERAntiSpyware)
HKU\S-1-5-21-807050525-432628958-1299976767-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-807050525-432628958-1299976767-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Robyn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-807050525-432628958-1299976767-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDB69344096E1CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Robyn\AppData\Roaming\Mozilla\Firefox\Profiles\sw7kmq93.default-1412482648863
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-11-08]

Chrome:
=======
CHR Profile: C:\Users\Robyn\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-10-05] (SurfRight B.V.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 StatusAgent4; C:\Windows\SysWOW64\SAgent4.exe [131072 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63000 2014-08-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-13] ()
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [126464 2013-05-16] (Razer Inc) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 13:03 - 2014-10-10 13:03 - 00051062 _____ () C:\Users\Robyn\Desktop\Summary.zip
2014-10-10 13:02 - 2014-10-10 13:02 - 01061200 _____ () C:\Users\Robyn\Desktop\Summary.nfo
2014-10-10 12:52 - 2014-10-10 12:52 - 02109952 _____ (Farbar) C:\Users\Robyn\Desktop\FRST64.exe
2014-10-09 22:57 - 2014-10-09 22:57 - 02947139 _____ () C:\Users\Robyn\Downloads\O15CTRRemove.diagcab
2014-10-09 19:34 - 2014-10-09 19:34 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Robyn\Downloads\revosetup.exe
2014-10-09 12:59 - 2014-10-09 12:59 - 00000000 ____D () C:\Windows\Intuit
2014-10-09 10:12 - 2014-10-09 10:12 - 01121208 _____ () C:\Users\Robyn\Downloads\ProcessMonitor.zip
2014-10-08 11:35 - 2014-10-08 11:36 - 09850208 _____ () C:\Users\Robyn\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-10-08 10:26 - 2014-10-08 10:26 - 00140960 _____ () C:\Users\Robyn\Downloads\shexview_setup.exe
2014-10-07 17:10 - 2014-10-07 17:10 - 00000000 ____D () C:\Users\Robyn\Downloads\TCPView
2014-10-07 17:09 - 2014-10-07 17:09 - 00291606 _____ () C:\Users\Robyn\Downloads\TCPView.zip
2014-10-07 13:06 - 2014-10-07 13:07 - 00291944 _____ () C:\Windows\Minidump\100714-21606-01.dmp
2014-10-07 13:06 - 2014-10-07 13:06 - 562408753 _____ () C:\Windows\MEMORY.DMP
2014-10-07 12:59 - 2014-10-07 13:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-10-07 12:57 - 2014-10-07 12:58 - 91906368 _____ (AVAST Software) C:\Users\Robyn\Downloads\avast_free_antivirus_setup.exe
2014-10-07 12:22 - 2014-10-07 12:22 - 00002016 _____ () C:\Users\Robyn\Desktop\aswMBR.txt
2014-10-07 12:22 - 2014-10-07 12:22 - 00000512 _____ () C:\Users\Robyn\Desktop\MBR.dat
2014-10-07 12:01 - 2014-10-07 12:01 - 05185536 _____ (AVAST Software) C:\Users\Robyn\Desktop\aswMBR.exe
2014-10-07 11:36 - 2014-10-07 11:36 - 00047162 _____ () C:\Users\Robyn\Desktop\Addition.txt
2014-10-07 11:35 - 2014-10-10 13:04 - 00015118 _____ () C:\Users\Robyn\Desktop\FRST.txt
2014-10-07 11:23 - 2014-10-07 11:23 - 00011251 _____ () C:\Users\Robyn\Desktop\hijackthis1
2014-10-07 11:20 - 2014-10-07 11:20 - 00002975 _____ () C:\Users\Robyn\Desktop\HiJackThis.lnk
2014-10-07 11:20 - 2014-10-07 11:20 - 00000000 ____D () C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-10-07 11:20 - 2014-10-07 11:20 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-10-07 11:17 - 2014-10-07 11:17 - 01402880 _____ () C:\Users\Robyn\Desktop\HiJackThis.msi
2014-10-07 00:27 - 2014-10-07 00:27 - 01057488 _____ (Adobe) C:\Users\Robyn\Downloads\install_reader11_en_gtbd_chrd_dn_aaa_aih_exe (1)
2014-10-07 00:23 - 2014-10-07 00:24 - 01057488 _____ (Adobe) C:\Users\Robyn\Downloads\install_reader11_en_gtbd_chrd_dn_aaa_aih_exe
2014-10-07 00:16 - 2014-10-07 00:16 - 00773632 _____ (Robert Simpson, et al.) C:\Users\Robyn\AppData\Roaming\System.Data.SQLite.dll
2014-10-07 00:15 - 2014-10-07 00:15 - 00001210 _____ () C:\Users\Robyn\Desktop\WIGIReport[0].txt
2014-10-07 00:15 - 2013-12-27 11:33 - 00980480 _____ (Adlice) C:\Users\Robyn\Downloads\WIGI.exe
2014-10-07 00:15 - 2013-12-27 11:33 - 00000000 ____D () C:\Users\Robyn\Downloads\fr
2014-10-07 00:14 - 2014-10-07 00:14 - 00549426 _____ () C:\Users\Robyn\Downloads\WhyIGotInfected.exe
2014-10-07 00:03 - 2014-10-07 00:03 - 18386008 _____ () C:\Users\Robyn\Downloads\RogueKillerQtX64.exe
2014-10-07 00:00 - 2014-10-07 00:00 - 00000677 _____ () C:\Users\Robyn\Desktop\eset.txt
2014-10-06 18:07 - 2014-10-06 18:07 - 00000862 _____ () C:\Users\Robyn\Desktop\wt.txt
2014-10-06 11:50 - 2014-10-06 11:50 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Robyn\Desktop\tdsskiller.exe
2014-10-05 15:31 - 2014-10-05 15:31 - 00010047 _____ () C:\Users\Robyn\Desktop\SUPERAntiSpyware Scan Log - 10-05-2014 - 15-30-51.log
2014-10-05 15:15 - 2014-10-10 05:08 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-05 15:15 - 2014-10-05 15:15 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-10-05 15:15 - 2014-10-05 15:15 - 00000000 ____D () C:\Users\Robyn\AppData\Roaming\SUPERAntiSpyware.com
2014-10-05 15:15 - 2014-10-05 15:15 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-05 15:15 - 2014-10-05 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-05 15:14 - 2014-10-05 15:14 - 19633608 _____ (SUPERAntiSpyware) C:\Users\Robyn\Desktop\SUPERAntiSpyware.exe
2014-10-05 15:10 - 2014-10-08 12:36 - 00000000 ____D () C:\Users\Robyn\AppData\Local\CrashDumps
2014-10-05 14:58 - 2014-10-07 00:03 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-05 14:58 - 2014-10-05 14:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-05 14:57 - 2014-10-05 14:57 - 04893784 _____ () C:\Users\Robyn\Desktop\RogueKiller.exe
2014-10-05 13:21 - 2014-10-05 13:21 - 00022214 _____ () C:\Users\Robyn\Desktop\dds.txt
2014-10-05 13:21 - 2014-10-05 13:21 - 00008045 _____ () C:\Users\Robyn\Desktop\attach.txt
2014-10-05 12:05 - 2014-10-05 12:05 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-05 11:56 - 2014-10-05 11:57 - 00002128 _____ () C:\Users\Robyn\Desktop\Rkill.txt
2014-10-05 11:51 - 2014-10-05 11:51 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Robyn\Desktop\iexplore.exe.exe
2014-10-05 11:25 - 2014-10-05 11:25 - 00098954 _____ () C:\Users\Robyn\Desktop\OTL.Txt
2014-10-05 11:14 - 2014-10-05 11:14 - 00602112 _____ (OldTimer Tools) C:\Users\Robyn\Desktop\OTL(1).exe
2014-10-05 11:11 - 2014-10-05 11:11 - 00002757 _____ () C:\Users\Robyn\Desktop\FSS.txt
2014-10-05 11:08 - 2014-10-05 11:08 - 00001437 _____ () C:\Users\Robyn\Desktop\Result - Shortcut.lnk
2014-10-05 11:08 - 2014-10-05 11:08 - 00001437 _____ () C:\Users\Robyn\Desktop\Extras - Shortcut.lnk
2014-10-05 11:08 - 2014-10-05 11:08 - 00001406 _____ () C:\Users\Robyn\Desktop\OTL - Shortcut.lnk
2014-10-05 11:08 - 2014-10-05 11:08 - 00001406 _____ () C:\Users\Robyn\Desktop\FSS - Shortcut.lnk
2014-10-05 11:08 - 2014-10-05 09:59 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Robyn\Desktop\rkill.com
2014-10-05 11:00 - 2014-10-05 11:00 - 00038692 _____ () C:\Users\Robyn\Desktop\Addition0.txt
2014-10-05 10:59 - 2014-10-05 11:00 - 00047564 _____ () C:\Users\Robyn\Desktop\FRST0.txt
2014-10-05 10:50 - 2014-10-05 10:50 - 02347384 _____ (ESET) C:\Users\Robyn\Desktop\esetsmartinstaller_enu.exe
2014-10-05 10:00 - 2014-10-05 10:06 - 00012682 _____ () C:\Users\Robyn\Desktop\hijackthis.log
2014-10-05 02:07 - 2014-10-05 02:07 - 00087100 _____ () C:\Users\Robyn\Downloads\OTL.Txt
2014-10-05 02:07 - 2014-10-05 02:07 - 00064970 _____ () C:\Users\Robyn\Downloads\Extras.Txt
2014-10-05 02:02 - 2014-10-05 02:02 - 00602112 _____ (OldTimer Tools) C:\Users\Robyn\Downloads\OTL.exe
2014-10-05 01:45 - 2014-10-05 01:45 - 00027134 _____ () C:\ComboFix.txt
2014-10-05 01:37 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-05 01:37 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-05 01:37 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-05 01:37 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-05 01:37 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-05 01:37 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-05 01:37 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-05 01:37 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-05 01:36 - 2014-10-05 01:45 - 00000000 ____D () C:\Qoobox
2014-10-05 01:36 - 2014-10-05 01:44 - 00000000 ____D () C:\Windows\erdnt
2014-10-05 01:31 - 2014-10-05 01:31 - 00001516 _____ () C:\Users\Robyn\Desktop\JRT.txt
2014-10-05 01:28 - 2014-10-05 01:28 - 00000000 ____D () C:\Windows\ERUNT
2014-10-05 01:26 - 2014-10-04 11:46 - 01694116 _____ (Thisisu) C:\Users\Robyn\Desktop\JRT_NEW.exe
2014-10-05 01:24 - 2014-10-05 01:24 - 01694116 _____ (Thisisu) C:\Users\Robyn\Downloads\JRT.exe
2014-10-05 00:57 - 2014-10-05 00:57 - 00000632 __RSH () C:\Users\Robyn\ntuser.pol
2014-10-05 00:20 - 2014-10-05 00:37 - 00000000 ____D () C:\Users\Robyn\Desktop\mbar
2014-10-05 00:17 - 2014-10-05 00:17 - 00000000 ____D () C:\Users\Robyn\Desktop\Old Firefox Data
2014-10-05 00:15 - 2014-10-05 00:15 - 00025540 _____ () C:\Users\Robyn\Desktop\HitmanPro_20141005_0014.log
2014-10-05 00:04 - 2014-10-05 00:04 - 00001893 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-10-05 00:04 - 2014-10-05 00:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-10-05 00:04 - 2014-10-05 00:04 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-05 00:03 - 2014-10-05 00:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-05 00:02 - 2014-10-05 00:03 - 11194928 _____ (SurfRight B.V.) C:\Users\Robyn\Downloads\HitmanPro_x64.exe
2014-10-04 23:51 - 2014-10-04 23:51 - 00000000 __SHD () C:\Users\Robyn\AppData\Local\EmieUserList
2014-10-04 23:51 - 2014-10-04 23:51 - 00000000 __SHD () C:\Users\Robyn\AppData\Local\EmieSiteList
2014-10-04 22:34 - 2014-10-04 20:39 - 00019864 _____ () C:\Users\Robyn\Desktop\AdwCleaner[R0].txt
2014-10-04 20:52 - 2014-10-04 20:53 - 00043548 _____ () C:\Users\Robyn\Downloads\Result.txt
2014-10-04 20:51 - 2014-10-04 20:51 - 00401920 _____ (Farbar) C:\Users\Robyn\Desktop\MiniToolBox.exe
2014-10-04 20:47 - 2014-10-04 20:48 - 00002823 _____ () C:\Users\Robyn\Downloads\FSS.txt
2014-10-04 20:47 - 2014-10-04 20:47 - 00415232 _____ (Farbar) C:\Users\Robyn\Desktop\FSS.exe
2014-10-04 20:46 - 2014-10-10 13:04 - 00000000 ____D () C:\FRST
2014-10-04 20:39 - 2014-10-05 15:40 - 00000000 ____D () C:\AdwCleaner
2014-10-04 20:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-04 20:36 - 2014-10-04 20:36 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-04 20:35 - 2014-10-04 20:36 - 01375089 _____ () C:\Users\Robyn\Downloads\AdwCleaner.exe
2014-10-04 20:31 - 2014-10-04 20:31 - 00026186 _____ () C:\Users\Robyn\Desktop\malwarebytes.txt
2014-10-04 20:13 - 2014-10-10 11:59 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-04 20:13 - 2014-10-04 20:13 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-04 20:13 - 2014-10-04 20:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-04 20:12 - 2014-10-05 00:20 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-04 20:12 - 2014-10-04 20:12 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\Robyn\Downloads\mbam_premium.exe
2014-10-04 20:12 - 2014-10-04 20:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-04 20:12 - 2014-05-12 08:19 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-04 20:12 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-04 20:00 - 2014-10-04 20:00 - 00854436 _____ () C:\Users\Robyn\Downloads\SecurityCheck.exe
2014-10-04 14:27 - 2014-10-04 14:27 - 00002075 _____ () C:\Users\UpdatusUser\Desktop\VirusTotal Uploader 2.2.lnk
2014-10-04 14:27 - 2014-10-04 14:27 - 00000000 ____D () C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2014-10-04 14:27 - 2014-10-04 14:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.2
2014-10-04 14:27 - 2014-10-04 14:27 - 00000000 ____D () C:\Program Files (x86)\VirusTotalUploader2
2014-10-04 14:05 - 2014-10-04 14:05 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-04 14:05 - 2014-10-04 14:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-04 14:05 - 2014-10-04 14:05 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-04 14:05 - 2014-10-04 14:05 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-04 14:05 - 2014-10-04 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-04 14:05 - 2014-10-04 14:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-04 13:27 - 2014-10-04 13:28 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-10-04 13:12 - 2014-10-04 13:13 - 123363576 _____ (Microsoft Corporation) C:\Users\Robyn\Downloads\msert.exe
2014-10-04 12:53 - 2014-10-04 12:53 - 00028907 _____ () C:\Users\Robyn\Downloads\mbae-test.zip
2014-10-04 12:47 - 2014-10-04 12:47 - 00167034 _____ () C:\Users\Robyn\Downloads\fileassassin-setup-1.06.exe
2014-10-04 12:47 - 2014-10-04 12:47 - 00065232 _____ (Malwarebytes) C:\Users\Robyn\Downloads\regassassin-setup-1.03.exe
2014-10-04 12:45 - 2014-10-08 21:36 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2014-10-04 12:45 - 2014-10-04 12:45 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-10-04 12:45 - 2014-10-04 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-10-04 12:45 - 2014-10-04 12:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2014-09-29 16:49 - 2006-12-19 12:14 - 00131072 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\SAgent4.exe
2014-09-29 16:32 - 2014-09-29 16:32 - 00000000 ____D () C:\Users\Robyn\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2014-09-26 15:21 - 2014-09-26 15:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-13 03:11 - 2014-08-19 14:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 03:11 - 2014-08-19 13:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 03:11 - 2014-08-18 19:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 03:11 - 2014-08-18 18:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 03:11 - 2014-08-18 18:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 03:11 - 2014-08-18 18:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 03:11 - 2014-08-18 18:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 03:11 - 2014-08-18 18:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 03:11 - 2014-08-18 18:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 03:11 - 2014-08-18 18:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 03:11 - 2014-08-18 18:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 03:11 - 2014-08-18 18:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 03:11 - 2014-08-18 18:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 03:11 - 2014-08-18 18:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 03:11 - 2014-08-18 18:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 03:11 - 2014-08-18 18:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 03:11 - 2014-08-18 18:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 03:11 - 2014-08-18 18:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 03:11 - 2014-08-18 18:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 03:11 - 2014-08-18 17:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 03:11 - 2014-08-18 17:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 03:11 - 2014-08-18 17:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 03:11 - 2014-08-18 17:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 03:11 - 2014-08-18 17:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 03:11 - 2014-08-18 17:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-13 03:11 - 2014-08-18 17:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 03:11 - 2014-08-18 17:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-13 03:11 - 2014-08-18 17:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 03:11 - 2014-08-18 17:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 03:11 - 2014-08-18 17:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 03:11 - 2014-08-18 17:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 03:11 - 2014-08-18 17:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-13 03:11 - 2014-08-18 17:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 03:11 - 2014-08-18 17:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 03:11 - 2014-08-18 17:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 03:11 - 2014-08-18 17:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 03:11 - 2014-08-18 17:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 03:11 - 2014-08-18 17:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 03:11 - 2014-08-18 17:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 03:11 - 2014-08-18 17:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 03:11 - 2014-08-18 17:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 03:11 - 2014-08-18 17:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 03:11 - 2014-08-18 17:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-13 03:11 - 2014-08-18 17:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 03:11 - 2014-08-18 17:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 03:11 - 2014-08-18 17:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 03:11 - 2014-08-18 17:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 03:11 - 2014-08-18 17:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 03:11 - 2014-08-18 17:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 03:11 - 2014-08-18 17:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 03:11 - 2014-08-18 17:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-13 03:11 - 2014-08-18 16:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 03:11 - 2014-08-18 16:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 03:11 - 2014-08-18 16:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 03:11 - 2014-08-18 16:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 03:11 - 2014-08-18 16:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-12 03:09 - 2014-07-06 22:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 03:09 - 2014-07-06 22:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 03:09 - 2014-07-06 21:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 03:09 - 2014-07-06 21:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 03:09 - 2014-07-06 21:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 14:36 - 2014-09-16 22:46 - 00000000 ____D () C:\Users\Public\Nick's Accident

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 13:03 - 2013-04-23 12:06 - 00000000 ____D () C:\Users\Robyn\Documents\Outlook Files
2014-10-10 13:00 - 2013-04-06 13:45 - 02068394 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 12:56 - 2013-08-06 14:45 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-10 12:29 - 2013-04-12 13:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-10 11:37 - 2009-07-14 01:13 - 00820366 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-09 22:57 - 2013-04-12 11:38 - 00000000 ___RD () C:\Users\Robyn\Dropbox
2014-10-09 22:57 - 2013-04-12 11:34 - 00000000 ____D () C:\Users\Robyn\AppData\Roaming\Dropbox
2014-10-09 18:56 - 2013-08-06 14:45 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-09 13:13 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-09 13:13 - 2009-07-14 00:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-09 13:08 - 2014-09-03 13:53 - 00003756 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-10-07 13:08 - 2014-08-25 14:33 - 00004950 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for SOPHIE-Robyn SOPHIE
2014-10-07 13:07 - 2013-06-03 10:15 - 00000000 ___RD () C:\Users\Robyn\SkyDrive
2014-10-07 13:06 - 2013-05-06 20:26 - 00201954 _____ () C:\Windows\PFRO.log
2014-10-07 13:06 - 2013-04-28 01:00 - 00036120 _____ () C:\Windows\setupact.log
2014-10-07 13:06 - 2013-04-08 09:06 - 00000000 ____D () C:\Windows\Minidump
2014-10-07 13:06 - 2013-04-06 13:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-07 13:06 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 00:21 - 2013-04-06 19:40 - 00000000 ____D () C:\Users\Robyn\AppData\Local\Adobe
2014-10-06 17:56 - 2013-10-10 16:23 - 00000000 ____D () C:\Users\Robyn\Downloads\MARY KAY
2014-10-06 10:42 - 2013-04-06 16:49 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-05 13:40 - 2013-04-11 19:50 - 00000000 ____D () C:\Users\Robyn\AppData\Roaming\Samsung
2014-10-05 13:40 - 2013-04-11 19:50 - 00000000 ____D () C:\Users\Robyn\AppData\Local\Samsung
2014-10-05 13:40 - 2013-04-11 19:45 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-10-05 13:40 - 2013-04-11 19:36 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-05 13:40 - 2013-04-06 21:12 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-05 13:38 - 2013-04-07 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-10-05 13:38 - 2013-04-07 20:55 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-10-05 13:37 - 2013-04-11 08:10 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-10-05 13:35 - 2013-04-07 21:04 - 00000000 ____D () C:\Users\Robyn\AppData\Local\ABBYY
2014-10-05 13:32 - 2014-06-25 18:44 - 00000000 ____D () C:\ProgramData\Apple
2014-10-05 09:59 - 2013-04-06 13:45 - 00000000 ____D () C:\Users\Robyn\AppData\Local\VirtualStore
2014-10-05 09:53 - 2013-04-27 15:41 - 00000000 ____D () C:\Users\Robyn\AppData\Local\Apps\2.0
2014-10-05 01:45 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-10-05 01:43 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-05 01:11 - 2013-04-27 15:41 - 00000000 ____D () C:\Users\Robyn\AppData\Local\Deployment
2014-10-05 01:08 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-05 00:57 - 2013-04-06 13:45 - 00000000 ____D () C:\Users\Robyn
2014-10-05 00:57 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-04 20:36 - 2013-04-27 15:43 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 20:12 - 2013-04-08 20:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-04 14:20 - 2013-05-06 12:31 - 00000000 ____D () C:\Users\Robyn\.gimp-2.8
2014-10-04 14:06 - 2013-10-16 14:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-04 13:44 - 2013-05-06 14:32 - 00000000 ____D () C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-10-04 13:40 - 2013-08-16 10:30 - 00000000 ____D () C:\Program Files (x86)\MediaFire Express
2014-10-03 13:01 - 2013-08-16 10:31 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-10-03 12:58 - 2013-04-06 15:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-29 18:29 - 2013-08-19 11:31 - 00000000 ____D () C:\Users\Robyn\Documents\Nick's Stuff
2014-09-29 16:32 - 2013-04-06 21:00 - 00000000 ____D () C:\Users\Robyn\AppData\Roaming\Adobe
2014-09-26 15:29 - 2013-04-12 13:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-26 15:29 - 2013-04-07 19:24 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-26 15:29 - 2013-04-07 19:24 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-26 14:57 - 2013-04-08 19:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-19 03:02 - 2013-04-06 21:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-19 03:01 - 2013-04-06 22:05 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-18 12:04 - 2013-04-12 11:35 - 00000000 ____D () C:\Users\Robyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 09:06 - 2010-11-20 23:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-14 14:36 - 2013-09-12 16:56 - 00000000 ____D () C:\Users\Robyn\Documents\2013 Taxes
2014-09-14 14:34 - 2013-09-12 16:56 - 00009821 _____ () C:\Users\Robyn\Documents\2013 Checking Individual.csv
2014-09-13 14:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-13 03:08 - 2013-04-06 21:11 - 00812488 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 03:06 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 03:02 - 2013-04-08 10:56 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Robyn\AppData\Local\Temp\BRSVC_13128295_hlp.exe
C:\Users\Robyn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpij8lry.dll
C:\Users\Robyn\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-06 00:47

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-10-2014 01
Ran by Robyn at 2014-10-10 13:04:30
Running from C:\Users\Robyn\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.03 - Adobe Systems)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9719DFA1-7CB0-422E-98AE-C77FD3426BE8}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.50.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 435 Series Printer Uninstall (HKLM\...\EPSON WorkForce 435 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.0.3 (HKLM-x32\...\{32D39568-3B77-11E3-88CE-00163E98E7D0}) (Version: 5.0.3.1614 - Evernote Corp.)
Fotor 1.1.0 (HKLM-x32\...\Fotor) (Version: 1.1.0 - Everimaging Co., Ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - JMICRON Technology Corp.)
K-Lite Codec Pack 9.3.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.3.0 - )
Malwarebytes Anti-Exploit version 1.04.1.1012 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.04.1.1012 - Malwarebytes)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mumble 1.2.4 (HKLM-x32\...\{E0955568-4353-4C85-8988-285A8C0F5E87}) (Version: 1.2.4 - Thorvald Natvig)
NVIDIA 3D Vision Controller Driver 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
NVIDIA Update Components (Version: 3.10.8 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.4.0 - NVIDIA Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3BE27413-9FFE-4AB1-9013-344E111E718F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.3.0.16992 - Blizzard Entertainment)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Robyn\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{2d630433-3a6a-4b50-9889-3e08e16bea10}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{8F9A6724-A84A-F9E8-4F65-72159C4BC0D0}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Robyn\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Robyn\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Robyn\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Robyn\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Robyn\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-807050525-432628958-1299976767-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Robyn\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

07-10-2014 15:18:37 Removed HiJackThis
07-10-2014 15:20:05 Installed HiJackThis
07-10-2014 17:02:01 avast! antivirus system restore point
07-10-2014 22:27:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2014-10-07 00:12 - 00000747 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1E1F38B0-4E9A-4FB6-A350-C49C6FD866F8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {21058F07-E1A7-45BE-AAC5-09750CCAA59A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {24DF3C26-F8E3-4808-B10B-527D0E8F056D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {3C44B71A-546C-4A53-895F-0CDF0B688E80} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-11-13] ()
Task: {5FBDBF5B-D08B-4DF0-A77B-13E950D6CBAE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-06] (Google Inc.)
Task: {78CCB450-AC76-47BD-8133-7D7EE2EAA253} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files\ASUS\TurboV EVO\TurboVHELP.exe
Task: {94D054D0-3D47-4054-A299-9C620EFEC152} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {DFD8412A-89FA-450B-AC5A-29ED6B7FFBF9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {E82A0094-C2AB-4903-BC2F-807C4B8CE82E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {EF4EDADE-FE8E-430B-8041-CC4ACC2D1BFC} - System32\Tasks\Microsoft Office 15 Sync Maintenance for SOPHIE-Robyn SOPHIE => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {F3620EC6-AEDA-41BD-ABBA-926A48ED664E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-06 13:51 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-04-06 21:17 - 2009-04-02 00:27 - 00090112 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-05-11 06:37 - 2013-05-11 06:37 - 04891368 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll
2014-01-23 16:05 - 2014-01-23 16:05 - 01424552 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2014-01-23 16:05 - 2014-01-23 16:05 - 00401576 _____ () C:\Program Files\Microsoft Office\Office15\msfad.dll
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-26 15:21 - 2014-09-26 15:21 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Robyn\Documents\Image (2).jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Robyn\Documents\Image.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Robyn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Robyn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup

========================= Accounts: ==========================

Administrator (S-1-5-21-807050525-432628958-1299976767-500 - Administrator - Disabled)
Guest (S-1-5-21-807050525-432628958-1299976767-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-807050525-432628958-1299976767-1004 - Limited - Enabled)
Robyn (S-1-5-21-807050525-432628958-1299976767-1000 - Administrator - Enabled) => C:\Users\Robyn
UpdatusUser (S-1-5-21-807050525-432628958-1299976767-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2014 00:32:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/08/2014 00:36:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Dropbox.exe, version: 2.10.30.0, time stamp: 0x538fa625
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1e125064
Faulting process id: 0xb48
Faulting application start time: 0xDropbox.exe0
Faulting application path: Dropbox.exe1
Faulting module path: Dropbox.exe2
Report Id: Dropbox.exe3

Error: (10/08/2014 00:32:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/07/2014 02:47:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/07/2014 01:08:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2014 01:07:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/07/2014 01:02:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary ihcrtxkd.

System Error:
The system cannot find the file specified.
.

Error: (10/07/2014 10:35:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2014 10:34:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/06/2014 06:06:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (10/07/2014 01:07:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (10/07/2014 01:07:12 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/07/2014 01:07:00 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000003b (0x00000000c0000005, 0xfffff880062747c7, 0xfffff88003aa7050, 0x0000000000000000)C:\Windows\MEMORY.DMP100714-21606-01

Error: (10/07/2014 01:06:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:02:29 PM on ‎10/‎7/‎2014 was unexpected.

Error: (10/07/2014 10:33:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (10/07/2014 10:33:51 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/07/2014 00:01:51 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/06/2014 09:01:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (10/06/2014 09:01:22 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/05/2014 03:42:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069


Microsoft Office Sessions:
=========================
Error: (10/09/2014 00:32:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (10/08/2014 00:36:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Dropbox.exe2.10.30.0538fa625unknown0.0.0.000000000c00000051e125064b4801cfe315f4bfc75aC:\Users\Robyn\AppData\Roaming\Dropbox\bin\Dropbox.exeunknown3974ec27-4f09-11e4-a079-002618fd0094

Error: (10/08/2014 00:32:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (10/07/2014 02:47:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (10/07/2014 01:08:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2014 01:07:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll

Error: (10/07/2014 01:02:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary ihcrtxkd.

System Error:
The system cannot find the file specified.

Error: (10/07/2014 10:35:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/07/2014 10:34:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"C:\Program Files (x86)\Epson Software\FAX Utility\Resource\FULEPPRes.dll

Error: (10/06/2014 06:06:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Robyn\Desktop\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-10-09 22:57:45.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume16\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-09 19:35:06.706
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume15\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-08 12:36:35.443
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume8\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-08 12:15:15.210
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume7\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-08 11:58:43.521
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-08 11:27:07.185
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-07 19:33:41.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-07 19:33:40.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-07 19:33:40.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\explorer.exe because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-07 19:33:40.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\explorer.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 52%
Total physical RAM: 4093.05 MB
Available physical RAM: 1954.11 MB
Total Pagefile: 8184.29 MB
Available Pagefile: 5175.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:789.07 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (QBPRO2003R2) (CDROM) (Total:0.19 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 975ADF1D)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 10 October 2014 - 12:21 PM

I will be so easy on you I am going to leave my computer for a few hours! Will post back after a bit.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 October 2014 - 12:57 PM

See! I scared you away! :) 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 10 October 2014 - 03:31 PM

Hi Robyn,

Nice try but I'm back!

Your computer looks great. Just a few things to mop up and we will run an additional program.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
C:\Users\Robyn\AppData\Local\Temp\BRSVC_13128295_hlp.exe
C:\Users\Robyn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpij8lry.dll
C:\Users\Robyn\AppData\Local\Temp\Quarantine.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Security Check log
  • Any current issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 October 2014 - 03:55 PM

Reader crashes or won't open, oh wait I said Reader in my OP, I meant Flash!!.lol... not sure if that is due to the security settings I changed in firefox or what. The machine runs great, even before I cleaned the PUM's.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-10-2014 01
Ran by Robyn at 2014-10-10 16:43:53 Run:1
Running from C:\Users\Robyn\Desktop
Loaded Profiles: Robyn &  (Available profiles: Robyn & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
C:\Users\Robyn\AppData\Local\Temp\BRSVC_13128295_hlp.exe
C:\Users\Robyn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpij8lry.dll
C:\Users\Robyn\AppData\Local\Temp\Quarantine.exe

*****************

RimUsb => Service deleted successfully.
C:\Users\Robyn\AppData\Local\Temp\BRSVC_13128295_hlp.exe => Moved successfully.
C:\Users\Robyn\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpij8lry.dll => Moved successfully.
C:\Users\Robyn\AppData\Local\Temp\Quarantine.exe => Moved successfully.

==== End of Fixlog ====

 

 

 Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 VirusTotal Uploader 2.2   
 Java 7 Update 67  
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Mozilla Firefox (32.0.3)
 Google Chrome 37.0.2062.124  
 Google Chrome 38.0.2125.101  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Malwarebytes Anti-Exploit mbae.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 10 October 2014 - 04:06 PM

Things look great. You can always uninstall and reinstall Flash if you want.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 October 2014 - 04:19 PM

Do I uninstall plugin or Active X or both?  I guess the plugin is for Firefox?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 10 October 2014 - 04:24 PM

I would start with the plugin. You can always uninstall and reinstall both.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 October 2014 - 04:25 PM

Thank you. :)  How am I to know nobody can hack my connection and that it is all secure?  I have to run to store, I will be back in less than an hour.



#12 Tiggy65

Tiggy65
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Local time:12:16 AM

Posted 10 October 2014 - 04:37 PM

I ask because I was a victim of Tax fraud recently.  The only thing I can presume is a friend of mine had entered my personal information via her laptop a year ago October to register me with her business.  Then, this past spring she brings me her laptop because it wouldn't boot and I found a rootkit on that one.  THEN, I received an identity verification letter from the IRS.  I can't say for sure it was from her laptop, obviously.  But this is why the elevated fear of my home network.  And dummy me had her laptop using my router and network, but this is way before I even found the rootkit.  And I of course I changed all passwords in such.  I just feel violated all the time now, since that dang letter! >-<



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 10 October 2014 - 04:40 PM

You can reset your router to its factory state then set it up again with a different (and hidden) SSID and password.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 13 October 2014 - 08:58 AM

Greetings Robyn,

How are we doing?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:16 PM

Posted 26 October 2014 - 09:47 PM

Hi Robyn,

How are we doing with this computer?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users