Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware and pop-ups


  • This topic is locked This topic is locked
13 replies to this topic

#1 lalasima129

lalasima129

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 11 December 2014 - 07:23 PM

My mother's computer has constant ad pop-ups and her browser just doesn't open. I would like to have a little help with this please if someone can. I had my own computer fixed by one of the fixing team members and I was not disappointed. It would help my mom a lot. Thank you very much in advance :) !!!1



BC AdBot (Login to Remove)

 


#2 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 11 December 2014 - 09:13 PM

Hello and welcome to Bleeping Computer! My nickname is Pystryker :) , and I will be helping you with your issue today.


Before we get started, I have a few things I need to go over with you
  • If you are receiving help for this issue at another forum, please let me know so I can close this thread.
  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
  • Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
  • Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)
Now, let's get started, shall we? :thumbsup:


Hello, let's get a look at your system and see what's going on. :)


Scan with Farbar's Recovery Scan Tool (FRST)


Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#3 lalasima129

lalasima129
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 11 December 2014 - 10:29 PM

No problem i will do this first thing tomorrow. Since its my mother's computer i will mot have access to it right away. I will do as told, when told. Thank you

#4 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 11 December 2014 - 10:30 PM

No problem i will do this first thing tomorrow. Since its my mother's computer i will mot have access to it right away. I will do as told, when told. Thank you


No worries :thumbup2:

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#5 lalasima129

lalasima129
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 12 December 2014 - 09:31 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03
Ran by josee (administrator) on JOSÉE on 12-12-2014 09:28:38
Running from C:\Users\josee\Desktop
Loaded Profiles: josee & danie_000 (Available profiles: josee & danie_000)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
() C:\Windows\SysWOW64\lsrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Akamai Technologies, Inc.) C:\Users\josee\AppData\Local\Akamai\netsession_win.exe
(BitTorrent Inc.) C:\Users\josee\AppData\Roaming\uTorrent\uTorrent.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Akamai Technologies, Inc.) C:\Users\josee\AppData\Local\Akamai\netsession_win.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Dropbox, Inc.) C:\Users\josee\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [295304 2012-08-17] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\...\Run: [Akamai NetSession Interface] => C:\Users\josee\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\...\Run: [uTorrent] => C:\Users\josee\AppData\Roaming\uTorrent\uTorrent.exe [1385808 2014-11-25] (BitTorrent Inc.)
HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\josee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\josee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49790;https=127.0.0.1:49790
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/19
HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/19
HKU\S-1-5-21-3194349154-2914878599-1291935727-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/19
HKU\S-1-5-21-3194349154-2914878599-1291935727-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/19
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKU\S-1-5-21-3194349154-2914878599-1291935727-1004 -> {155E09EC-CB49-4625-9520-373B533B7170} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3194349154-2914878599-1291935727-1004 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://qc.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKU\S-1-5-21-3194349154-2914878599-1291935727-1004 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: YouutubeAAdBloicKe - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\ba5VGu6@cDn.net [2014-10-17]
FF Extension: GoSavEi - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\jF3@CzWkJ.net [2014-10-17]
FF Extension: SaVeorEExTension - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\p@KT9.org [2014-10-17]
FF Extension: Webbing - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\S@vA9X.org [2014-10-17]
FF Extension: NextCoup - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\UaTk7t@P.com [2014-10-17]
FF HKLM\...\Firefox\Extensions: [{BF883488-0379-470e-8BF2-C5D1F3828428}] - C:\Program Files\Shop For Rewards\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{BF883488-0379-470e-8BF2-C5D1F3828428}] - C:\Program Files\Shop For Rewards\Firefox
FF HKU\.DEFAULT\...\Firefox\Extensions: [{30CD3668-32CE-DBFB-FA36-13792B87731B}] - C:\Program Files (x86)\ver7SpeeditUp\179.xpi
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-20]
CHR Extension: (Google Drive) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-20]
CHR Extension: (Adblock Plus) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-10]
CHR Extension: (Recherche Google) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-20]
CHR Extension: (HQuality-v3V12.10) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnonkalmdjjnelekfdaldkknjkedgamf [2014-10-16]
CHR Extension: (Google Wallet) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S2 HPRegistrationSvc; c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [205216 2012-07-18] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 lsrvc; C:\WINDOWS\SysWOW64\lsrvc.exe [191800 2014-10-14] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-03] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
S2 4d349a54; "C:\WINDOWS\system32\rundll32.exe" "c:\progra~2\gs_boo~1\AssistantSvc.dll",service
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-11-16] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-31] (Malwarebytes Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-12 09:28 - 2014-12-12 09:28 - 00018812 _____ () C:\Users\josee\Desktop\FRST.txt
2014-12-12 09:27 - 2014-12-12 09:28 - 00000000 ____D () C:\FRST
2014-12-12 09:27 - 2014-12-12 09:27 - 02119680 _____ (Farbar) C:\Users\josee\Desktop\FRST64.exe
2014-12-11 09:29 - 2014-12-11 09:29 - 00003940 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{19D9AE8B-E60B-4C05-8CBD-B3688D06170E}
2014-12-10 23:51 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-10 23:51 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 23:48 - 2014-12-10 23:48 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 11:04 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 11:04 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 11:04 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 11:04 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 03:38 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 03:38 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 03:38 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 03:38 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 03:38 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 03:38 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 03:38 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 03:38 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 03:38 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 03:38 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 03:38 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 03:38 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 03:38 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 03:38 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 03:38 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 03:38 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 03:38 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 03:38 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 03:38 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 03:38 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 03:38 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 03:38 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 03:38 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 03:38 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 03:38 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 03:38 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 03:38 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 03:38 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 03:38 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 03:38 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 03:38 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 03:38 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 03:38 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 03:38 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 03:38 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 03:38 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 03:38 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 03:38 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 03:38 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 03:38 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 03:38 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 03:38 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 03:38 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 03:38 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 03:38 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 03:38 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 03:38 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 03:38 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 03:38 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 03:38 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 03:38 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 03:38 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 03:38 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 03:38 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-11-20 16:14 - 2014-11-20 16:14 - 00000000 __SHD () C:\Users\danie_000\AppData\Local\EmieBrowserModeList
2014-11-20 15:45 - 2014-11-20 15:45 - 00005120 ___SH () C:\Users\danie_000\Desktop\Thumbs.db
2014-11-20 15:05 - 2014-11-20 15:05 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-20 15:05 - 2014-11-20 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-20 15:05 - 2014-11-20 15:05 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-20 15:05 - 2014-11-20 15:05 - 00000000 ____D () C:\Program Files\iTunes
2014-11-20 15:05 - 2014-11-20 15:05 - 00000000 ____D () C:\Program Files\iPod
2014-11-20 15:05 - 2014-11-20 15:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-18 14:31 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-18 14:31 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-18 14:31 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-18 14:31 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-16 13:01 - 2014-11-16 13:04 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2014-11-13 11:52 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-13 11:52 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-13 11:52 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-13 11:52 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-13 11:52 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-13 11:52 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-13 11:52 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-13 11:52 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-13 11:52 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-13 11:52 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-13 11:52 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-13 11:52 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-13 11:52 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-13 11:52 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-13 11:52 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-13 11:51 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2014-11-13 11:51 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2014-11-13 11:51 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-11-13 11:51 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2014-11-13 11:51 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-11-13 11:49 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-11-13 11:49 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2014-11-13 11:49 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-11-13 11:49 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-11-13 11:49 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2014-11-13 11:49 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-11-13 11:49 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2014-11-13 11:49 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-11-13 11:49 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-11-13 11:49 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2014-11-13 11:49 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-11-13 11:49 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-11-13 11:49 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-11-13 11:48 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-11-13 11:48 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-11-13 11:48 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-11-13 11:48 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-11-13 11:48 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2014-11-13 11:48 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-11-13 11:48 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-11-13 11:48 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-11-13 11:48 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-11-13 11:48 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-11-13 11:48 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-11-13 11:48 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-11-13 11:48 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-11-13 11:48 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-11-13 11:48 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-11-13 11:48 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-11-13 11:46 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-11-13 11:46 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-11-13 11:46 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2014-11-13 11:46 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2014-11-13 11:46 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-11-13 11:46 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-11-13 11:46 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-11-13 11:46 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-11-13 11:46 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-13 11:46 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-11-13 11:46 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2014-11-13 11:46 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2014-11-13 11:46 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-11-13 11:46 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-11-13 11:46 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-11-13 11:46 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-11-13 11:46 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2014-11-13 11:46 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2014-11-13 11:46 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2014-11-13 11:46 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-11-13 11:46 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-11-13 11:46 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-11-13 11:46 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2014-11-13 11:46 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-11-13 11:46 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2014-11-13 11:46 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-11-13 11:46 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2014-11-13 11:46 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2014-11-13 11:46 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-11-13 11:45 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2014-11-13 11:45 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2014-11-13 11:45 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2014-11-13 11:45 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2014-11-13 11:45 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2014-11-13 11:45 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-11-13 11:45 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-11-13 11:45 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-11-13 11:45 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2014-11-13 11:45 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-11-13 11:45 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-11-13 11:45 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2014-11-13 11:45 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2014-11-13 11:45 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2014-11-13 11:45 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2014-11-13 11:45 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2014-11-13 11:45 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2014-11-13 11:45 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2014-11-13 11:45 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-11-13 11:45 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-11-13 11:45 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-11-13 11:45 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2014-11-13 11:45 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 11:45 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2014-11-13 11:45 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2014-11-13 11:45 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2014-11-13 11:45 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-11-13 11:45 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-11-13 11:45 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-13 11:45 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-13 11:45 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-13 11:45 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-13 11:45 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-13 11:45 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-13 11:45 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-13 11:45 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-13 11:45 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-11-13 11:45 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-13 11:45 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-13 11:45 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-13 11:45 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-13 11:45 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-13 11:45 - 2014-09-07 17:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-13 11:45 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-13 11:45 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-13 11:45 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-13 11:45 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-13 11:45 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-13 11:45 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-13 11:45 - 2014-08-30 19:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-13 11:45 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-13 11:45 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-13 11:45 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-13 11:45 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-13 11:45 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-13 11:45 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-13 11:45 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-13 11:45 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-13 11:45 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-13 11:45 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-13 11:45 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-13 11:45 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-13 11:45 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-13 11:45 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-13 11:45 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-13 11:45 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-13 11:45 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-12 09:27 - 2014-03-10 15:08 - 00003924 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1BB101D1-6276-4261-B7A7-670E20258F7A}
2014-12-12 09:27 - 2013-07-20 18:54 - 00001068 _____ () C:\Users\josee\Desktop\Dropbox.lnk
2014-12-12 09:27 - 2013-07-20 18:54 - 00000000 ___RD () C:\Users\josee\Dropbox
2014-12-12 09:27 - 2013-07-20 18:53 - 00000000 ____D () C:\Users\josee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 09:27 - 2013-07-20 18:53 - 00000000 ____D () C:\Users\josee\AppData\Roaming\Dropbox
2014-12-12 09:26 - 2014-03-03 19:22 - 01827972 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-12 09:24 - 2014-10-16 06:13 - 00000312 _____ () C:\WINDOWS\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{6DEBB516-C681-48BB-8AC1-2A58699F47D1}.job
2014-12-12 09:24 - 2014-03-03 19:39 - 00000000 ___DO () C:\Users\josee\SkyDrive
2014-12-12 09:24 - 2013-07-31 14:35 - 00000000 ____D () C:\Users\josee\AppData\Roaming\uTorrent
2014-12-12 09:24 - 2013-07-20 16:51 - 00001074 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-12 09:23 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-12 04:37 - 2013-08-10 09:55 - 00003940 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{36869FAE-C9FD-44D3-AE34-D7F3859877B5}
2014-12-11 19:49 - 2013-07-20 16:52 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-11 19:28 - 2013-07-20 17:06 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3194349154-2914878599-1291935727-1004
2014-12-11 18:55 - 2013-08-24 20:02 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-11 18:49 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-11 18:43 - 2014-03-07 19:07 - 00000000 ___DO () C:\Users\danie_000\SkyDrive
2014-12-11 18:42 - 2013-11-14 02:32 - 02025074 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-11 18:42 - 2013-11-14 02:13 - 00884978 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-12-11 18:42 - 2013-11-14 02:13 - 00191704 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-12-11 18:37 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-11 18:37 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-11 00:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-10 23:48 - 2014-07-09 16:42 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-10 23:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 23:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 23:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 11:18 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-10 11:16 - 2013-08-14 08:39 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 11:13 - 2013-07-21 21:40 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-09 17:55 - 2013-08-24 20:02 - 00003890 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-09 16:35 - 2013-07-20 12:45 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3194349154-2914878599-1291935727-1001
2014-12-07 11:42 - 2013-09-06 12:03 - 00207872 ___SH () C:\Users\josee\Documents\Thumbs.db
2014-12-07 11:39 - 2013-07-30 13:38 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-20 21:35 - 2013-11-13 17:22 - 00337776 _____ () C:\WINDOWS\PFRO.log
2014-11-20 15:05 - 2014-08-27 11:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-20 15:05 - 2013-07-31 14:44 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-16 13:04 - 2013-08-22 09:44 - 00377552 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-16 13:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-16 13:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-16 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-16 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-16 12:59 - 2014-10-16 05:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\ControlTaskWord
2014-11-16 12:59 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-16 12:59 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-16 12:57 - 2014-10-17 13:33 - 00003920 _____ () C:\WINDOWS\system32\.crusader
2014-11-16 12:57 - 2014-10-16 05:06 - 00000000 ____D () C:\Users\josee\AppData\Local\AddonCompilerMBR
2014-11-16 12:39 - 2013-01-23 16:08 - 00000000 ____D () C:\ProgramData\Temp
2014-11-15 16:41 - 2013-08-03 09:20 - 00000000 ____D () C:\Users\danie_000\AppData\Local\Google
2014-11-14 18:09 - 2013-09-06 11:52 - 00000000 ____D () C:\Users\josee\AppData\Local\Akamai
 
Some content of TEMP:
====================
C:\Users\josee\AppData\Local\Temp\APNSetup.exe
C:\Users\josee\AppData\Local\Temp\BackupSetup.exe
C:\Users\josee\AppData\Local\Temp\bfguni.exe
C:\Users\josee\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqqvuc3.dll
C:\Users\josee\AppData\Local\Temp\ffdshow.exe
C:\Users\josee\AppData\Local\Temp\i4jdel0.exe
C:\Users\josee\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\josee\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\josee\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\josee\AppData\Local\Temp\MatroskaSplitter.exe
C:\Users\josee\AppData\Local\Temp\post1.exe
C:\Users\josee\AppData\Local\Temp\post2.dll
C:\Users\josee\AppData\Local\Temp\post2.exe
C:\Users\josee\AppData\Local\Temp\Quarantine.exe
C:\Users\josee\AppData\Local\Temp\setup_363.exe
C:\Users\josee\AppData\Local\Temp\sqlite3.dll
C:\Users\josee\AppData\Local\Temp\tempmessage.bfg
C:\Users\josee\AppData\Local\Temp\vcredist_x64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-11 19:28
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 03
Ran by josee at 2014-12-12 09:29:25
Running from C:\Users\josee\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
AMD Catalyst Install Manager (HKLM\...\{5F769CF4-5263-4C7B-AEB2-C06A73AE4428}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)
Canon MG2200 series On-screen Manual (HKLM-x32\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5510 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3109 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1902 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.1.4319 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\...\HPConnectedMusic) (Version: 1.1 (build 57) hp - Meridian Audio Ltd)
HP Connected Remote (HKLM-x32\...\{F243A34B-AB7F-4065-B770-B85B767C247C}) (Version: 1.0.1206 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{FF27F674-821E-4BA2-985B-DDF539C2CD03}) (Version: 7.0.33.6 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LeapFrog Connect (French) (HKLM-x32\...\UPCShell) (Version: 4.1.7.15320 - LeapFrog)
LeapFrog Connect (x32 Version: 4.1.7.15320 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 23.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 fr)) (Version: 23.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{4F8C9861-DDCF-4EE8-978C-35B691C406B3}) (Version: 4.00.9702 - Apache Software Foundation)
Package de pilotes Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Package de pilotes Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.0.0 - Ralink)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5530 - CyberLink Corp.) Hidden
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)
Windows Driver Package - LeapFrog (FlyUsb) USB  (11/05/2008 1.1.1.0) (HKLM\...\781745E87AFF80C0C1388CFF79D19ECAB2E9BB47) (Version: 11/05/2008 1.1.1.0 - LeapFrog)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\josee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\josee\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\josee\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\josee\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\josee\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\josee\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\josee\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\josee\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\josee\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\josee\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
25-11-2014 08:50:01 Point de contrôle planifié
02-12-2014 22:10:08 Point de contrôle planifié
10-12-2014 08:39:42 Point de contrôle planifié
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0D46AEF3-04D9-43C6-861C-4502569FE8BC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {177D699F-13E4-4626-975E-B19362971C39} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {233C9B3E-2BCA-41B6-A408-CBD51753E67F} - System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{6DEBB516-C681-48BB-8AC1-2A58699F47D1} => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
Task: {524059A0-7FF8-43CB-897E-14FF965C9A08} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-15] (Hewlett-Packard Company)
Task: {755E56D0-7D33-4B4E-B403-E974D2937EDE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {8DD79A8C-0936-445E-92FC-F31601E1A939} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {A115E8FE-F34B-4ED0-970C-5B07FE4DB8F7} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {EC204473-A4B9-4584-A263-6E57D444A7B4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F38D87D3-53C4-4872-808D-9D435BEDA61F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {FABC7123-31AE-496A-B448-27F85177CEFC} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3194349154-2914878599-1291935727-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: C:\WINDOWS\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{6DEBB516-C681-48BB-8AC1-2A58699F47D1}.job => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AAJ.job => C:\Users\josee\AppData\Roaming\AAJ.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HDW.job => C:\Users\josee\AppData\Roaming\HDW.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\JOQA.job => C:\Users\josee\AppData\Roaming\JOQA.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\NKO.job => C:\Users\josee\AppData\Roaming\NKO.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PMIXB.job => C:\Users\josee\AppData\Roaming\PMIXB.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VKME.job => C:\Users\josee\AppData\Roaming\VKME.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-25 08:25 - 2014-11-25 08:25 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-07-30 13:38 - 2012-03-28 07:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-10-16 06:13 - 2014-10-14 14:10 - 00191800 _____ () C:\WINDOWS\SysWOW64\lsrvc.exe
2012-05-04 19:42 - 2012-05-04 19:42 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2012-08-29 13:02 - 2012-08-29 13:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll
2012-08-29 13:02 - 2012-08-29 13:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll
2012-08-29 13:02 - 2012-08-29 13:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll
2014-03-03 19:35 - 2014-03-03 19:35 - 00120224 _____ () C:\Users\josee\AppData\Local\assembly\dl3\LVG6TT7C.J5R\NN66LHWZ.9CG\9bd9ba0c\0057376b_1086cd01\HPItunesModule.DLL
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-23 16:19 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-04 14:44 - 2014-08-29 21:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-04 14:44 - 2014-08-29 21:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-04 14:44 - 2014-08-29 21:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-04 14:44 - 2014-08-29 21:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-04 14:44 - 2014-08-29 21:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\josee\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-12 09:27 - 2014-12-12 09:27 - 00043008 _____ () c:\users\josee\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqqvuc3.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\josee\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\josee\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\josee\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:09708CB7
AlternateDataStreams: C:\ProgramData\Temp:09AEED56
AlternateDataStreams: C:\ProgramData\Temp:0ADCCF52
AlternateDataStreams: C:\ProgramData\Temp:19636FDD
AlternateDataStreams: C:\ProgramData\Temp:1A5207FA
AlternateDataStreams: C:\ProgramData\Temp:23622B8B
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:346337E3
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:4018444F
AlternateDataStreams: C:\ProgramData\Temp:41B2DADD
AlternateDataStreams: C:\ProgramData\Temp:46CBC45C
AlternateDataStreams: C:\ProgramData\Temp:47FE7AB7
AlternateDataStreams: C:\ProgramData\Temp:49EA4410
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B
AlternateDataStreams: C:\ProgramData\Temp:581B0446
AlternateDataStreams: C:\ProgramData\Temp:5D1BA9DE
AlternateDataStreams: C:\ProgramData\Temp:6A609C67
AlternateDataStreams: C:\ProgramData\Temp:8634D9A3
AlternateDataStreams: C:\ProgramData\Temp:87E3D720
AlternateDataStreams: C:\ProgramData\Temp:8DC85A87
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:A4CDE823
AlternateDataStreams: C:\ProgramData\Temp:AC83EA04
AlternateDataStreams: C:\ProgramData\Temp:ACCFA538
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B80659FA
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CC6A54A8
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D5CCCBAA
AlternateDataStreams: C:\ProgramData\Temp:DF19F127
AlternateDataStreams: C:\ProgramData\Temp:E81603BC
AlternateDataStreams: C:\ProgramData\Temp:EC752217
AlternateDataStreams: C:\ProgramData\Temp:EE2B5DE3
AlternateDataStreams: C:\ProgramData\Temp:F1381B87
AlternateDataStreams: C:\ProgramData\Temp:F4B7CBB2
AlternateDataStreams: C:\ProgramData\Temp:F5E90ED3
AlternateDataStreams: C:\ProgramData\Temp:F74EC668
AlternateDataStreams: C:\Users\danie_000\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\josee\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\josee\Desktop\2014-09-26 14.00.55.jpg:com.dropbox.attributes
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrateur (S-1-5-21-3194349154-2914878599-1291935727-500 - Administrator - Disabled)
danie_000 (S-1-5-21-3194349154-2914878599-1291935727-1004 - Limited - Enabled) => C:\Users\danie_000
HomeGroupUser$ (S-1-5-21-3194349154-2914878599-1291935727-1006 - Limited - Enabled)
Invité (S-1-5-21-3194349154-2914878599-1291935727-501 - Limited - Disabled)
josee (S-1-5-21-3194349154-2914878599-1291935727-1001 - Administrator - Enabled) => C:\Users\josee
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/12/2014 04:43:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Josée)
Description: Le package Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe+Microsoft.Reader a été interrompu, car sa suspension a été trop longue.
 
Error: (12/12/2014 04:43:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme glcnd.exe version 6.3.9600.17499 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.
 
ID de processus : 12ac
 
Heure de début : 01d015f01592a697
 
Heure de fin : 4294967295
 
Chemin d’accès de l’application : C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
 
ID de rapport : 6103b20a-81e3-11e4-bea1-4c72b9dfe2d0
 
Nom complet du package défaillant : Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe
 
ID de l’application relative au package défaillant : Microsoft.Reader
 
Error: (12/11/2014 06:45:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme glcnd.exe version 6.3.9600.17499 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans le Centre de maintenance.
 
ID de processus : e1c
 
Heure de début : 01d0159c66ebee20
 
Heure de fin : 4294967295
 
Chemin d’accès de l’application : C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe
 
ID de rapport : caee25eb-818f-11e4-bea1-4c72b9dfe2d0
 
Nom complet du package défaillant : Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe
 
ID de l’application relative au package défaillant : Microsoft.Reader
 
Error: (12/11/2014 06:45:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Josée)
Description: Le package Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe+Microsoft.Reader a été interrompu, car sa suspension a été trop longue.
 
Error: (12/11/2014 06:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Josée)
Description: Échec de l’activation de l’application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.
 
Error: (12/11/2014 06:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Josée)
Description: L’application microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail n’a pas été lancée dans le délai qui lui était imparti.
 
Error: (12/11/2014 06:27:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Josée)
Description: Windows ne peut pas trouver le profil local et tente de vous connecter avec un profil temporaire. Les modifications effectuées à ce profil seront perdues lorsque vous vous déconnecterez.
 
Error: (12/11/2014 06:27:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Josée)
Description: Windows a sauvegardé le profil de cet utilisateur. Windows tentera automatiquement d’utiliser le profil sauvegardé la prochaine fois que cet utilisateur ouvre une connexion.
 
Error: (12/11/2014 06:27:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Josée)
Description: Windows ne peut pas charger le profil stocké localement. Les causes possibles de cette erreur incluent des droits de sécurité insuffisants ou un profil local endommagé. 
 
 DÉTAIL - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
 
Error: (12/11/2014 06:27:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORITE NT)
Description: Windows ne peut pas charger le Registre. Ce problème est souvent causé par une mémoire insuffisante ou des droits d’accès insuffisants. 
 
 DÉTAIL - Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
 pour C:\Users\danie_000\ntuser.dat
 
 
System errors:
=============
Error: (12/12/2014 09:24:38 AM) (Source: Schannel) (EventID: 4102) (User: AUTORITE NT)
Description: Une erreur irrécupérable s’est produite lors de l’accès à la clé privée d’informations d’identification serveur SSL. Code d’erreur retourné à partir du module de chiffrement : 0x8009030d. État d’erreur interne : 10001.
 
Error: (12/11/2014 06:41:08 PM) (Source: Schannel) (EventID: 4102) (User: AUTORITE NT)
Description: Une erreur irrécupérable s’est produite lors de l’accès à la clé privée d’informations d’identification serveur SSL. Code d’erreur retourné à partir du module de chiffrement : 0x8009030d. État d’erreur interne : 10001.
 
Error: (12/11/2014 06:40:58 PM) (Source: Schannel) (EventID: 4102) (User: AUTORITE NT)
Description: Une erreur irrécupérable s’est produite lors de l’accès à la clé privée d’informations d’identification serveur SSL. Code d’erreur retourné à partir du module de chiffrement : 0x8009030d. État d’erreur interne : 10001.
 
Error: (12/11/2014 06:40:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Service Google Update (gupdate) n’a pas pu démarrer en raison de l’erreur : 
%%2
 
Error: (12/11/2014 06:38:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service HP Registration Service n’a pas pu démarrer en raison de l’erreur : 
%%1053
 
Error: (12/11/2014 06:38:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service HP Registration Service.
 
Error: (12/11/2014 06:38:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service GS_Sustainer.
 
Error: (12/11/2014 06:36:52 PM) (Source: Schannel) (EventID: 4102) (User: AUTORITE NT)
Description: Une erreur irrécupérable s’est produite lors de l’accès à la clé privée d’informations d’identification serveur SSL. Code d’erreur retourné à partir du module de chiffrement : 0x8009030d. État d’erreur interne : 10001.
 
Error: (12/11/2014 06:34:21 PM) (Source: Schannel) (EventID: 4102) (User: AUTORITE NT)
Description: Une erreur irrécupérable s’est produite lors de l’accès à la clé privée d’informations d’identification serveur SSL. Code d’erreur retourné à partir du module de chiffrement : 0x8009030d. État d’erreur interne : 10001.
 
Error: (12/11/2014 06:27:33 PM) (Source: Schannel) (EventID: 4102) (User: AUTORITE NT)
Description: Une erreur irrécupérable s’est produite lors de l’accès à la clé privée d’informations d’identification serveur SSL. Code d’erreur retourné à partir du module de chiffrement : 0x8009030d. État d’erreur interne : 10001.
 
 
Microsoft Office Sessions:
=========================
Error: (12/12/2014 04:43:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Josée)
Description: Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe+Microsoft.Reader
 
Error: (12/12/2014 04:43:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: glcnd.exe6.3.9600.1749912ac01d015f01592a6974294967295C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.exe6103b20a-81e3-11e4-bea1-4c72b9dfe2d0Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbweMicrosoft.Reader
 
Error: (12/11/2014 06:45:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: glcnd.exe6.3.9600.17499e1c01d0159c66ebee204294967295C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe\glcnd.execaee25eb-818f-11e4-bea1-4c72b9dfe2d0Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbweMicrosoft.Reader
 
Error: (12/11/2014 06:45:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Josée)
Description: Microsoft.Reader_6.3.9654.17499_x64__8wekyb3d8bbwe+Microsoft.Reader
 
Error: (12/11/2014 06:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Josée)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2144927142
 
Error: (12/11/2014 06:39:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Josée)
Description: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe+Microsoft.WindowsLive.Mail
 
Error: (12/11/2014 06:27:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Josée)
Description: 
 
Error: (12/11/2014 06:27:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Josée)
Description: 
 
Error: (12/11/2014 06:27:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Josée)
Description: Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
 
Error: (12/11/2014 06:27:10 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: AUTORITE NT)
Description: Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
C:\Users\danie_000\ntuser.dat
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-11 00:19:08.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-11 00:19:08.507
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-11 00:19:08.179
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-11 00:19:08.007
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-11 00:19:07.708
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-11 00:19:07.552
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-11 00:13:31.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-11 00:13:30.924
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-11 00:13:30.658
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-12-11 00:13:30.502
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-3420 APU with Radeon™ HD Graphics
Percentage of memory in use: 41%
Total physical RAM: 5604.91 MB
Available physical RAM: 3306.7 MB
Total Pagefile: 6500.91 MB
Available Pagefile: 3560.07 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:444.02 GB) (Free:385.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery Image) (Fixed) (Total:19.93 GB) (Free:2.45 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B9BD31F4)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#6 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 12 December 2014 - 06:51 PM

Hello :)

Let's get started clearing away the junk. :thumbsup:

The infection has reverted your copy of Chrome to a development version of the browser. This lowers the security of the browser, and we will have to do a re-installation of Chrome once the malware is cleared away.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: P2P Warning and Program Uninstalls


The Dangers of P2P Programs

I noticed that you have a P2P file sharing (uTorrent) program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Program Uninstalls

Please uninstall the following programs from your machine.

Akamai NetSession Interface: Uses pseudo P2P technology and does not really care about using it securely.

Hitman Pro: This program sometimes makes some machines unbootable.


Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
Closeprocesses:
() C:\Windows\SysWOW64\lsrvc.exe
C:\Windows\SysWOW64\lsrvc.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49790;https=127.0.0.1:49790
SearchScopes: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001 -> URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324416&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=2&UP=SP4BC42B17-94D6-4DB1-AC1E-FDC03E343772&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: YouutubeAAdBloicKe - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\ba5VGu6@cDn.net [2014-10-17]
FF Extension: GoSavEi - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\jF3@CzWkJ.net [2014-10-17]
FF Extension: SaVeorEExTension - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\p@KT9.org [2014-10-17]
FF Extension: Webbing - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\S@vA9X.org [2014-10-17]
FF Extension: NextCoup - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\UaTk7t@P.com [2014-10-17]
FF HKLM\...\Firefox\Extensions: [{BF883488-0379-470e-8BF2-C5D1F3828428}] - C:\Program Files\Shop For Rewards\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{BF883488-0379-470e-8BF2-C5D1F3828428}] - C:\Program Files\Shop For Rewards\Firefox
FF HKU\.DEFAULT\...\Firefox\Extensions: [{30CD3668-32CE-DBFB-FA36-13792B87731B}] - C:\Program Files (x86)\ver7SpeeditUp\179.xpi
C:\Program Files\Shop For Rewards
R2 lsrvc; C:\WINDOWS\SysWOW64\lsrvc.exe [191800 2014-10-14] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
Task: {233C9B3E-2BCA-41B6-A408-CBD51753E67F} - System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{6DEBB516-C681-48BB-8AC1-2A58699F47D1} => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{6DEBB516-C681-48BB-8AC1-2A58699F47D1}.job => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AAJ.job => C:\Users\josee\AppData\Roaming\AAJ.exe <==== ATTENTION
C:\Users\josee\AppData\Roaming\AAJ.exe
Task: C:\WINDOWS\Tasks\HDW.job => C:\Users\josee\AppData\Roaming\HDW.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\JOQA.job => C:\Users\josee\AppData\Roaming\JOQA.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\NKO.job => C:\Users\josee\AppData\Roaming\NKO.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PMIXB.job => C:\Users\josee\AppData\Roaming\PMIXB.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VKME.job => C:\Users\josee\AppData\Roaming\VKME.exe <==== ATTENTION
C:\Users\josee\AppData\Roaming\HDW.exe
C:\Users\josee\AppData\Roaming\JOQA.exe
C:\Users\josee\AppData\Roaming\NKO.exe
C:\Users\josee\AppData\Roaming\PMIXB.exe
C:\Users\josee\AppData\Roaming\VKME.exe
AlternateDataStreams: C:\ProgramData\Temp:09708CB7
AlternateDataStreams: C:\ProgramData\Temp:09AEED56
AlternateDataStreams: C:\ProgramData\Temp:0ADCCF52
AlternateDataStreams: C:\ProgramData\Temp:19636FDD
AlternateDataStreams: C:\ProgramData\Temp:1A5207FA
AlternateDataStreams: C:\ProgramData\Temp:23622B8B
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:346337E3
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:4018444F
AlternateDataStreams: C:\ProgramData\Temp:41B2DADD
AlternateDataStreams: C:\ProgramData\Temp:46CBC45C
AlternateDataStreams: C:\ProgramData\Temp:47FE7AB7
AlternateDataStreams: C:\ProgramData\Temp:49EA4410
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B
AlternateDataStreams: C:\ProgramData\Temp:581B0446
AlternateDataStreams: C:\ProgramData\Temp:5D1BA9DE
AlternateDataStreams: C:\ProgramData\Temp:6A609C67
AlternateDataStreams: C:\ProgramData\Temp:8634D9A3
AlternateDataStreams: C:\ProgramData\Temp:87E3D720
AlternateDataStreams: C:\ProgramData\Temp:8DC85A87
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:A4CDE823
AlternateDataStreams: C:\ProgramData\Temp:AC83EA04
AlternateDataStreams: C:\ProgramData\Temp:ACCFA538
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B80659FA
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CC6A54A8
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D5CCCBAA
AlternateDataStreams: C:\ProgramData\Temp:DF19F127
AlternateDataStreams: C:\ProgramData\Temp:E81603BC
AlternateDataStreams: C:\ProgramData\Temp:EC752217
AlternateDataStreams: C:\ProgramData\Temp:EE2B5DE3
AlternateDataStreams: C:\ProgramData\Temp:F1381B87
AlternateDataStreams: C:\ProgramData\Temp:F4B7CBB2
AlternateDataStreams: C:\ProgramData\Temp:F5E90ED3
AlternateDataStreams: C:\ProgramData\Temp:F74EC668
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool


thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleaner2_zps680e0e15.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\AdwCleaner[R0].txt
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce one log this time. Please post it in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool

AdwCleaner Log

Fresh FRST Log

How is the computer running now? (This doesn't need to be in a separate reply)

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#7 lalasima129

lalasima129
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 15 December 2014 - 09:22 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-12-2014 01
Ran by josee at 2014-12-15 09:17:12 Run:2
Running from C:\Users\josee\Desktop
Loaded Profile: josee (Available profiles: josee & danie_000)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
Closeprocesses:
() C:\Windows\SysWOW64\lsrvc.exe
C:\Windows\SysWOW64\lsrvc.exe
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49790;https=127.0.0.1:49790
SearchScopes: HKU\S-1-5-21-3194349154-2914878599-1291935727-1001 -> SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Extension: YouutubeAAdBloicKe - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\ba5VGu6@cDn.net [2014-10-17]
FF Extension: GoSavEi - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\jF3@CzWkJ.net [2014-10-17]
FF Extension: SaVeorEExTension - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\p@KT9.org [2014-10-17]
FF Extension: Webbing - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\S@vA9X.org [2014-10-17]
FF Extension: NextCoup - C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\UaTk7t@P.com [2014-10-17]
FF HKLM\...\Firefox\Extensions: [{BF883488-0379-470e-8BF2-C5D1F3828428}] - C:\Program Files\Shop For Rewards\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{BF883488-0379-470e-8BF2-C5D1F3828428}] - C:\Program Files\Shop For Rewards\Firefox
FF HKU\.DEFAULT\...\Firefox\Extensions: [{30CD3668-32CE-DBFB-FA36-13792B87731B}] - C:\Program Files (x86)\ver7SpeeditUp\179.xpi
C:\Program Files\Shop For Rewards
R2 lsrvc; C:\WINDOWS\SysWOW64\lsrvc.exe [191800 2014-10-14] ()
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
Task: {233C9B3E-2BCA-41B6-A408-CBD51753E67F} - System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{6DEBB516-C681-48BB-8AC1-2A58699F47D1} => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{6DEBB516-C681-48BB-8AC1-2A58699F47D1}.job => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\AAJ.job => C:\Users\josee\AppData\Roaming\AAJ.exe <==== ATTENTION
C:\Users\josee\AppData\Roaming\AAJ.exe
Task: C:\WINDOWS\Tasks\HDW.job => C:\Users\josee\AppData\Roaming\HDW.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\JOQA.job => C:\Users\josee\AppData\Roaming\JOQA.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\NKO.job => C:\Users\josee\AppData\Roaming\NKO.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\PMIXB.job => C:\Users\josee\AppData\Roaming\PMIXB.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\VKME.job => C:\Users\josee\AppData\Roaming\VKME.exe <==== ATTENTION
C:\Users\josee\AppData\Roaming\HDW.exe
C:\Users\josee\AppData\Roaming\JOQA.exe
C:\Users\josee\AppData\Roaming\NKO.exe
C:\Users\josee\AppData\Roaming\PMIXB.exe
C:\Users\josee\AppData\Roaming\VKME.exe
AlternateDataStreams: C:\ProgramData\Temp:09708CB7
AlternateDataStreams: C:\ProgramData\Temp:09AEED56
AlternateDataStreams: C:\ProgramData\Temp:0ADCCF52
AlternateDataStreams: C:\ProgramData\Temp:19636FDD
AlternateDataStreams: C:\ProgramData\Temp:1A5207FA
AlternateDataStreams: C:\ProgramData\Temp:23622B8B
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:346337E3
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:4018444F
AlternateDataStreams: C:\ProgramData\Temp:41B2DADD
AlternateDataStreams: C:\ProgramData\Temp:46CBC45C
AlternateDataStreams: C:\ProgramData\Temp:47FE7AB7
AlternateDataStreams: C:\ProgramData\Temp:49EA4410
AlternateDataStreams: C:\ProgramData\Temp:4C71A42B
AlternateDataStreams: C:\ProgramData\Temp:581B0446
AlternateDataStreams: C:\ProgramData\Temp:5D1BA9DE
AlternateDataStreams: C:\ProgramData\Temp:6A609C67
AlternateDataStreams: C:\ProgramData\Temp:8634D9A3
AlternateDataStreams: C:\ProgramData\Temp:87E3D720
AlternateDataStreams: C:\ProgramData\Temp:8DC85A87
AlternateDataStreams: C:\ProgramData\Temp:97CA3B9E
AlternateDataStreams: C:\ProgramData\Temp:A4CDE823
AlternateDataStreams: C:\ProgramData\Temp:AC83EA04
AlternateDataStreams: C:\ProgramData\Temp:ACCFA538
AlternateDataStreams: C:\ProgramData\Temp:B65E763D
AlternateDataStreams: C:\ProgramData\Temp:B80659FA
AlternateDataStreams: C:\ProgramData\Temp:CA400C1B
AlternateDataStreams: C:\ProgramData\Temp:CBAF0C30
AlternateDataStreams: C:\ProgramData\Temp:CC6A54A8
AlternateDataStreams: C:\ProgramData\Temp:D3331ADB
AlternateDataStreams: C:\ProgramData\Temp:D5CCCBAA
AlternateDataStreams: C:\ProgramData\Temp:DF19F127
AlternateDataStreams: C:\ProgramData\Temp:E81603BC
AlternateDataStreams: C:\ProgramData\Temp:EC752217
AlternateDataStreams: C:\ProgramData\Temp:EE2B5DE3
AlternateDataStreams: C:\ProgramData\Temp:F1381B87
AlternateDataStreams: C:\ProgramData\Temp:F4B7CBB2
AlternateDataStreams: C:\ProgramData\Temp:F5E90ED3
AlternateDataStreams: C:\ProgramData\Temp:F74EC668
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
Hosts:
End
*****************
 
Processes closed successfully.
C:\Windows\SysWOW64\lsrvc.exe => No running process found
"C:\Windows\SysWOW64\lsrvc.exe" => File/Directory not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key not found.
"HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key not found.
"HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key not found.
"HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key not found.
"HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key not found.
"HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key not found.
"HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
"C:\WINDOWS\system32\GroupPolicy\Machine" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key not found.
"HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value not found.
HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key not found.
C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\ba5VGu6@cDn.net not found.
C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\jF3@CzWkJ.net not found.
C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\p@KT9.org not found.
C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\S@vA9X.org not found.
C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default\Extensions\UaTk7t@P.com not found.
HKLM\Software\Mozilla\Firefox\Extensions\\{BF883488-0379-470e-8BF2-C5D1F3828428} => Value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{BF883488-0379-470e-8BF2-C5D1F3828428} => Value not found.
HKU\.DEFAULT\Software\Mozilla\Firefox\Extensions\\{30CD3668-32CE-DBFB-FA36-13792B87731B} => Value not found.
"C:\Program Files\Shop For Rewards" => File/Directory not found.
lsrvc => Service not found.
gupdate => Service not found.
gupdatem => Service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{233C9B3E-2BCA-41B6-A408-CBD51753E67F}" => Key not found.
C:\Windows\System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{6DEBB516-C681-48BB-8AC1-2A58699F47D1} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7862C8D9-066E-4051-A850-CEFDAE4E2322{6DEBB516-C681-48BB-8AC1-2A58699F47D1}" => Key deleted successfully.
C:\WINDOWS\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{6DEBB516-C681-48BB-8AC1-2A58699F47D1}.job => Moved successfully.
C:\WINDOWS\Tasks\AAJ.job => Moved successfully.
"C:\Users\josee\AppData\Roaming\AAJ.exe" => File/Directory not found.
C:\WINDOWS\Tasks\HDW.job => Moved successfully.
C:\WINDOWS\Tasks\JOQA.job => Moved successfully.
C:\WINDOWS\Tasks\NKO.job => Moved successfully.
C:\WINDOWS\Tasks\PMIXB.job => Moved successfully.
C:\WINDOWS\Tasks\VKME.job => Moved successfully.
"C:\Users\josee\AppData\Roaming\HDW.exe" => File/Directory not found.
"C:\Users\josee\AppData\Roaming\JOQA.exe" => File/Directory not found.
"C:\Users\josee\AppData\Roaming\NKO.exe" => File/Directory not found.
"C:\Users\josee\AppData\Roaming\PMIXB.exe" => File/Directory not found.
"C:\Users\josee\AppData\Roaming\VKME.exe" => File/Directory not found.
C:\ProgramData\Temp => ":09708CB7" ADS removed successfully.
C:\ProgramData\Temp => ":09AEED56" ADS removed successfully.
C:\ProgramData\Temp => ":0ADCCF52" ADS removed successfully.
C:\ProgramData\Temp => ":19636FDD" ADS removed successfully.
C:\ProgramData\Temp => ":1A5207FA" ADS removed successfully.
C:\ProgramData\Temp => ":23622B8B" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":346337E3" ADS removed successfully.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\ProgramData\Temp => ":4018444F" ADS removed successfully.
C:\ProgramData\Temp => ":41B2DADD" ADS removed successfully.
C:\ProgramData\Temp => ":46CBC45C" ADS removed successfully.
C:\ProgramData\Temp => ":47FE7AB7" ADS removed successfully.
C:\ProgramData\Temp => ":49EA4410" ADS removed successfully.
C:\ProgramData\Temp => ":4C71A42B" ADS removed successfully.
C:\ProgramData\Temp => ":581B0446" ADS removed successfully.
C:\ProgramData\Temp => ":5D1BA9DE" ADS removed successfully.
C:\ProgramData\Temp => ":6A609C67" ADS removed successfully.
C:\ProgramData\Temp => ":8634D9A3" ADS removed successfully.
C:\ProgramData\Temp => ":87E3D720" ADS removed successfully.
C:\ProgramData\Temp => ":8DC85A87" ADS removed successfully.
C:\ProgramData\Temp => ":97CA3B9E" ADS removed successfully.
C:\ProgramData\Temp => ":A4CDE823" ADS removed successfully.
C:\ProgramData\Temp => ":AC83EA04" ADS removed successfully.
C:\ProgramData\Temp => ":ACCFA538" ADS removed successfully.
C:\ProgramData\Temp => ":B65E763D" ADS removed successfully.
C:\ProgramData\Temp => ":B80659FA" ADS removed successfully.
C:\ProgramData\Temp => ":CA400C1B" ADS removed successfully.
C:\ProgramData\Temp => ":CBAF0C30" ADS removed successfully.
C:\ProgramData\Temp => ":CC6A54A8" ADS removed successfully.
C:\ProgramData\Temp => ":D3331ADB" ADS removed successfully.
C:\ProgramData\Temp => ":D5CCCBAA" ADS removed successfully.
C:\ProgramData\Temp => ":DF19F127" ADS removed successfully.
C:\ProgramData\Temp => ":E81603BC" ADS removed successfully.
C:\ProgramData\Temp => ":EC752217" ADS removed successfully.
C:\ProgramData\Temp => ":EE2B5DE3" ADS removed successfully.
C:\ProgramData\Temp => ":F1381B87" ADS removed successfully.
C:\ProgramData\Temp => ":F4B7CBB2" ADS removed successfully.
C:\ProgramData\Temp => ":F5E90ED3" ADS removed successfully.
C:\ProgramData\Temp => ":F74EC668" ADS removed successfully.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Configuration IP de Windows
 
Cache de r�solution DNS vid�.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#8 lalasima129

lalasima129
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 15 December 2014 - 09:30 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by josee on 2014-12-15 at  9:24:07,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171162}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611281146}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\josee\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"
Successfully deleted: [File] C:\WINDOWS\prefetch\SPEEDUPMYPC-STANDALONE-SETUP.-6588BF43.pf
Successfully deleted: [File] C:\WINDOWS\prefetch\SPEEDUPMYPC.TMP-E1B1BC4E.pf
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\WINDOWS\syswow64\ai_recyclebin"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\josee\AppData\Roaming\mozilla\firefox\profiles\etvzjpo0.default\prefs.js
 
user_pref("extensions.NgA5vdD7BVHUgWuD.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.NgA5vdD7BVHUgWuD.url", "hxxp://probookmynew.us/sync2/?q=hfZ9ofV9CShEAen0rTUGrihTB6lKDzt4okqbtNtVh7n0rjnEpjwErjCFqHa9tMFHhd9FqdwErjCFpdnHqjwMDMlGojUMAe4Uo
user_pref("extensions.Trsr2j2YPzJflsii.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.esRAkFFZDKU1tsYE.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.mV0Nhsf94uZrBnEn.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
user_pref("extensions.zuD59zccHf0Nv2f5.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2014-12-15 at  9:27:19,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 lalasima129

lalasima129
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 15 December 2014 - 09:36 AM

# AdwCleaner v4.105 - Rapport créé le 15/12/2014 à 09:33:48
# Mis à jour le 08/12/2014 par Xplode
# Database : 2014-12-13.4 [Live]
# Système d'exploitation : Windows 8.1  (64 bits)
# Nom d'utilisateur : josee - JOSÉE
# Exécuté depuis : C:\Users\josee\Desktop\adwcleaner_4.105.exe
# Option : Nettoyer
 
***** [ Services ] *****
 
[#] Service Supprimé : 4d349a54
 
***** [ Fichiers / Dossiers ] *****
 
Dossier Supprimé : C:\ProgramData\80464676819fcac7
Dossier Supprimé : C:\Program Files (x86)\edealpop
Dossier Supprimé : C:\Users\josee\AppData\Local\CheckCode
Dossier Supprimé : C:\Users\josee\AppData\Local\CrashRpt
Dossier Supprimé : C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnonkalmdjjnelekfdaldkknjkedgamf
Dossier Supprimé : C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnonkalmdjjnelekfdaldkknjkedgamf
Dossier Supprimé : C:\Users\josee\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan
Dossier Supprimé : C:\Users\josee\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb
Dossier Supprimé : C:\Users\josee\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mnonkalmdjjnelekfdaldkknjkedgamf
Fichier Supprimé : C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
 
***** [ Tâches planifiées ] *****
 
 
***** [ Raccourcis ] *****
 
 
***** [ Registre ] *****
 
Clé Supprimée : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{787D3F9B-69C6-427C-BF55-4419F932474A}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{D52F7CE0-A4BA-4220-A907-444CB6158A09}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{5075DFCC-F3F5-4B15-B364-270BC7C585AD}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{895F78F3-9620-49AD-8AA8-E6802E5AC64E}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{0902EBD9-C5B4-4400-8CF1-7ACA8E8805D9}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF883488-0379-470E-8BF2-C5D1F3828428}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF883488-0379-470E-8BF2-C5D1F3828428}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{5075DFCC-F3F5-4B15-B364-270BC7C585AD}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{895F78F3-9620-49AD-8AA8-E6802E5AC64E}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C87834EB-A2A0-B9D4-AA9A-C263D1191051}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\snapdo.inspsearch.com
 
***** [ Navigateurs ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Mozilla Firefox v23.0.1 (fr)
 
[etvzjpo0.default\prefs.js] - Ligne Supprimée : user_pref("extensions.NgA5vdD7BVHUgWuD.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[etvzjpo0.default\prefs.js] - Ligne Supprimée : user_pref("extensions.Trsr2j2YPzJflsii.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[etvzjpo0.default\prefs.js] - Ligne Supprimée : user_pref("extensions.esRAkFFZDKU1tsYE.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[etvzjpo0.default\prefs.js] - Ligne Supprimée : user_pref("extensions.mV0Nhsf94uZrBnEn.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[etvzjpo0.default\prefs.js] - Ligne Supprimée : user_pref("extensions.zuD59zccHf0Nv2f5.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
 
-\\ Google Chrome v37.0.2062.103
 
[C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Supprimée [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\preferences] - Supprimée [Extension] : aaaaaiabcopkplhgaedhbloeejhhankf
[C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\preferences] - Supprimée [Extension] : mnonkalmdjjnelekfdaldkknjkedgamf
[C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\preferences] - Supprimée [Extension] : mnonkalmdjjnelekfdaldkknjkedgamf
 
-\\ Comodo Dragon v
 
[C:\Users\danie_000\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Supprimée [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [16504 octets] - [17/09/2014 12:34:29]
AdwCleaner[R1].txt - [29354 octets] - [17/10/2014 12:47:45]
AdwCleaner[R2].txt - [29415 octets] - [17/10/2014 12:50:54]
AdwCleaner[R3].txt - [5361 octets] - [15/12/2014 09:32:17]
AdwCleaner[S0].txt - [16028 octets] - [17/09/2014 12:41:50]
AdwCleaner[S1].txt - [27808 octets] - [17/10/2014 12:57:18]
AdwCleaner[S2].txt - [5495 octets] - [15/12/2014 09:33:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [5555 octets] ##########


#10 lalasima129

lalasima129
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 15 December 2014 - 09:39 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by josee (administrator) on JOSÉE on 15-12-2014 09:36:30
Running from C:\Users\josee\Desktop
Loaded Profile: josee (Available profiles: josee & danie_000)
Platform: Windows 8.1 (X64) OS Language: Français (France)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Dropbox, Inc.) C:\Users\josee\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [295304 2012-08-17] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\josee\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
Startup: C:\Users\josee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\josee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49790;https=127.0.0.1:49790
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/19
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/19
HKU\S-1-5-21-3194349154-2914878599-1291935727-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/19
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\OnlineBanking\online_banking_bho.dll No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\josee\AppData\Roaming\Mozilla\Firefox\Profiles\etvzjpo0.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Profile: C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-20]
CHR Extension: (Google Drive) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-20]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-04]
CHR Extension: (YouTube) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-20]
CHR Extension: (Adblock Plus) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-10]
CHR Extension: (Recherche Google) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-20]
CHR Extension: (Google Wallet) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\josee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [85504 2012-08-15] (Hewlett-Packard Company) [File not signed]
S2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)
S2 HPRegistrationSvc; c:\Program Files (x86)\Hewlett-Packard\HP Registration Service\HPRegistrationService.exe [205216 2012-07-18] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-03-03] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [43664 2014-11-16] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-31] (Malwarebytes Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-15 09:31 - 2014-12-15 09:31 - 02166272 _____ () C:\Users\josee\Desktop\adwcleaner_4.105.exe
2014-12-15 09:29 - 2014-12-15 09:29 - 01707646 _____ (Thisisu) C:\Users\josee\Downloads\JRT.exe
2014-12-15 09:27 - 2014-12-15 09:27 - 00002505 _____ () C:\Users\josee\Desktop\JRT.txt
2014-12-15 09:24 - 2014-12-15 09:24 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-15 09:22 - 2014-12-15 09:23 - 01707646 _____ (Thisisu) C:\Users\josee\Desktop\JRT.exe
2014-12-15 09:16 - 2014-12-15 09:16 - 00000000 ____D () C:\Users\josee\Desktop\FRST-OlderVersion
2014-12-12 09:29 - 2014-12-12 09:30 - 00036665 _____ () C:\Users\josee\Desktop\Addition.txt
2014-12-12 09:28 - 2014-12-15 09:36 - 00012560 _____ () C:\Users\josee\Desktop\FRST.txt
2014-12-12 09:27 - 2014-12-15 09:36 - 00000000 ____D () C:\FRST
2014-12-12 09:27 - 2014-12-15 09:16 - 02119168 _____ (Farbar) C:\Users\josee\Desktop\FRST64.exe
2014-12-11 09:29 - 2014-12-11 09:29 - 00003940 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{19D9AE8B-E60B-4C05-8CBD-B3688D06170E}
2014-12-10 23:51 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-10 23:51 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-10 23:48 - 2014-12-10 23:48 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-10 11:04 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 11:04 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 11:04 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 11:04 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-10 03:38 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-10 03:38 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-10 03:38 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-10 03:38 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-10 03:38 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-10 03:38 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-10 03:38 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-10 03:38 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 03:38 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-10 03:38 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 03:38 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-10 03:38 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-10 03:38 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 03:38 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 03:38 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 03:38 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 03:38 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-10 03:38 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-10 03:38 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-10 03:38 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 03:38 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-10 03:38 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 03:38 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-10 03:38 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 03:38 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-10 03:38 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 03:38 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 03:38 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 03:38 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 03:38 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 03:38 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 03:38 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-10 03:38 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 03:38 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 03:38 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-10 03:38 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 03:38 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-10 03:38 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 03:38 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 03:38 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 03:38 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 03:38 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 03:38 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-10 03:38 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 03:38 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 03:38 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-10 03:38 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 03:38 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-10 03:38 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 03:38 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 03:38 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-10 03:38 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-10 03:38 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-10 03:38 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-11-20 16:14 - 2014-11-20 16:14 - 00000000 __SHD () C:\Users\danie_000\AppData\Local\EmieBrowserModeList
2014-11-20 15:45 - 2014-11-20 15:45 - 00005120 ___SH () C:\Users\danie_000\Desktop\Thumbs.db
2014-11-20 15:05 - 2014-11-20 15:05 - 00001757 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-20 15:05 - 2014-11-20 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-20 15:05 - 2014-11-20 15:05 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-20 15:05 - 2014-11-20 15:05 - 00000000 ____D () C:\Program Files\iTunes
2014-11-20 15:05 - 2014-11-20 15:05 - 00000000 ____D () C:\Program Files\iPod
2014-11-20 15:05 - 2014-11-20 15:05 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-18 14:31 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-18 14:31 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-18 14:31 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-18 14:31 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-16 13:01 - 2014-11-16 13:04 - 00043664 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-15 09:37 - 2014-03-03 19:39 - 00000000 ___DO () C:\Users\josee\SkyDrive
2014-12-15 09:36 - 2013-07-20 18:54 - 00000000 ___RD () C:\Users\josee\Dropbox
2014-12-15 09:36 - 2013-07-20 18:53 - 00000000 ____D () C:\Users\josee\AppData\Roaming\Dropbox
2014-12-15 09:34 - 2013-11-13 17:22 - 00338090 _____ () C:\WINDOWS\PFRO.log
2014-12-15 09:34 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-15 09:34 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-15 09:34 - 2013-07-20 16:51 - 00001074 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-15 09:33 - 2014-09-17 12:34 - 00000000 ____D () C:\AdwCleaner
2014-12-15 09:33 - 2014-03-03 19:22 - 01589575 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-15 09:30 - 2013-07-20 12:45 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3194349154-2914878599-1291935727-1001
2014-12-15 09:27 - 2013-11-14 02:32 - 02025074 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-15 09:27 - 2013-11-14 02:13 - 00884978 _____ () C:\WINDOWS\system32\perfh00C.dat
2014-12-15 09:27 - 2013-11-14 02:13 - 00191704 _____ () C:\WINDOWS\system32\perfc00C.dat
2014-12-15 09:23 - 2013-07-31 21:05 - 00912384 ___SH () C:\Users\josee\Downloads\Thumbs.db
2014-12-15 09:19 - 2014-09-10 12:16 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-15 09:16 - 2013-08-22 10:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-12-15 09:13 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-15 09:13 - 2013-07-31 14:35 - 00000000 ____D () C:\Users\josee\AppData\Roaming\uTorrent
2014-12-15 06:31 - 2014-03-10 15:08 - 00003924 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1BB101D1-6276-4261-B7A7-670E20258F7A}
2014-12-14 21:55 - 2013-08-24 20:02 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-14 21:49 - 2013-07-20 16:52 - 00001078 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-14 11:27 - 2013-07-20 17:06 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3194349154-2914878599-1291935727-1004
2014-12-14 11:22 - 2014-03-07 19:07 - 00000000 __RDO () C:\Users\danie_000\SkyDrive
2014-12-13 20:51 - 2013-08-10 09:55 - 00003940 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{36869FAE-C9FD-44D3-AE34-D7F3859877B5}
2014-12-13 11:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-12 15:43 - 2013-08-22 09:46 - 00341338 _____ () C:\WINDOWS\setupact.log
2014-12-12 09:27 - 2013-07-20 18:54 - 00001068 _____ () C:\Users\josee\Desktop\Dropbox.lnk
2014-12-12 09:27 - 2013-07-20 18:53 - 00000000 ____D () C:\Users\josee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-11 00:28 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-10 23:48 - 2014-07-09 16:42 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-10 23:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-10 23:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-10 23:48 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 11:18 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-10 11:16 - 2013-08-14 08:39 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 11:13 - 2013-07-21 21:40 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-09 17:55 - 2013-08-24 20:02 - 00003890 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-07 11:42 - 2013-09-06 12:03 - 00207872 ___SH () C:\Users\josee\Documents\Thumbs.db
2014-12-07 11:39 - 2013-07-30 13:38 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-11-20 15:05 - 2014-08-27 11:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-20 15:05 - 2013-07-31 14:44 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-16 13:04 - 2013-08-22 09:44 - 00377552 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-11-16 13:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-16 13:00 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-16 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-16 13:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-16 12:59 - 2014-10-16 05:06 - 00000000 ____D () C:\WINDOWS\SysWOW64\ControlTaskWord
2014-11-16 12:59 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-11-16 12:59 - 2013-08-22 10:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-11-16 12:57 - 2014-10-17 13:33 - 00003920 _____ () C:\WINDOWS\system32\.crusader
2014-11-16 12:57 - 2014-10-16 05:06 - 00000000 ____D () C:\Users\josee\AppData\Local\AddonCompilerMBR
2014-11-16 12:39 - 2013-01-23 16:08 - 00000000 ____D () C:\ProgramData\Temp
2014-11-15 16:41 - 2013-08-03 09:20 - 00000000 ____D () C:\Users\danie_000\AppData\Local\Google
 
Some content of TEMP:
====================
C:\Users\josee\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphqke7r.dll
C:\Users\josee\AppData\Local\Temp\Quarantine.exe
C:\Users\josee\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-11 19:28
 
==================== End Of Log ============================


#11 lalasima129

lalasima129
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:02 AM

Posted 15 December 2014 - 09:40 AM

So far the computer is doing just fine :) thank you very much for your time. My mother, step-father and myself appreciate your hard work. Thanks again.



#12 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 15 December 2014 - 09:46 AM

So far the computer is doing just fine :) thank you very much for your time. My mother, step-father and myself appreciate your hard work. Thanks again.

Thats good to hear. :) I do see a couple things in the log that need addressing and we'll need to run some further scans to look for remnants and orphans.

I'll post further instructions this evening to take care of the issues in the log and to run some scans to make sure we get all of the infection out of the machine. :thumbsup2:

Edited by pystryker, 15 December 2014 - 09:47 AM.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#13 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 15 December 2014 - 07:17 PM

According to the log, your Internet Explorer is set up to use a proxy server. This means it goes through another server before it gets to the internet. Are they using a proxy on purpose? If not, please let me know, and we'll reset IE so eliminate that.

Let's scan for remnants and orphans. :thumbup2:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.


Step 1: Scan with Malwarebytes


Please download Malwarebytes Anti-Malware to your desktop
Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

MBAMScan_zps8ba7d192.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list.

Click View, then click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: Scan with ESET Online Scanner


Please note: You can use Internet Explorer or Firefox for this step. Either browser used will have to be ran in admin mode.

Right click on either the Internet Explorer icon or the Firefox icon in the Start Menu or Quick Launch Bar on the Task bar and select Run as Administrator from the menu.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: SecurityCheck Scan


Download Security Checksecuritycheck_zpsb7736812.jpg by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log
  • Answer regarding the proxy server question.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.





#14 pystryker

pystryker

  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:02 AM

Posted 19 December 2014 - 07:36 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

I close my topics if there is no response after 3 days. Please PM a moderator or myself to reopen your topic.

Please PM me only if I'm helping you with your computer issues and I have not responded in 2 days. Please remember, I'm a volunteer and sometimes life does get in the way. :)

Please stay with me until I declare your machine clean. Absence of symptoms does not ensure your machine is clean.

If you'd like to make a donation via Paypal, please click here.








0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users