Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 Chrome extensions that would not be deleted


  • This topic is locked This topic is locked
14 replies to this topic

#1 trmcummi

trmcummi

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 05 January 2015 - 06:40 PM

Hello,

 

I use Chrome on Windows 7. I had two Chrome extensions that I could not delete; when I deleted them and then closed and reopened the browser, they would be back. They also would lay a box of links titled "search results" over whatever website I was looking at, trying to get me to click on the links (or at least I'm assuming it was them). My normal program would not take care of it (Malwarebytes Anti-Malware).From there I started running through a list of programs that a computer repairman had put on my computer for cleanups; I ended up using AdwCleaner, CCleaner, Emisoft Emergency Kit, TDSSKiller, and HitmanPro (though he had used my trial subscription so I could only identify the problems, not delete them). None of them took care of the problem. So I used ComboFix, the last program in the file. At this time I didn't know how powerful it was. I ran it and it seemed to clean everything up. The extensions were gone and the "search results" were too. I have since installed Panda Free Antivirus (as MSE obviously wasn't doing anything) and added Windows Firewall Control. When I was looking to clean everything up and was trying to uninstall ComboFix, I came across the guide and realized I should not have done what I did.

 

So I am here with the log from that ComboFix as well as the DDS logs that I just ran (following the running of ComboFix). I guess that I want to make sure that ComboFix didn't do any damage before I uninstall it and make sure that everything is in fact fixed up. I do have backups of my computer. The computer is running great now. 

 

Sorry in advance for being stupid. Thanks!

 

Troy

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:21 PM

Posted 09 January 2015 - 04:15 AM

:welcome:

Hello trmcummi,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 trmcummi

trmcummi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 10 January 2015 - 10:38 PM

Hi Jo,

 

Thanks for your help. Here are the logs in the order specified:

 

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Panda Free Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome 37.0.2062.120 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Windows Firewall Control wfc.exe   
 Windows Firewall Control wfcs.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by Troy (administrator) on TRMCUMMI on 10-01-2015 19:35:39
Running from C:\Users\Troy\Desktop
Loaded Profile: Troy (Available profiles: Troy & Mcx1-TRMCUMMI & Lizz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-02] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk
ShortcutTarget: Windows Firewall Control.lnk -> C:\Program Files\Windows Firewall Control\wfc.exe (BiniSoft.org)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2893754199-1963525480-799371462-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Troy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @talk.google.com/O1DPlugin -> C:\Users\Troy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @talk.google.com/O3DPlugin -> C:\Users\Troy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Troy\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Troy\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Troy\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Troy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Troy\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Troy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-27]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Search) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (No Name) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-01-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-04]
CHR Extension: (No Name) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-01-10]
CHR Extension: (Gmail) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-02]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-08-31] (Adobe Systems Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 _wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [97792 2015-01-04] (BiniSoft.org) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cleanhlp; C:\SPYWARE CLEANERS\2EMSISOFTEMERGENCYKIT\RUN\cleanhlp64.sys [57024 2015-01-02] (Emsisoft GmbH)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-02-18] (Audials AG)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2014-06-16] (Identive)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 19:35 - 2015-01-10 19:36 - 00021199 _____ () C:\Users\Troy\Desktop\FRST.txt
2015-01-10 19:35 - 2015-01-10 19:35 - 00000825 _____ () C:\Users\Troy\Desktop\checkup.txt
2015-01-10 19:35 - 2015-01-10 19:35 - 00000000 ____D () C:\FRST
2015-01-10 19:30 - 2015-01-10 19:26 - 00852504 _____ () C:\Users\Troy\Desktop\SecurityCheck.exe
2015-01-10 19:26 - 2015-01-10 19:26 - 00852504 _____ () C:\Users\Troy\Downloads\SecurityCheck.exe
2015-01-10 19:24 - 2015-01-10 19:24 - 02124288 _____ (Farbar) C:\Users\Troy\Downloads\FRST64.exe
2015-01-10 19:24 - 2015-01-10 19:24 - 02124288 _____ (Farbar) C:\Users\Troy\Desktop\FRST64.exe
2015-01-09 20:34 - 2015-01-09 20:34 - 01536579 _____ () C:\Users\Lizz\Downloads\IMG_4214.MOV
2015-01-07 22:48 - 2015-01-07 22:48 - 00028404 _____ () C:\Users\Troy\Downloads\dds.txt
2015-01-05 12:43 - 2015-01-05 12:43 - 00688992 ____R (Swearware) C:\Users\Troy\Downloads\dds.com
2015-01-05 12:19 - 2015-01-05 12:19 - 00003220 _____ () C:\Windows\System32\Tasks\{6BCB00B6-7A22-4D09-AC02-BCD7FB47E5BF}
2015-01-04 23:00 - 2015-01-04 23:01 - 00000000 ____D () C:\Program Files\Windows Firewall Control
2015-01-04 23:00 - 2015-01-04 23:00 - 00000992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Windows Firewall Control.lnk
2015-01-04 23:00 - 2015-01-04 23:00 - 00000986 _____ () C:\Users\Public\Desktop\Windows Firewall Control.lnk
2015-01-04 19:46 - 2015-01-04 19:47 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-01-04 19:46 - 2015-01-04 19:46 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-01-04 19:46 - 2015-01-04 19:46 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-01-04 19:46 - 2015-01-04 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-01-04 19:44 - 2015-01-04 19:45 - 14147584 _____ () C:\Users\Troy\Downloads\lastpass_x64.exe
2015-01-04 17:20 - 2015-01-04 17:20 - 00000000 ____D () C:\Users\Lizz\AppData\Roaming\Panda Security
2015-01-04 15:43 - 2015-01-04 15:43 - 00347648 _____ (BiniSoft.org) C:\Users\Troy\Downloads\wfc4setup.exe
2015-01-04 14:52 - 2015-01-04 14:52 - 03644368 _____ (Sphinx Software ) C:\Users\Troy\Downloads\Windows8FirewallControl-Setup-x64.exe
2015-01-04 09:58 - 2015-01-04 09:58 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\PCDr
2015-01-04 09:56 - 2015-01-04 09:56 - 00000000 ____D () C:\ProgramData\PCDr
2015-01-03 15:40 - 2015-01-03 15:40 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Panda Security
2015-01-03 15:40 - 2015-01-03 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-03 15:40 - 2015-01-03 15:40 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-03 15:40 - 2014-03-25 05:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-03 15:38 - 2015-01-03 15:40 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-03 15:38 - 2015-01-03 15:38 - 01630952 _____ () C:\Users\Troy\Downloads\PANDAFREEAV.exe
2015-01-03 14:55 - 2015-01-03 14:55 - 00543483 _____ () C:\Users\Troy\Downloads\Windows6.1-KB2852386-x64.msu
2015-01-03 14:44 - 2015-01-03 14:44 - 00001855 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-03 14:44 - 2015-01-03 14:44 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-03 13:55 - 2015-01-03 13:55 - 00000310 _____ () C:\Windows\PFRO.log
2015-01-03 11:51 - 2015-01-03 15:40 - 00133008 _____ () C:\Users\Troy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 11:50 - 2015-01-10 19:29 - 00001736 _____ () C:\Windows\setupact.log
2015-01-03 11:50 - 2015-01-03 19:46 - 05059592 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-03 11:50 - 2015-01-03 11:50 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 10:28 - 2015-01-03 10:28 - 05317104 _____ (Piriform Ltd) C:\Users\Troy\Downloads\ccsetup501.exe
2015-01-03 10:22 - 2015-01-03 10:22 - 01707939 _____ (Thisisu) C:\Users\Troy\Downloads\JRT.exe
2015-01-03 09:47 - 2015-01-03 09:47 - 00000000 _____ () C:\autoexec.bat
2015-01-03 09:45 - 2015-01-03 09:45 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Troy\Downloads\SpyHunter-Installer.exe
2015-01-02 23:20 - 2015-01-02 23:20 - 00049669 _____ () C:\ComboFix.txt
2015-01-02 23:05 - 2015-01-02 23:06 - 05605575 ____R (Swearware) C:\Users\Lizz\Downloads\ComboFix.exe
2015-01-02 23:00 - 2015-01-04 23:51 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Lizz trmcummi
2015-01-02 22:31 - 2015-01-03 10:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-02 22:31 - 2015-01-02 22:31 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-02 21:00 - 2015-01-02 21:01 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Troy\Downloads\mbar-1.08.2.1001.exe
2015-01-02 20:51 - 2015-01-02 20:51 - 04166770 _____ () C:\Users\Troy\Downloads\tdsskiller.zip
2015-01-02 19:09 - 2015-01-02 19:10 - 02173952 _____ () C:\Users\Troy\Downloads\adwcleaner_4.106.exe
2015-01-02 17:49 - 2015-01-02 17:49 - 00000000 ____D () C:\ProgramData\aeajkbojmgnmmkfmfnnhacfokpodkgfc
2014-12-29 14:25 - 2014-12-12 16:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-29 14:23 - 2014-12-13 02:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-29 14:23 - 2014-12-13 02:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-29 14:23 - 2014-10-09 09:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-29 14:23 - 2014-10-09 09:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-29 14:23 - 2014-10-08 23:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-29 14:21 - 2014-11-22 02:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-29 14:21 - 2014-11-22 02:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-29 14:19 - 2014-12-29 14:19 - 00000000 ____D () C:\Windows\Sun
2014-12-28 14:56 - 2014-12-28 14:56 - 00000000 ____D () C:\ProgramData\hlpcheablcaclmiobkeogghebffdaefp
2014-12-27 14:33 - 2014-12-27 14:33 - 00002171 _____ () C:\Users\Troy\Desktop\Turkish Essentials.lnk
2014-12-27 14:33 - 2014-12-27 14:33 - 00000000 __HDC () C:\Users\Troy\AppData\Local\{8BEB034C-432A-4078-BC48-8FB45ACF50D8}
2014-12-27 14:33 - 2014-12-27 14:33 - 00000000 ____D () C:\Program Files (x86)\Transparent
2014-12-27 14:32 - 2014-12-27 14:33 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turkish Essentials
2014-12-26 17:02 - 2014-12-26 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2014-12-26 17:01 - 2014-12-26 17:01 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2014-12-26 17:01 - 2014-12-26 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2014-12-26 17:01 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-26 17:01 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-23 07:55 - 2014-12-23 07:55 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-19 20:26 - 2014-12-19 20:27 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-12-19 20:26 - 2014-12-19 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-12-18 10:11 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:11 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 19:34 - 2014-12-17 19:34 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-16 19:46 - 2014-12-16 19:46 - 00000000 __SHD () C:\Users\Troy\AppData\Local\EmieBrowserModeList
2014-12-14 21:04 - 2015-01-01 22:48 - 00018885 _____ () C:\Users\Troy\Desktop\Words from Class 2.xlsx
2014-12-11 06:49 - 2014-12-11 06:49 - 00000000 ____D () C:\Windows\system32\appraiser
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-10 19:32 - 2011-11-28 20:41 - 01524207 _____ () C:\Windows\WindowsUpdate.log
2015-01-10 19:28 - 2011-11-28 22:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-10 19:28 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-10 19:27 - 2014-02-12 17:21 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004UA1cf2859e821c273.job
2015-01-10 19:03 - 2014-11-02 19:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-10 08:50 - 2014-02-12 17:21 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004Core1cf2859e7fb9c44.job
2015-01-09 20:34 - 2013-08-23 18:03 - 00000000 ____D () C:\Users\Lizz\AppData\Roaming\vlc
2015-01-09 10:33 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 10:33 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-08 20:59 - 2012-10-24 18:27 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\vlc
2015-01-08 14:19 - 2014-10-10 14:32 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\uTorrent
2015-01-08 02:00 - 2011-12-08 18:16 - 00000000 ____D () C:\Users\Troy\AppData\Local\Adobe
2015-01-07 20:44 - 2013-09-20 17:25 - 00000000 ____D () C:\Users\Troy\Documents\Anki
2015-01-06 04:36 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 12:22 - 2013-11-07 00:45 - 00000000 ____D () C:\Spyware Cleaners
2015-01-05 12:18 - 2014-10-11 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-05 08:14 - 2011-11-28 21:11 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-04 23:50 - 2014-09-27 19:59 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Troy trmcummi
2015-01-04 17:20 - 2013-08-23 17:29 - 00133008 _____ () C:\Users\Lizz\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-04 09:57 - 2014-09-27 20:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-03 15:37 - 2012-10-18 16:18 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-03 14:44 - 2013-08-23 17:29 - 00000000 ____D () C:\Users\Lizz
2015-01-03 14:44 - 2012-02-08 17:32 - 00000000 ____D () C:\Users\Mcx1-TRMCUMMI
2015-01-03 14:14 - 2014-09-27 20:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-03 14:11 - 2011-12-06 17:32 - 00000000 ____D () C:\Users\Troy
2015-01-03 12:25 - 2012-04-07 16:23 - 00000000 ____D () C:\Users\Troy\.autobahn
2015-01-03 12:23 - 2014-10-13 13:54 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-02 23:20 - 2013-11-07 01:10 - 00000000 ____D () C:\Qoobox
2015-01-02 23:19 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-02 22:46 - 2011-11-28 21:08 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-02 21:27 - 2013-11-07 03:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-02 21:05 - 2014-05-11 10:59 - 00000000 ____D () C:\temp
2015-01-02 21:01 - 2013-11-07 03:01 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-02 16:52 - 2014-10-22 20:48 - 11222744 _____ (SurfRight B.V.) C:\Users\Troy\Downloads\HitmanPro_x64.exe
2014-12-30 23:21 - 2014-10-22 16:55 - 00000000 ____D () C:\Users\Troy\Desktop\Turkish Language Pack
2014-12-29 15:26 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Web
2014-12-29 14:25 - 2014-03-07 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-29 14:13 - 2013-10-18 17:13 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-29 14:13 - 2013-10-18 17:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-29 14:13 - 2013-10-18 17:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-29 14:13 - 2013-10-18 17:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-29 14:13 - 2012-09-04 10:35 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-24 20:41 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 16:05 - 2014-03-14 18:08 - 00000000 ____D () C:\Users\Troy\AppData\Local\Windows Live
2014-12-22 10:48 - 2011-09-02 08:16 - 00036352 _____ () C:\Users\Troy\Documents\Lizz and Troy's Address Book.xls
2014-12-22 08:22 - 2014-03-06 09:42 - 00000000 ____D () C:\Users\Lizz\AppData\Local\Windows Live
2014-12-18 09:59 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-14 21:04 - 2014-11-16 20:18 - 00000000 ____D () C:\Users\Troy\Desktop\Anki Documentation
2014-12-13 08:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 02:08 - 2014-03-07 19:36 - 14128496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-12-13 02:08 - 2014-03-07 19:36 - 02897824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-12-13 02:08 - 2011-11-28 22:22 - 18594432 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-12-13 02:08 - 2011-11-28 22:22 - 03293136 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-12-13 02:08 - 2011-11-28 22:22 - 00027983 _____ () C:\Windows\system32\nvinfo.pb
2014-12-13 00:03 - 2011-02-17 11:10 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-12-13 00:03 - 2011-02-17 09:10 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-12-13 00:03 - 2011-02-17 09:10 - 00935240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-12-13 00:03 - 2011-02-17 09:10 - 00386368 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-12-13 00:03 - 2011-02-17 09:09 - 06859408 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-12-13 00:03 - 2011-02-17 09:09 - 03513488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-12-12 16:12 - 2014-09-14 11:40 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-12 16:12 - 2014-09-14 11:40 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-12 16:12 - 2014-03-07 19:38 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-12 16:12 - 2014-03-07 19:38 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-12 15:11 - 2014-03-07 19:06 - 04151176 _____ () C:\Windows\system32\nvcoproc.bin
2014-12-11 16:23 - 2013-05-13 14:19 - 00002212 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2014-12-11 16:23 - 2013-05-13 14:19 - 00002051 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2014-12-11 16:23 - 2013-04-27 15:31 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2014-12-11 06:49 - 2014-05-06 23:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 06:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 06:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
 
Some content of TEMP:
====================
C:\Users\Troy\AppData\Local\temp\{DC68CCFC-1DD0-4E52-A1D2-037C8F334D93}.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 00:41
 
==================== End Of Log ============================
 
 
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015
Ran by Troy at 2015-01-10 19:36:34
Running from C:\Users\Troy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audials (HKLM-x32\...\{CA50136F-9F9E-4AFC-ADD4-471F896AC922}) (Version: 11.0.51800.0 - Audials AG)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DVDFab 8.2.2.8 (26/02/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
eyeVocab Arabic Quiz version 1.0 (HKLM-x32\...\{E07ABF83-9FBC-48BE-8D82-EDAF6FB68DC0}_is1) (Version: 1.0 - Miles Becker)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{43AC7CBC-1D6A-3B5B-81B1-A0C166FE48F4}) (Version: 4.8.2.15856 - Google)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - اللغة العربية (HKLM\...\{90150000-001F-0401-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Turkish Essentials (HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\Turkish Essentials) (Version:  - Transparent Language, Inc.)
Turkish Essentials (x32 Version: 1.0.0 - Transparent Language, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.2.1.0 - BiniSoft.org)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
03-01-2015 12:29:33 Removed TrustedID IDMonitor Identity Protection
03-01-2015 13:39:54 Checkpoint by HitmanPro
04-01-2015 19:00:16 Windows Backup
06-01-2015 08:36:52 Windows Update
09-01-2015 10:32:00 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2015-01-02 23:19 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0878C06A-6394-4EC7-8157-75B4392D20BB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0BBC723D-E09E-44D6-A687-025F8EB39C5A} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-TRMCUMMI => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {11799E94-0B62-46A3-AB1A-4C67C4094927} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {12CBEEA3-DDB3-4384-A31D-22F8F77D738C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1761DBFE-0F39-45B0-9A8D-458F8D0DCEF5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1EA1903F-B8FF-461B-818A-0B2560494EC5} - \SystemToolsDailyTest No Task File <==== ATTENTION
Task: {2D6F16DF-ED40-4B09-9E9B-87AC2666B76B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Troy trmcummi => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {3C7A52DF-0A45-4CD2-9E72-0C19A5FF5383} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {475EBECC-D5DA-486F-8C69-A578C56AAB5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004UA1cf2859e821c273 => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {5A0D47B4-BC79-4599-8EDA-A8201F7C488B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5A8BD515-4708-4850-9E01-898256A0FA64} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {5F3A7E70-AA77-4675-A573-D1931ADC882F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {628D7652-2AD0-4A04-AD06-8C6A5DE22067} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6456FAD8-EC60-46FD-B4C5-791B1F049842} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004Core1cf2859e7fb9c44 => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {64C58A62-5154-4C22-BBF6-E8A023143F4B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {709844A5-12B4-48E0-AA73-708EE72BF59E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Lizz trmcummi => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {7F8FB65F-338D-4815-B69B-A4556488F66B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {84AB3B8E-AF8E-4899-A42A-5BB207F5C898} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8C4B02B1-50F3-4858-B5D7-F8B42BA2A404} - \{42491CED-DF4F-4671-80C1-8D3D1396EF1D} No Task File <==== ATTENTION
Task: {A71C5CA4-AFF6-48B0-B25C-CEE4F37893DD} - \{36E574BB-42D2-4672-9813-8D269134AAE4} No Task File <==== ATTENTION
Task: {AD49B708-1300-4817-BD21-FDDCAF5A8E61} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B6D225E9-287F-445B-8B44-82C63E2AD3B1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C869B24C-77EC-4A7F-B466-594F30933EDE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CAFD563C-77E2-4E3E-BB3A-247EE7E8BB0D} - System32\Tasks\{6BCB00B6-7A22-4D09-AC02-BCD7FB47E5BF} => pcalua.exe -a "C:\Spyware Cleaners\Shortcut Manager fixer\shman\shman.exe" -d "C:\Spyware Cleaners\Shortcut Manager fixer\shman"
Task: {F2837931-DE89-456D-BC4C-7E161BE521C3} - System32\Tasks\AdobeAAMUpdater-1.0-trmcummi-Troy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004Core1cf2859e7fb9c44.job => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004UA1cf2859e821c273.job => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-07 19:06 - 2014-12-13 00:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-12 17:58 - 2014-02-12 17:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 09:23 - 2013-04-12 09:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-10-16 07:50 - 2014-10-16 07:50 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-11-28 20:53 - 2010-09-13 16:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\temp:pid1
AlternateDataStreams: C:\temp:pid2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Troy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PhotoshopElements8SyncAgent => C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2893754199-1963525480-799371462-500 - Administrator - Disabled)
Guest (S-1-5-21-2893754199-1963525480-799371462-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2893754199-1963525480-799371462-1007 - Limited - Enabled)
Lizz (S-1-5-21-2893754199-1963525480-799371462-1004 - Administrator - Enabled) => C:\Users\Lizz
Mcx1-TRMCUMMI (S-1-5-21-2893754199-1963525480-799371462-1003 - Limited - Enabled) => C:\Users\Mcx1-TRMCUMMI
Troy (S-1-5-21-2893754199-1963525480-799371462-1001 - Administrator - Enabled) => C:\Users\Troy
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/10/2015 07:29:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/10/2015 05:32:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019
 
Error: (01/10/2015 05:32:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019
 
Error: (01/10/2015 05:32:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/10/2015 05:32:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020
 
Error: (01/10/2015 05:32:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020
 
Error: (01/10/2015 05:32:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/10/2015 05:32:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006
 
Error: (01/10/2015 05:32:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006
 
Error: (01/10/2015 05:32:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (01/10/2015 07:29:19 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (01/09/2015 10:26:19 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (01/08/2015 02:19:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (01/08/2015 02:19:53 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (01/07/2015 02:20:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.
 
Error: (01/05/2015 11:32:57 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (01/05/2015 08:12:14 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (01/05/2015 08:11:03 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:09:15 AM on ‎1/‎5/‎2015 was unexpected.
 
Error: (01/05/2015 08:00:08 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (01/03/2015 07:46:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (01/10/2015 07:29:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/10/2015 05:32:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019
 
Error: (01/10/2015 05:32:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019
 
Error: (01/10/2015 05:32:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/10/2015 05:32:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020
 
Error: (01/10/2015 05:32:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020
 
Error: (01/10/2015 05:32:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/10/2015 05:32:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006
 
Error: (01/10/2015 05:32:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006
 
Error: (01/10/2015 05:32:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-02 23:18:24.855
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 23:18:24.808
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 23:18:24.777
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 23:18:24.730
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.291
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.260
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.089
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\jehwbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\jehwbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8174.44 MB
Available physical RAM: 6208.59 MB
Total Pagefile: 16347.06 MB
Available Pagefile: 14276.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:245.03 GB) NTFS
Drive j: (Computer Backup) (Fixed) (Total:465.73 GB) (Free:30.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B15A467D)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.7 GB) (Disk ID: 044E0803)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:21 PM

Posted 11 January 2015 - 03:34 AM

Hello trmcummi,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 trmcummi

trmcummi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 13 January 2015 - 12:27 AM

Hi Jo,

 

No malware was found with the Rootkit.

 

Here is the report from AdwCleaner:

 

# AdwCleaner v3.011 - Report created 12/01/2015 at 21:24:02
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Troy - TRMCUMMI
# Running from : C:\Spyware Cleaners\7ADWCleaner\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Users\Troy\AppData\Roaming\BitLord
Folder Found C:\Users\Troy\Documents\BitLord
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Lizz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R8].txt - [816 octets] - [12/01/2015 21:24:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [875 octets] ##########
 
Thanks!


#6 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:21 PM

Posted 13 January 2015 - 06:50 AM

Hello trmcummi,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 trmcummi

trmcummi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 13 January 2015 - 09:31 PM

Hi Jo,

 

So AdwCleaner did the reboot, and here is the log:

 

# AdwCleaner v3.011 - Report created 12/01/2015 at 21:24:02
# Updated 03/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Troy - TRMCUMMI
# Running from : C:\Spyware Cleaners\7ADWCleaner\adwcleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found C:\Users\Troy\AppData\Roaming\BitLord
Folder Found C:\Users\Troy\Documents\BitLord
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Lizz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R8].txt - [816 octets] - [12/01/2015 21:24:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R8].txt - [875 octets] ##########
 
 
 
 
 
 
 
Here is the JRT log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Troy on Tue 01/13/2015 at 15:40:59.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2893754199-1963525480-799371462-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Troy\AppData\Roaming\pcdr"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/13/2015 at 15:43:29.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
Here is the FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-01-2015
Ran by Troy (administrator) on TRMCUMMI on 13-01-2015 17:58:11
Running from C:\Users\Troy\Desktop
Loaded Profile: Troy (Available profiles: Troy & Mcx1-TRMCUMMI & Lizz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-02] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk
ShortcutTarget: Windows Firewall Control.lnk -> C:\Program Files\Windows Firewall Control\wfc.exe (BiniSoft.org)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2893754199-1963525480-799371462-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Troy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @talk.google.com/O1DPlugin -> C:\Users\Troy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @talk.google.com/O3DPlugin -> C:\Users\Troy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Troy\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Troy\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Troy\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Troy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Troy\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Troy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-27]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Search) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-04]
CHR Extension: (Gmail) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-02]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-08-31] (Adobe Systems Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 _wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [97792 2015-01-04] (BiniSoft.org) [File not signed]
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cleanhlp; C:\SPYWARE CLEANERS\2EMSISOFTEMERGENCYKIT\RUN\cleanhlp64.sys [57024 2015-01-02] (Emsisoft GmbH)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-02-18] (Audials AG)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2014-06-16] (Identive)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 17:58 - 2015-01-13 17:58 - 00021339 _____ () C:\Users\Troy\Desktop\FRST.txt
2015-01-13 17:55 - 2015-01-13 17:55 - 01707939 _____ (Thisisu) C:\Users\Troy\Downloads\JRT (2).exe
2015-01-13 15:43 - 2015-01-13 15:43 - 00001484 _____ () C:\Users\Troy\Desktop\JRT.txt
2015-01-13 15:39 - 2015-01-13 15:39 - 01707939 _____ (Thisisu) C:\Users\Troy\Downloads\JRT (1).exe
2015-01-13 15:31 - 2014-03-25 05:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-13 15:25 - 2015-01-13 15:26 - 02191360 _____ () C:\Users\Troy\Downloads\adwcleaner_4.107.exe
2015-01-13 15:13 - 2015-01-13 15:13 - 694940609 _____ () C:\Windows\MEMORY.DMP
2015-01-13 15:13 - 2015-01-13 15:13 - 00320512 _____ () C:\Windows\Minidump\011315-22214-01.dmp
2015-01-12 21:25 - 2015-01-12 21:25 - 00000954 _____ () C:\Users\Troy\Desktop\AdwCleaner[R8].txt
2015-01-12 21:23 - 2015-01-13 15:30 - 00000000 ____D () C:\AdwCleaner
2015-01-12 20:09 - 2015-01-12 21:21 - 00000000 ____D () C:\Users\Troy\Desktop\mbar
2015-01-12 20:08 - 2015-01-12 20:09 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Troy\Downloads\mbar-1.08.2.1001 (1).exe
2015-01-10 19:35 - 2015-01-13 17:58 - 00000000 ____D () C:\FRST
2015-01-10 19:26 - 2015-01-10 19:26 - 00852504 _____ () C:\Users\Troy\Downloads\SecurityCheck.exe
2015-01-10 19:24 - 2015-01-10 19:24 - 02124288 _____ (Farbar) C:\Users\Troy\Downloads\FRST64.exe
2015-01-10 19:24 - 2015-01-10 19:24 - 02124288 _____ (Farbar) C:\Users\Troy\Desktop\FRST64.exe
2015-01-09 20:34 - 2015-01-09 20:34 - 01536579 _____ () C:\Users\Lizz\Downloads\IMG_4214.MOV
2015-01-07 22:48 - 2015-01-07 22:48 - 00028404 _____ () C:\Users\Troy\Downloads\dds.txt
2015-01-05 12:43 - 2015-01-05 12:43 - 00688992 ____R (Swearware) C:\Users\Troy\Downloads\dds.com
2015-01-05 12:19 - 2015-01-05 12:19 - 00003220 _____ () C:\Windows\System32\Tasks\{6BCB00B6-7A22-4D09-AC02-BCD7FB47E5BF}
2015-01-04 23:00 - 2015-01-04 23:01 - 00000000 ____D () C:\Program Files\Windows Firewall Control
2015-01-04 23:00 - 2015-01-04 23:00 - 00000992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Windows Firewall Control.lnk
2015-01-04 23:00 - 2015-01-04 23:00 - 00000986 _____ () C:\Users\Public\Desktop\Windows Firewall Control.lnk
2015-01-04 19:46 - 2015-01-04 19:47 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-01-04 19:46 - 2015-01-04 19:46 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-01-04 19:46 - 2015-01-04 19:46 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-01-04 19:46 - 2015-01-04 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-01-04 19:44 - 2015-01-04 19:45 - 14147584 _____ () C:\Users\Troy\Downloads\lastpass_x64.exe
2015-01-04 17:20 - 2015-01-04 17:20 - 00000000 ____D () C:\Users\Lizz\AppData\Roaming\Panda Security
2015-01-04 15:43 - 2015-01-04 15:43 - 00347648 _____ (BiniSoft.org) C:\Users\Troy\Downloads\wfc4setup.exe
2015-01-04 14:52 - 2015-01-04 14:52 - 03644368 _____ (Sphinx Software ) C:\Users\Troy\Downloads\Windows8FirewallControl-Setup-x64.exe
2015-01-03 15:40 - 2015-01-03 15:40 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Panda Security
2015-01-03 15:40 - 2015-01-03 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-03 15:40 - 2015-01-03 15:40 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-03 15:38 - 2015-01-03 15:40 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-03 15:38 - 2015-01-03 15:38 - 01630952 _____ () C:\Users\Troy\Downloads\PANDAFREEAV.exe
2015-01-03 14:55 - 2015-01-03 14:55 - 00543483 _____ () C:\Users\Troy\Downloads\Windows6.1-KB2852386-x64.msu
2015-01-03 14:44 - 2015-01-03 14:44 - 00001855 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-03 14:44 - 2015-01-03 14:44 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-03 13:55 - 2015-01-13 15:31 - 00000926 _____ () C:\Windows\PFRO.log
2015-01-03 11:51 - 2015-01-03 15:40 - 00133008 _____ () C:\Users\Troy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 11:50 - 2015-01-13 15:31 - 00002240 _____ () C:\Windows\setupact.log
2015-01-03 11:50 - 2015-01-03 19:46 - 05059592 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-03 11:50 - 2015-01-03 11:50 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 10:28 - 2015-01-03 10:28 - 05317104 _____ (Piriform Ltd) C:\Users\Troy\Downloads\ccsetup501.exe
2015-01-03 10:22 - 2015-01-03 10:22 - 01707939 _____ (Thisisu) C:\Users\Troy\Downloads\JRT.exe
2015-01-03 09:47 - 2015-01-03 09:47 - 00000000 _____ () C:\autoexec.bat
2015-01-03 09:45 - 2015-01-03 09:45 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Troy\Downloads\SpyHunter-Installer.exe
2015-01-02 23:20 - 2015-01-02 23:20 - 00049669 _____ () C:\ComboFix.txt
2015-01-02 23:05 - 2015-01-02 23:06 - 05605575 ____R (Swearware) C:\Users\Lizz\Downloads\ComboFix.exe
2015-01-02 23:00 - 2015-01-04 23:51 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Lizz trmcummi
2015-01-02 22:31 - 2015-01-03 10:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-02 22:31 - 2015-01-02 22:31 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-02 21:00 - 2015-01-02 21:01 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Troy\Downloads\mbar-1.08.2.1001.exe
2015-01-02 20:51 - 2015-01-02 20:51 - 04166770 _____ () C:\Users\Troy\Downloads\tdsskiller.zip
2015-01-02 19:09 - 2015-01-02 19:10 - 02173952 _____ () C:\Users\Troy\Downloads\adwcleaner_4.106.exe
2015-01-02 17:49 - 2015-01-02 17:49 - 00000000 ____D () C:\ProgramData\aeajkbojmgnmmkfmfnnhacfokpodkgfc
2014-12-29 14:25 - 2014-12-12 16:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-29 14:23 - 2014-12-13 02:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-29 14:23 - 2014-12-13 02:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-29 14:23 - 2014-10-09 09:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-29 14:23 - 2014-10-09 09:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-29 14:23 - 2014-10-08 23:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-29 14:21 - 2014-11-22 02:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-29 14:21 - 2014-11-22 02:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-29 14:19 - 2014-12-29 14:19 - 00000000 ____D () C:\Windows\Sun
2014-12-28 14:56 - 2014-12-28 14:56 - 00000000 ____D () C:\ProgramData\hlpcheablcaclmiobkeogghebffdaefp
2014-12-27 14:33 - 2014-12-27 14:33 - 00002171 _____ () C:\Users\Troy\Desktop\Turkish Essentials.lnk
2014-12-27 14:33 - 2014-12-27 14:33 - 00000000 __HDC () C:\Users\Troy\AppData\Local\{8BEB034C-432A-4078-BC48-8FB45ACF50D8}
2014-12-27 14:33 - 2014-12-27 14:33 - 00000000 ____D () C:\Program Files (x86)\Transparent
2014-12-27 14:32 - 2014-12-27 14:33 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turkish Essentials
2014-12-26 17:02 - 2014-12-26 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2014-12-26 17:01 - 2014-12-26 17:01 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2014-12-26 17:01 - 2014-12-26 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2014-12-26 17:01 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-26 17:01 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-23 07:55 - 2014-12-23 07:55 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-19 20:26 - 2014-12-19 20:27 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-12-19 20:26 - 2014-12-19 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-12-18 10:11 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:11 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 19:34 - 2014-12-17 19:34 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-16 19:46 - 2014-12-16 19:46 - 00000000 __SHD () C:\Users\Troy\AppData\Local\EmieBrowserModeList
2014-12-14 21:04 - 2015-01-01 22:48 - 00018885 _____ () C:\Users\Troy\Desktop\Words from Class 2.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-13 17:55 - 2014-11-02 19:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-13 17:55 - 2014-02-12 17:21 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004UA1cf2859e821c273.job
2015-01-13 17:55 - 2011-11-28 20:41 - 01598020 _____ () C:\Windows\WindowsUpdate.log
2015-01-13 15:38 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 15:38 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 15:31 - 2011-11-28 22:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-13 15:31 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-13 15:13 - 2014-10-24 12:24 - 00000000 ____D () C:\Windows\Minidump
2015-01-13 15:13 - 2014-02-12 17:21 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004Core1cf2859e7fb9c44.job
2015-01-12 21:21 - 2013-11-07 03:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-12 20:10 - 2014-09-27 20:34 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 20:09 - 2013-11-07 03:01 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-11 20:09 - 2012-10-24 18:27 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\vlc
2015-01-09 20:34 - 2013-08-23 18:03 - 00000000 ____D () C:\Users\Lizz\AppData\Roaming\vlc
2015-01-08 14:19 - 2014-10-10 14:32 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\uTorrent
2015-01-08 02:00 - 2011-12-08 18:16 - 00000000 ____D () C:\Users\Troy\AppData\Local\Adobe
2015-01-07 20:44 - 2013-09-20 17:25 - 00000000 ____D () C:\Users\Troy\Documents\Anki
2015-01-06 04:36 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 12:22 - 2013-11-07 00:45 - 00000000 ____D () C:\Spyware Cleaners
2015-01-05 12:18 - 2014-10-11 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-05 08:14 - 2011-11-28 21:11 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-04 23:50 - 2014-09-27 19:59 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Troy trmcummi
2015-01-04 17:20 - 2013-08-23 17:29 - 00133008 _____ () C:\Users\Lizz\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-04 09:57 - 2014-09-27 20:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-03 15:37 - 2012-10-18 16:18 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-03 14:44 - 2013-08-23 17:29 - 00000000 ____D () C:\Users\Lizz
2015-01-03 14:44 - 2012-02-08 17:32 - 00000000 ____D () C:\Users\Mcx1-TRMCUMMI
2015-01-03 14:11 - 2011-12-06 17:32 - 00000000 ____D () C:\Users\Troy
2015-01-03 12:25 - 2012-04-07 16:23 - 00000000 ____D () C:\Users\Troy\.autobahn
2015-01-03 12:23 - 2014-10-13 13:54 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-02 23:20 - 2013-11-07 01:10 - 00000000 ____D () C:\Qoobox
2015-01-02 23:19 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-02 22:46 - 2011-11-28 21:08 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-02 21:05 - 2014-05-11 10:59 - 00000000 ____D () C:\temp
2015-01-02 16:52 - 2014-10-22 20:48 - 11222744 _____ (SurfRight B.V.) C:\Users\Troy\Downloads\HitmanPro_x64.exe
2014-12-30 23:21 - 2014-10-22 16:55 - 00000000 ____D () C:\Users\Troy\Desktop\Turkish Language Pack
2014-12-29 15:26 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Web
2014-12-29 14:25 - 2014-03-07 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-29 14:13 - 2013-10-18 17:13 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-29 14:13 - 2013-10-18 17:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-29 14:13 - 2013-10-18 17:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-29 14:13 - 2013-10-18 17:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-29 14:13 - 2012-09-04 10:35 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-24 20:41 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 16:05 - 2014-03-14 18:08 - 00000000 ____D () C:\Users\Troy\AppData\Local\Windows Live
2014-12-22 10:48 - 2011-09-02 08:16 - 00036352 _____ () C:\Users\Troy\Documents\Lizz and Troy's Address Book.xls
2014-12-22 08:22 - 2014-03-06 09:42 - 00000000 ____D () C:\Users\Lizz\AppData\Local\Windows Live
2014-12-18 09:59 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-14 21:04 - 2014-11-16 20:18 - 00000000 ____D () C:\Users\Troy\Desktop\Anki Documentation
 
Some content of TEMP:
====================
C:\Users\Troy\AppData\Local\temp\Quarantine.exe
C:\Users\Troy\AppData\Local\temp\sqlite3.dll
C:\Users\Troy\AppData\Local\temp\{DC68CCFC-1DD0-4E52-A1D2-037C8F334D93}.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-04 00:41
 
==================== End Of Log ============================
 
 
 
And here is the Addition log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-01-2015
Ran by Troy at 2015-01-13 17:58:43
Running from C:\Users\Troy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audials (HKLM-x32\...\{CA50136F-9F9E-4AFC-ADD4-471F896AC922}) (Version: 11.0.51800.0 - Audials AG)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DVDFab 8.2.2.8 (26/02/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
eyeVocab Arabic Quiz version 1.0 (HKLM-x32\...\{E07ABF83-9FBC-48BE-8D82-EDAF6FB68DC0}_is1) (Version: 1.0 - Miles Becker)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{43AC7CBC-1D6A-3B5B-81B1-A0C166FE48F4}) (Version: 4.8.2.15856 - Google)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - اللغة العربية (HKLM\...\{90150000-001F-0401-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Turkish Essentials (HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\Turkish Essentials) (Version:  - Transparent Language, Inc.)
Turkish Essentials (x32 Version: 1.0.0 - Transparent Language, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.2.1.0 - BiniSoft.org)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
03-01-2015 12:29:33 Removed TrustedID IDMonitor Identity Protection
03-01-2015 13:39:54 Checkpoint by HitmanPro
04-01-2015 19:00:16 Windows Backup
06-01-2015 08:36:52 Windows Update
09-01-2015 10:32:00 Windows Update
11-01-2015 20:09:04 Windows Backup
13-01-2015 08:44:16 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2015-01-02 23:19 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0878C06A-6394-4EC7-8157-75B4392D20BB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0BBC723D-E09E-44D6-A687-025F8EB39C5A} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-TRMCUMMI => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {11799E94-0B62-46A3-AB1A-4C67C4094927} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {12CBEEA3-DDB3-4384-A31D-22F8F77D738C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1761DBFE-0F39-45B0-9A8D-458F8D0DCEF5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1EA1903F-B8FF-461B-818A-0B2560494EC5} - \SystemToolsDailyTest No Task File <==== ATTENTION
Task: {2D6F16DF-ED40-4B09-9E9B-87AC2666B76B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Troy trmcummi => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {3C7A52DF-0A45-4CD2-9E72-0C19A5FF5383} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {475EBECC-D5DA-486F-8C69-A578C56AAB5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004UA1cf2859e821c273 => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {5A0D47B4-BC79-4599-8EDA-A8201F7C488B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5A8BD515-4708-4850-9E01-898256A0FA64} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {5F3A7E70-AA77-4675-A573-D1931ADC882F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {628D7652-2AD0-4A04-AD06-8C6A5DE22067} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6456FAD8-EC60-46FD-B4C5-791B1F049842} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004Core1cf2859e7fb9c44 => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {64C58A62-5154-4C22-BBF6-E8A023143F4B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {709844A5-12B4-48E0-AA73-708EE72BF59E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Lizz trmcummi => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {7F8FB65F-338D-4815-B69B-A4556488F66B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {84AB3B8E-AF8E-4899-A42A-5BB207F5C898} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8C4B02B1-50F3-4858-B5D7-F8B42BA2A404} - \{42491CED-DF4F-4671-80C1-8D3D1396EF1D} No Task File <==== ATTENTION
Task: {A71C5CA4-AFF6-48B0-B25C-CEE4F37893DD} - \{36E574BB-42D2-4672-9813-8D269134AAE4} No Task File <==== ATTENTION
Task: {AD49B708-1300-4817-BD21-FDDCAF5A8E61} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B6D225E9-287F-445B-8B44-82C63E2AD3B1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C869B24C-77EC-4A7F-B466-594F30933EDE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CAFD563C-77E2-4E3E-BB3A-247EE7E8BB0D} - System32\Tasks\{6BCB00B6-7A22-4D09-AC02-BCD7FB47E5BF} => pcalua.exe -a "C:\Spyware Cleaners\Shortcut Manager fixer\shman\shman.exe" -d "C:\Spyware Cleaners\Shortcut Manager fixer\shman"
Task: {F2837931-DE89-456D-BC4C-7E161BE521C3} - System32\Tasks\AdobeAAMUpdater-1.0-trmcummi-Troy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004Core1cf2859e7fb9c44.job => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004UA1cf2859e821c273.job => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-07 19:06 - 2014-12-13 00:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-12 17:58 - 2014-02-12 17:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 09:23 - 2013-04-12 09:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-10-16 07:50 - 2014-10-16 07:50 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-11-28 20:53 - 2010-09-13 16:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-10-14 23:28 - 2014-10-14 23:28 - 08897696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-24 16:44 - 2014-09-22 20:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 16:44 - 2014-09-22 20:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 16:44 - 2014-09-22 20:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-24 16:44 - 2014-09-22 20:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
2015-01-03 12:16 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Troy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-01-03 12:16 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Troy\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\temp:pid1
AlternateDataStreams: C:\temp:pid2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Troy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PhotoshopElements8SyncAgent => C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2893754199-1963525480-799371462-500 - Administrator - Disabled)
Guest (S-1-5-21-2893754199-1963525480-799371462-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2893754199-1963525480-799371462-1007 - Limited - Enabled)
Lizz (S-1-5-21-2893754199-1963525480-799371462-1004 - Administrator - Enabled) => C:\Users\Lizz
Mcx1-TRMCUMMI (S-1-5-21-2893754199-1963525480-799371462-1003 - Limited - Enabled) => C:\Users\Mcx1-TRMCUMMI
Troy (S-1-5-21-2893754199-1963525480-799371462-1001 - Administrator - Enabled) => C:\Users\Troy
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (01/13/2015 05:55:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-02 23:18:24.855
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 23:18:24.808
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 23:18:24.777
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 23:18:24.730
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.291
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.260
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.089
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\jehwbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\jehwbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 8174.45 MB
Available physical RAM: 6394.48 MB
Total Pagefile: 16347.07 MB
Available Pagefile: 13708.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:243 GB) NTFS
Drive i: (Movies) (Fixed) (Total:1862.98 GB) (Free:1485.97 GB) NTFS
Drive j: (Computer Backup) (Fixed) (Total:465.73 GB) (Free:11.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B15A467D)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.7 GB) (Disk ID: 044E0803)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
 
 
The computer seems to be running without issue. Do the logs indicate any issues?
 
Thank you!
 
Troy


#8 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:21 PM

Posted 14 January 2015 - 03:53 AM

Hello trmcummi,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 trmcummi

trmcummi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 15 January 2015 - 11:15 PM

Hi Jo,

 

Followed the steps above. Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Troy (administrator) on TRMCUMMI on 15-01-2015 20:08:30
Running from C:\Users\Troy\Desktop
Loaded Profiles: Troy (Available profiles: Troy & Mcx1-TRMCUMMI & Lizz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-02] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk
ShortcutTarget: Windows Firewall Control.lnk -> C:\Program Files\Windows Firewall Control\wfc.exe (BiniSoft.org)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2893754199-1963525480-799371462-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Troy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @talk.google.com/O1DPlugin -> C:\Users\Troy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @talk.google.com/O3DPlugin -> C:\Users\Troy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Troy\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Troy\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Troy\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Troy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Troy\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Troy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-27]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Search) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-04]
CHR Extension: (Gmail) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-02]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-08-31] (Adobe Systems Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 _wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [97792 2015-01-04] (BiniSoft.org) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cleanhlp; C:\SPYWARE CLEANERS\2EMSISOFTEMERGENCYKIT\RUN\cleanhlp64.sys [57024 2015-01-02] (Emsisoft GmbH)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-02-18] (Audials AG)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2014-06-16] (Identive)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 20:06 - 2015-01-15 20:06 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-15 20:03 - 2015-01-15 20:08 - 00020096 _____ () C:\Users\Troy\Desktop\FRST.txt
2015-01-15 13:23 - 2014-03-25 05:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-14 09:44 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:44 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:44 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:44 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:44 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:44 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:44 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:44 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:44 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:44 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:44 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:44 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:44 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 21:33 - 2015-01-13 22:50 - 00023596 _____ () C:\Users\Troy\Desktop\msa_Unit 4 Vocab.xlsx
2015-01-13 21:33 - 2015-01-13 21:33 - 00026270 _____ () C:\Users\Troy\Downloads\msa_Unit 4 Vocab.xlsx
2015-01-13 17:55 - 2015-01-13 17:55 - 01707939 _____ (Thisisu) C:\Users\Troy\Downloads\JRT (2).exe
2015-01-13 15:39 - 2015-01-13 15:39 - 01707939 _____ (Thisisu) C:\Users\Troy\Downloads\JRT (1).exe
2015-01-13 15:25 - 2015-01-13 15:26 - 02191360 _____ () C:\Users\Troy\Downloads\adwcleaner_4.107.exe
2015-01-13 15:13 - 2015-01-13 15:13 - 694940609 _____ () C:\Windows\MEMORY.DMP
2015-01-13 15:13 - 2015-01-13 15:13 - 00320512 _____ () C:\Windows\Minidump\011315-22214-01.dmp
2015-01-12 21:23 - 2015-01-13 15:30 - 00000000 ____D () C:\AdwCleaner
2015-01-12 20:09 - 2015-01-12 21:21 - 00000000 ____D () C:\Users\Troy\Desktop\mbar
2015-01-12 20:08 - 2015-01-12 20:09 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Troy\Downloads\mbar-1.08.2.1001 (1).exe
2015-01-10 19:35 - 2015-01-15 20:08 - 00000000 ____D () C:\FRST
2015-01-10 19:26 - 2015-01-10 19:26 - 00852504 _____ () C:\Users\Troy\Downloads\SecurityCheck.exe
2015-01-10 19:24 - 2015-01-15 20:03 - 02125312 _____ (Farbar) C:\Users\Troy\Desktop\FRST64.exe
2015-01-10 19:24 - 2015-01-10 19:24 - 02124288 _____ (Farbar) C:\Users\Troy\Downloads\FRST64.exe
2015-01-09 20:34 - 2015-01-09 20:34 - 01536579 _____ () C:\Users\Lizz\Downloads\IMG_4214.MOV
2015-01-07 22:48 - 2015-01-07 22:48 - 00028404 _____ () C:\Users\Troy\Downloads\dds.txt
2015-01-05 12:43 - 2015-01-05 12:43 - 00688992 ____R (Swearware) C:\Users\Troy\Downloads\dds.com
2015-01-05 12:19 - 2015-01-05 12:19 - 00003220 _____ () C:\Windows\System32\Tasks\{6BCB00B6-7A22-4D09-AC02-BCD7FB47E5BF}
2015-01-04 23:00 - 2015-01-04 23:01 - 00000000 ____D () C:\Program Files\Windows Firewall Control
2015-01-04 23:00 - 2015-01-04 23:00 - 00000992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Windows Firewall Control.lnk
2015-01-04 23:00 - 2015-01-04 23:00 - 00000986 _____ () C:\Users\Public\Desktop\Windows Firewall Control.lnk
2015-01-04 19:46 - 2015-01-04 19:47 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-01-04 19:46 - 2015-01-04 19:46 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-01-04 19:46 - 2015-01-04 19:46 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-01-04 19:46 - 2015-01-04 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-01-04 19:44 - 2015-01-04 19:45 - 14147584 _____ () C:\Users\Troy\Downloads\lastpass_x64.exe
2015-01-04 17:20 - 2015-01-04 17:20 - 00000000 ____D () C:\Users\Lizz\AppData\Roaming\Panda Security
2015-01-04 15:43 - 2015-01-04 15:43 - 00347648 _____ (BiniSoft.org) C:\Users\Troy\Downloads\wfc4setup.exe
2015-01-04 14:52 - 2015-01-04 14:52 - 03644368 _____ (Sphinx Software ) C:\Users\Troy\Downloads\Windows8FirewallControl-Setup-x64.exe
2015-01-03 15:40 - 2015-01-03 15:40 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Panda Security
2015-01-03 15:40 - 2015-01-03 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-03 15:40 - 2015-01-03 15:40 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-03 15:38 - 2015-01-03 15:40 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-03 15:38 - 2015-01-03 15:38 - 01630952 _____ () C:\Users\Troy\Downloads\PANDAFREEAV.exe
2015-01-03 14:55 - 2015-01-03 14:55 - 00543483 _____ () C:\Users\Troy\Downloads\Windows6.1-KB2852386-x64.msu
2015-01-03 14:44 - 2015-01-03 14:44 - 00001855 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-03 14:44 - 2015-01-03 14:44 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-03 13:55 - 2015-01-13 15:31 - 00000926 _____ () C:\Windows\PFRO.log
2015-01-03 11:51 - 2015-01-03 15:40 - 00133008 _____ () C:\Users\Troy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 11:50 - 2015-01-15 20:06 - 00002856 _____ () C:\Windows\setupact.log
2015-01-03 11:50 - 2015-01-03 19:46 - 05059592 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-03 11:50 - 2015-01-03 11:50 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 10:28 - 2015-01-03 10:28 - 05317104 _____ (Piriform Ltd) C:\Users\Troy\Downloads\ccsetup501.exe
2015-01-03 10:22 - 2015-01-03 10:22 - 01707939 _____ (Thisisu) C:\Users\Troy\Downloads\JRT.exe
2015-01-03 09:47 - 2015-01-03 09:47 - 00000000 _____ () C:\autoexec.bat
2015-01-03 09:45 - 2015-01-03 09:45 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Troy\Downloads\SpyHunter-Installer.exe
2015-01-02 23:20 - 2015-01-02 23:20 - 00049669 _____ () C:\ComboFix.txt
2015-01-02 23:05 - 2015-01-02 23:06 - 05605575 ____R (Swearware) C:\Users\Lizz\Downloads\ComboFix.exe
2015-01-02 23:00 - 2015-01-04 23:51 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Lizz trmcummi
2015-01-02 22:31 - 2015-01-03 10:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-02 22:31 - 2015-01-02 22:31 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-02 21:00 - 2015-01-02 21:01 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Troy\Downloads\mbar-1.08.2.1001.exe
2015-01-02 20:51 - 2015-01-02 20:51 - 04166770 _____ () C:\Users\Troy\Downloads\tdsskiller.zip
2015-01-02 19:09 - 2015-01-02 19:10 - 02173952 _____ () C:\Users\Troy\Downloads\adwcleaner_4.106.exe
2015-01-02 17:49 - 2015-01-02 17:49 - 00000000 ____D () C:\ProgramData\aeajkbojmgnmmkfmfnnhacfokpodkgfc
2014-12-29 14:25 - 2014-12-12 16:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-29 14:23 - 2014-12-13 02:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-29 14:23 - 2014-12-13 02:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-29 14:23 - 2014-10-09 09:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-29 14:23 - 2014-10-09 09:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-29 14:23 - 2014-10-08 23:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-29 14:21 - 2014-11-22 02:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-29 14:21 - 2014-11-22 02:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-29 14:19 - 2014-12-29 14:19 - 00000000 ____D () C:\Windows\Sun
2014-12-28 14:56 - 2014-12-28 14:56 - 00000000 ____D () C:\ProgramData\hlpcheablcaclmiobkeogghebffdaefp
2014-12-27 14:33 - 2014-12-27 14:33 - 00002171 _____ () C:\Users\Troy\Desktop\Turkish Essentials.lnk
2014-12-27 14:33 - 2014-12-27 14:33 - 00000000 __HDC () C:\Users\Troy\AppData\Local\{8BEB034C-432A-4078-BC48-8FB45ACF50D8}
2014-12-27 14:33 - 2014-12-27 14:33 - 00000000 ____D () C:\Program Files (x86)\Transparent
2014-12-27 14:32 - 2014-12-27 14:33 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turkish Essentials
2014-12-26 17:02 - 2014-12-26 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2014-12-26 17:01 - 2014-12-26 17:01 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2014-12-26 17:01 - 2014-12-26 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2014-12-26 17:01 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-26 17:01 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-23 07:55 - 2014-12-23 07:55 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-19 20:26 - 2014-12-19 20:27 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-12-19 20:26 - 2014-12-19 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-12-18 10:11 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:11 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 19:34 - 2014-12-17 19:34 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-16 19:46 - 2014-12-16 19:46 - 00000000 __SHD () C:\Users\Troy\AppData\Local\EmieBrowserModeList
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-15 20:06 - 2011-11-28 22:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 20:06 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 20:05 - 2011-11-28 20:41 - 02060496 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 20:05 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-15 20:03 - 2014-11-02 19:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 19:27 - 2014-02-12 17:21 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004UA1cf2859e821c273.job
2015-01-15 13:31 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 13:31 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 21:50 - 2013-07-22 23:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:46 - 2011-12-07 18:13 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 09:32 - 2014-02-12 17:21 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004Core1cf2859e7fb9c44.job
2015-01-14 09:32 - 2011-12-08 18:16 - 00000000 ____D () C:\Users\Troy\AppData\Local\Adobe
2015-01-13 22:03 - 2014-11-02 19:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 22:03 - 2014-11-02 19:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 22:03 - 2011-11-28 20:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 15:13 - 2014-10-24 12:24 - 00000000 ____D () C:\Windows\Minidump
2015-01-12 21:21 - 2013-11-07 03:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-12 20:10 - 2014-09-27 20:34 - 00135384 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-12 20:09 - 2013-11-07 03:01 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-11 20:09 - 2012-10-24 18:27 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\vlc
2015-01-09 20:34 - 2013-08-23 18:03 - 00000000 ____D () C:\Users\Lizz\AppData\Roaming\vlc
2015-01-08 14:19 - 2014-10-10 14:32 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\uTorrent
2015-01-07 20:44 - 2013-09-20 17:25 - 00000000 ____D () C:\Users\Troy\Documents\Anki
2015-01-06 04:36 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 12:22 - 2013-11-07 00:45 - 00000000 ____D () C:\Spyware Cleaners
2015-01-05 12:18 - 2014-10-11 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-05 08:14 - 2011-11-28 21:11 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-04 23:50 - 2014-09-27 19:59 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Troy trmcummi
2015-01-04 17:20 - 2013-08-23 17:29 - 00133008 _____ () C:\Users\Lizz\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-04 09:57 - 2014-09-27 20:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-03 15:37 - 2012-10-18 16:18 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-03 14:44 - 2013-08-23 17:29 - 00000000 ____D () C:\Users\Lizz
2015-01-03 14:44 - 2012-02-08 17:32 - 00000000 ____D () C:\Users\Mcx1-TRMCUMMI
2015-01-03 14:11 - 2011-12-06 17:32 - 00000000 ____D () C:\Users\Troy
2015-01-03 12:25 - 2012-04-07 16:23 - 00000000 ____D () C:\Users\Troy\.autobahn
2015-01-03 12:23 - 2014-10-13 13:54 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-02 23:20 - 2013-11-07 01:10 - 00000000 ____D () C:\Qoobox
2015-01-02 23:19 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-02 22:46 - 2011-11-28 21:08 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-02 21:05 - 2014-05-11 10:59 - 00000000 ____D () C:\temp
2015-01-02 16:52 - 2014-10-22 20:48 - 11222744 _____ (SurfRight B.V.) C:\Users\Troy\Downloads\HitmanPro_x64.exe
2015-01-01 22:48 - 2014-12-14 21:04 - 00018885 _____ () C:\Users\Troy\Desktop\Words from Class 2.xlsx
2014-12-30 23:21 - 2014-10-22 16:55 - 00000000 ____D () C:\Users\Troy\Desktop\Turkish Language Pack
2014-12-29 15:26 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Web
2014-12-29 14:25 - 2014-03-07 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-29 14:13 - 2013-10-18 17:13 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-29 14:13 - 2013-10-18 17:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-29 14:13 - 2013-10-18 17:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-29 14:13 - 2013-10-18 17:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-29 14:13 - 2012-09-04 10:35 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-24 20:41 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 16:05 - 2014-03-14 18:08 - 00000000 ____D () C:\Users\Troy\AppData\Local\Windows Live
2014-12-22 10:48 - 2011-09-02 08:16 - 00036352 _____ () C:\Users\Troy\Documents\Lizz and Troy's Address Book.xls
2014-12-22 08:22 - 2014-03-06 09:42 - 00000000 ____D () C:\Users\Lizz\AppData\Local\Windows Live
2014-12-18 09:59 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 10:18
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Troy at 2015-01-15 20:09:44
Running from C:\Users\Troy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audials (HKLM-x32\...\{CA50136F-9F9E-4AFC-ADD4-471F896AC922}) (Version: 11.0.51800.0 - Audials AG)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DVDFab 8.2.2.8 (26/02/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
eyeVocab Arabic Quiz version 1.0 (HKLM-x32\...\{E07ABF83-9FBC-48BE-8D82-EDAF6FB68DC0}_is1) (Version: 1.0 - Miles Becker)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{43AC7CBC-1D6A-3B5B-81B1-A0C166FE48F4}) (Version: 4.8.2.15856 - Google)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - اللغة العربية (HKLM\...\{90150000-001F-0401-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Turkish Essentials (HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\Turkish Essentials) (Version:  - Transparent Language, Inc.)
Turkish Essentials (x32 Version: 1.0.0 - Transparent Language, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.2.1.0 - BiniSoft.org)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
03-01-2015 12:29:33 Removed TrustedID IDMonitor Identity Protection
03-01-2015 13:39:54 Checkpoint by HitmanPro
04-01-2015 19:00:16 Windows Backup
06-01-2015 08:36:52 Windows Update
09-01-2015 10:32:00 Windows Update
11-01-2015 20:09:04 Windows Backup
13-01-2015 08:44:16 Windows Update
14-01-2015 21:46:28 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2015-01-02 23:19 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0878C06A-6394-4EC7-8157-75B4392D20BB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0BBC723D-E09E-44D6-A687-025F8EB39C5A} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-TRMCUMMI => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {11799E94-0B62-46A3-AB1A-4C67C4094927} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {12CBEEA3-DDB3-4384-A31D-22F8F77D738C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1761DBFE-0F39-45B0-9A8D-458F8D0DCEF5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1EA1903F-B8FF-461B-818A-0B2560494EC5} - \SystemToolsDailyTest No Task File <==== ATTENTION
Task: {2D6F16DF-ED40-4B09-9E9B-87AC2666B76B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Troy trmcummi => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {3C7A52DF-0A45-4CD2-9E72-0C19A5FF5383} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {475EBECC-D5DA-486F-8C69-A578C56AAB5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004UA1cf2859e821c273 => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {5A0D47B4-BC79-4599-8EDA-A8201F7C488B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5A8BD515-4708-4850-9E01-898256A0FA64} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {5F3A7E70-AA77-4675-A573-D1931ADC882F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {628D7652-2AD0-4A04-AD06-8C6A5DE22067} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6456FAD8-EC60-46FD-B4C5-791B1F049842} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004Core1cf2859e7fb9c44 => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {64C58A62-5154-4C22-BBF6-E8A023143F4B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {709844A5-12B4-48E0-AA73-708EE72BF59E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Lizz trmcummi => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {7F8FB65F-338D-4815-B69B-A4556488F66B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {84AB3B8E-AF8E-4899-A42A-5BB207F5C898} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8C4B02B1-50F3-4858-B5D7-F8B42BA2A404} - \{42491CED-DF4F-4671-80C1-8D3D1396EF1D} No Task File <==== ATTENTION
Task: {A71C5CA4-AFF6-48B0-B25C-CEE4F37893DD} - \{36E574BB-42D2-4672-9813-8D269134AAE4} No Task File <==== ATTENTION
Task: {AD49B708-1300-4817-BD21-FDDCAF5A8E61} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B6D225E9-287F-445B-8B44-82C63E2AD3B1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C869B24C-77EC-4A7F-B466-594F30933EDE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CAFD563C-77E2-4E3E-BB3A-247EE7E8BB0D} - System32\Tasks\{6BCB00B6-7A22-4D09-AC02-BCD7FB47E5BF} => pcalua.exe -a "C:\Spyware Cleaners\Shortcut Manager fixer\shman\shman.exe" -d "C:\Spyware Cleaners\Shortcut Manager fixer\shman"
Task: {F2837931-DE89-456D-BC4C-7E161BE521C3} - System32\Tasks\AdobeAAMUpdater-1.0-trmcummi-Troy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004Core1cf2859e7fb9c44.job => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004UA1cf2859e821c273.job => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-07 19:06 - 2014-12-13 00:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-12 17:58 - 2014-02-12 17:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 09:23 - 2013-04-12 09:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-10-16 07:50 - 2014-10-16 07:50 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-11-28 20:53 - 2010-09-13 16:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\temp:pid1
AlternateDataStreams: C:\temp:pid2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Troy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PhotoshopElements8SyncAgent => C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2893754199-1963525480-799371462-500 - Administrator - Disabled)
Guest (S-1-5-21-2893754199-1963525480-799371462-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2893754199-1963525480-799371462-1007 - Limited - Enabled)
Lizz (S-1-5-21-2893754199-1963525480-799371462-1004 - Administrator - Enabled) => C:\Users\Lizz
Mcx1-TRMCUMMI (S-1-5-21-2893754199-1963525480-799371462-1003 - Limited - Enabled) => C:\Users\Mcx1-TRMCUMMI
Troy (S-1-5-21-2893754199-1963525480-799371462-1001 - Administrator - Enabled) => C:\Users\Troy
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/15/2015 08:06:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/15/2015 07:30:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019
 
Error: (01/15/2015 07:30:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019
 
Error: (01/15/2015 07:30:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/15/2015 07:30:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020
 
Error: (01/15/2015 07:30:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020
 
Error: (01/15/2015 07:30:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/15/2015 07:30:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006
 
Error: (01/15/2015 07:30:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006
 
Error: (01/15/2015 07:30:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (01/15/2015 08:06:55 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (01/15/2015 01:23:55 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (01/13/2015 06:34:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (01/13/2015 05:55:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (01/15/2015 08:06:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/15/2015 07:30:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8019
 
Error: (01/15/2015 07:30:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8019
 
Error: (01/15/2015 07:30:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/15/2015 07:30:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020
 
Error: (01/15/2015 07:30:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020
 
Error: (01/15/2015 07:30:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/15/2015 07:30:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6006
 
Error: (01/15/2015 07:30:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6006
 
Error: (01/15/2015 07:30:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-02 23:18:24.855
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 23:18:24.808
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 23:18:24.777
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 23:18:24.730
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.291
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.260
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.089
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\jehwbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\jehwbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 22%
Total physical RAM: 8174.44 MB
Available physical RAM: 6326.84 MB
Total Pagefile: 16347.07 MB
Available Pagefile: 14379.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:249.01 GB) NTFS
Drive i: (Movies) (Fixed) (Total:1862.98 GB) (Free:1485.85 GB) NTFS
Drive j: (Computer Backup) (Fixed) (Total:465.73 GB) (Free:11.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B15A467D)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.7 GB) (Disk ID: 044E0803)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
Let me know what else it needs. Thanks!
 
Troy


#10 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:21 PM

Posted 16 January 2015 - 05:22 AM

Hello trmcummi,


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 trmcummi

trmcummi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 16 January 2015 - 08:23 PM

Hi Jo,

 

Here are the logs: 

 

Malwarebytes Anti-Malware
 
Scan Date: 1/16/2015
Scan Time: 1:44:40 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.16.13
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Troy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 499049
Time Elapsed: 19 min, 40 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d834108d091fad4e8a7335129b0fb5a8
# engine=22004
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-01-16 09:39:34
# local_time=2015-01-16 01:39:34 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 1029572 206718748 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 98526 172987824 0 0
# scanned=224563
# found=123
# cleaned=0
# scan_time=9792
sh=15219C0F274C5C9956981C91ABEC5D4E3A1F6442 ft=1 fh=3fec66b3c1704bce vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=65D8F0A77C80DEE0EB20C6E8B81B3CF825613131 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\ProgramData\aeajkbojmgnmmkfmfnnhacfokpodkgfc\m25NnfgMj.js"
sh=26B68CC7F2D9A9AF9E87B6E6AE5C8FF5F4E1B8EF ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\ProgramData\hlpcheablcaclmiobkeogghebffdaefp\content.js"
sh=E67EE8DA649E26579D8001C8735DC36D9EEF995A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\ProgramData\hlpcheablcaclmiobkeogghebffdaefp\eBnH.js"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lizz\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lizz\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lizz\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lizz\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lizz\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lizz\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lizz\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Lizz\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Troy\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Troy\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Troy\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Troy\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Troy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Troy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Troy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Troy\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\torch\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Guest\AppData\Local\torch\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\HomeGroupUser$\AppData\Local\torch\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Lizz\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Lizz\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Lizz\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Lizz\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Lizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Lizz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Lizz\AppData\Local\torch\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Lizz\AppData\Local\torch\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Lizz\AppData\Local\torch\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Lizz\AppData\Local\torch\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\torch\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\torch\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\torch\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Mcx1-TRMCUMMI\AppData\Local\torch\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Troy\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Troy\AppData\Local\Chromatic Browser\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Troy\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Troy\AppData\Local\Chromatic Browser\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Troy\AppData\Local\torch\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\lsdb.js.vir"
sh=5E68C3D5310018D4A300EAD4BCAACB482D571706 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Troy\AppData\Local\torch\User Data\Default\Extensions\cjjhkmhhmddmdpdkglccfgcoiaoopmfg\2.0\MJSdzUi.js.vir"
sh=964D033B238C7FDDEE9739EFEE9473A590D4D4D3 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Troy\AppData\Local\torch\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\ftzdT.js.vir"
sh=7C1E142BBA63AE1274F52A56E3D3EF2C544BC0A7 ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Spyware Cleaners\7ADWCleaner\AdwCleaner\Quarantine\C\Users\Troy\AppData\Local\torch\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\161\lsdb.js.vir"
sh=65D8F0A77C80DEE0EB20C6E8B81B3CF825613131 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\All Users\aeajkbojmgnmmkfmfnnhacfokpodkgfc\m25NnfgMj.js"
sh=26B68CC7F2D9A9AF9E87B6E6AE5C8FF5F4E1B8EF ft=0 fh=0000000000000000 vn="JS/Adware.MultiPlug.B application" ac=I fn="C:\Users\All Users\hlpcheablcaclmiobkeogghebffdaefp\content.js"
sh=E67EE8DA649E26579D8001C8735DC36D9EEF995A ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB trojan" ac=I fn="C:\Users\All Users\hlpcheablcaclmiobkeogghebffdaefp\eBnH.js"
 
 
 
The computer seems to be running the same as before. No issues that I can tell. Anything else that I should do? Thank you!
 
Troy


#12 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:21 PM

Posted 17 January 2015 - 05:41 AM

Hello trmcummi,

many files that ESET found are already in quarantine of Combofix or AdwCleaner.
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
EmptyTemp:
C:\ProgramData\aeajkbojmgnmmkfmfnnhacfokpodkgfc\m25NnfgMj.js
C:\ProgramData\hlpcheablcaclmiobkeogghebffdaefp\content.js
C:\ProgramData\hlpcheablcaclmiobkeogghebffdaefp\eBnH.js
C:\Users\All Users\aeajkbojmgnmmkfmfnnhacfokpodkgfc\m25NnfgMj.js
C:\Users\All Users\hlpcheablcaclmiobkeogghebffdaefp\content.js
C:\Users\All Users\hlpcheablcaclmiobkeogghebffdaefp\eBnH.js
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 trmcummi

trmcummi
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 17 January 2015 - 04:28 PM

Hi Jo,

 

I ran FRST and clicked Fix with the Fixlog. Here are the logs. Should Combofix be uninstalled? Should those quarantined files be deleted? Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Troy (administrator) on TRMCUMMI on 17-01-2015 13:21:33
Running from C:\Users\Troy\Desktop
Loaded Profiles: Troy (Available profiles: Troy & Mcx1-TRMCUMMI & Lizz)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfcs.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(BiniSoft.org) C:\Program Files\Windows Firewall Control\wfc.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-02] (Adobe Systems Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Windows Firewall Control.lnk
ShortcutTarget: Windows Firewall Control.lnk -> C:\Program Files\Windows Firewall Control\wfc.exe (BiniSoft.org)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2893754199-1963525480-799371462-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2893754199-1963525480-799371462-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll No File
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Troy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @talk.google.com/O1DPlugin -> C:\Users\Troy\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @talk.google.com/O3DPlugin -> C:\Users\Troy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Troy\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Troy\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2893754199-1963525480-799371462-1001: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Troy\AppData\Roaming\CATALI~1\NPBCSK~1.DLL No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Troy\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Troy\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Troy\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-27]
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (YouTube) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-02]
CHR Extension: (Google Search) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-04]
CHR Extension: (Gmail) - C:\Users\Troy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-02]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-02]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-08-31] (Adobe Systems Incorporated)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 _wfcs; C:\Program Files\Windows Firewall Control\wfcs.exe [97792 2015-01-04] (BiniSoft.org) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cleanhlp; C:\SPYWARE CLEANERS\2EMSISOFTEMERGENCYKIT\RUN\cleanhlp64.sys [57024 2015-01-02] (Emsisoft GmbH)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-02-18] (Audials AG)
S3 S3XXx64; C:\Windows\System32\DRIVERS\S3XXx64.sys [73984 2014-06-16] (Identive)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-17 13:21 - 2015-01-17 13:21 - 00020636 _____ () C:\Users\Troy\Desktop\FRST.txt
2015-01-17 13:21 - 2015-01-17 13:21 - 00000392 _____ () C:\Users\Troy\Desktop\fixlist.txt
2015-01-16 10:52 - 2015-01-16 10:52 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-16 10:51 - 2015-01-16 10:52 - 02347384 _____ (ESET) C:\Users\Troy\Downloads\esetsmartinstaller_enu.exe
2015-01-15 20:06 - 2015-01-15 20:06 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-15 13:23 - 2014-03-25 05:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-14 09:44 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:44 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:44 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 09:44 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 09:44 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 09:44 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 09:44 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 09:44 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 09:44 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 09:44 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 09:44 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:44 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 09:44 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 21:33 - 2015-01-13 22:50 - 00023596 _____ () C:\Users\Troy\Desktop\msa_Unit 4 Vocab.xlsx
2015-01-13 21:33 - 2015-01-13 21:33 - 00026270 _____ () C:\Users\Troy\Downloads\msa_Unit 4 Vocab.xlsx
2015-01-13 17:55 - 2015-01-13 17:55 - 01707939 _____ (Thisisu) C:\Users\Troy\Downloads\JRT (2).exe
2015-01-13 15:39 - 2015-01-13 15:39 - 01707939 _____ (Thisisu) C:\Users\Troy\Downloads\JRT (1).exe
2015-01-13 15:25 - 2015-01-13 15:26 - 02191360 _____ () C:\Users\Troy\Downloads\adwcleaner_4.107.exe
2015-01-13 15:13 - 2015-01-13 15:13 - 694940609 _____ () C:\Windows\MEMORY.DMP
2015-01-13 15:13 - 2015-01-13 15:13 - 00320512 _____ () C:\Windows\Minidump\011315-22214-01.dmp
2015-01-12 21:23 - 2015-01-13 15:30 - 00000000 ____D () C:\AdwCleaner
2015-01-12 20:09 - 2015-01-12 21:21 - 00000000 ____D () C:\Users\Troy\Desktop\mbar
2015-01-12 20:08 - 2015-01-12 20:09 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Troy\Downloads\mbar-1.08.2.1001 (1).exe
2015-01-10 19:35 - 2015-01-17 13:21 - 00000000 ____D () C:\FRST
2015-01-10 19:26 - 2015-01-10 19:26 - 00852504 _____ () C:\Users\Troy\Downloads\SecurityCheck.exe
2015-01-10 19:24 - 2015-01-17 13:21 - 02125824 _____ (Farbar) C:\Users\Troy\Desktop\FRST64.exe
2015-01-10 19:24 - 2015-01-10 19:24 - 02124288 _____ (Farbar) C:\Users\Troy\Downloads\FRST64.exe
2015-01-09 20:34 - 2015-01-09 20:34 - 01536579 _____ () C:\Users\Lizz\Downloads\IMG_4214.MOV
2015-01-07 22:48 - 2015-01-07 22:48 - 00028404 _____ () C:\Users\Troy\Downloads\dds.txt
2015-01-05 12:43 - 2015-01-05 12:43 - 00688992 ____R (Swearware) C:\Users\Troy\Downloads\dds.com
2015-01-05 12:19 - 2015-01-05 12:19 - 00003220 _____ () C:\Windows\System32\Tasks\{6BCB00B6-7A22-4D09-AC02-BCD7FB47E5BF}
2015-01-04 23:00 - 2015-01-04 23:01 - 00000000 ____D () C:\Program Files\Windows Firewall Control
2015-01-04 23:00 - 2015-01-04 23:00 - 00000992 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Windows Firewall Control.lnk
2015-01-04 23:00 - 2015-01-04 23:00 - 00000986 _____ () C:\Users\Public\Desktop\Windows Firewall Control.lnk
2015-01-04 19:46 - 2015-01-04 19:47 - 00000000 ____D () C:\Program Files (x86)\LastPass
2015-01-04 19:46 - 2015-01-04 19:46 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-01-04 19:46 - 2015-01-04 19:46 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-01-04 19:46 - 2015-01-04 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-01-04 19:44 - 2015-01-04 19:45 - 14147584 _____ () C:\Users\Troy\Downloads\lastpass_x64.exe
2015-01-04 17:20 - 2015-01-04 17:20 - 00000000 ____D () C:\Users\Lizz\AppData\Roaming\Panda Security
2015-01-04 15:43 - 2015-01-04 15:43 - 00347648 _____ (BiniSoft.org) C:\Users\Troy\Downloads\wfc4setup.exe
2015-01-04 14:52 - 2015-01-04 14:52 - 03644368 _____ (Sphinx Software ) C:\Users\Troy\Downloads\Windows8FirewallControl-Setup-x64.exe
2015-01-03 15:40 - 2015-01-03 15:40 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Panda Security
2015-01-03 15:40 - 2015-01-03 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2015-01-03 15:40 - 2015-01-03 15:40 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-03 15:38 - 2015-01-03 15:40 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-03 15:38 - 2015-01-03 15:38 - 01630952 _____ () C:\Users\Troy\Downloads\PANDAFREEAV.exe
2015-01-03 14:55 - 2015-01-03 14:55 - 00543483 _____ () C:\Users\Troy\Downloads\Windows6.1-KB2852386-x64.msu
2015-01-03 14:44 - 2015-01-03 14:44 - 00001855 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-01-03 14:44 - 2015-01-03 14:44 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-03 13:55 - 2015-01-13 15:31 - 00000926 _____ () C:\Windows\PFRO.log
2015-01-03 11:51 - 2015-01-03 15:40 - 00133008 _____ () C:\Users\Troy\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 11:50 - 2015-01-15 20:06 - 00002856 _____ () C:\Windows\setupact.log
2015-01-03 11:50 - 2015-01-03 19:46 - 05059592 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-03 11:50 - 2015-01-03 11:50 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-03 10:28 - 2015-01-03 10:28 - 05317104 _____ (Piriform Ltd) C:\Users\Troy\Downloads\ccsetup501.exe
2015-01-03 10:22 - 2015-01-03 10:22 - 01707939 _____ (Thisisu) C:\Users\Troy\Downloads\JRT.exe
2015-01-03 09:47 - 2015-01-03 09:47 - 00000000 _____ () C:\autoexec.bat
2015-01-03 09:45 - 2015-01-03 09:45 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Troy\Downloads\SpyHunter-Installer.exe
2015-01-02 23:20 - 2015-01-02 23:20 - 00049669 _____ () C:\ComboFix.txt
2015-01-02 23:05 - 2015-01-02 23:06 - 05605575 ____R (Swearware) C:\Users\Lizz\Downloads\ComboFix.exe
2015-01-02 23:00 - 2015-01-04 23:51 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Lizz trmcummi
2015-01-02 22:31 - 2015-01-03 10:29 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-02 22:31 - 2015-01-02 22:31 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-02 21:00 - 2015-01-02 21:01 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Troy\Downloads\mbar-1.08.2.1001.exe
2015-01-02 20:51 - 2015-01-02 20:51 - 04166770 _____ () C:\Users\Troy\Downloads\tdsskiller.zip
2015-01-02 19:09 - 2015-01-02 19:10 - 02173952 _____ () C:\Users\Troy\Downloads\adwcleaner_4.106.exe
2015-01-02 17:49 - 2015-01-02 17:49 - 00000000 ____D () C:\ProgramData\aeajkbojmgnmmkfmfnnhacfokpodkgfc
2014-12-29 14:25 - 2014-12-12 16:47 - 00620176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-12-29 14:23 - 2014-12-13 02:08 - 32099472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 25460552 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 24764232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 20465808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 17264312 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 16040184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 13288360 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 13202520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 10770120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 10710160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 10345280 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-12-29 14:23 - 2014-12-13 02:08 - 03610440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 03248968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 01895056 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434709.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 01556624 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434709.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00994384 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00968336 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00942400 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00928072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00906560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00876976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00306328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00178632 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-12-29 14:23 - 2014-12-13 02:08 - 00165760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-12-29 14:23 - 2014-10-09 09:02 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-12-29 14:23 - 2014-10-09 09:02 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-12-29 14:23 - 2014-10-08 23:17 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2014-12-29 14:21 - 2014-11-22 02:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-29 14:21 - 2014-11-22 02:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-29 14:19 - 2014-12-29 14:19 - 00000000 ____D () C:\Windows\Sun
2014-12-28 14:56 - 2014-12-28 14:56 - 00000000 ____D () C:\ProgramData\hlpcheablcaclmiobkeogghebffdaefp
2014-12-27 14:33 - 2014-12-27 14:33 - 00002171 _____ () C:\Users\Troy\Desktop\Turkish Essentials.lnk
2014-12-27 14:33 - 2014-12-27 14:33 - 00000000 __HDC () C:\Users\Troy\AppData\Local\{8BEB034C-432A-4078-BC48-8FB45ACF50D8}
2014-12-27 14:33 - 2014-12-27 14:33 - 00000000 ____D () C:\Program Files (x86)\Transparent
2014-12-27 14:32 - 2014-12-27 14:33 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turkish Essentials
2014-12-26 17:02 - 2014-12-26 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2014-12-26 17:01 - 2014-12-26 17:01 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2014-12-26 17:01 - 2014-12-26 17:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft LifeCam
2014-12-26 17:01 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-12-26 17:01 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-12-23 07:55 - 2014-12-23 07:55 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-19 20:26 - 2014-12-19 20:27 - 00000000 ____D () C:\Program Files (x86)\Diablo II
2014-12-19 20:26 - 2014-12-19 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2014-12-18 10:11 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 10:11 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-17 13:20 - 2011-11-28 20:41 - 01125791 _____ () C:\Windows\WindowsUpdate.log
2015-01-17 13:03 - 2014-11-02 19:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 12:47 - 2014-02-12 17:21 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004UA1cf2859e821c273.job
2015-01-17 10:51 - 2014-02-12 17:21 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004Core1cf2859e7fb9c44.job
2015-01-16 14:17 - 2012-10-24 18:27 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\vlc
2015-01-16 13:44 - 2014-09-27 20:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 20:14 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 20:14 - 2009-07-13 20:45 - 00028352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 20:06 - 2011-11-28 22:37 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 20:06 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 20:05 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-14 21:50 - 2013-07-22 23:04 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 21:46 - 2011-12-07 18:13 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-14 09:32 - 2011-12-08 18:16 - 00000000 ____D () C:\Users\Troy\AppData\Local\Adobe
2015-01-13 22:03 - 2014-11-02 19:20 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 22:03 - 2014-11-02 19:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 22:03 - 2011-11-28 20:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 15:13 - 2014-10-24 12:24 - 00000000 ____D () C:\Windows\Minidump
2015-01-12 21:21 - 2013-11-07 03:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-12 20:09 - 2013-11-07 03:01 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-09 20:34 - 2013-08-23 18:03 - 00000000 ____D () C:\Users\Lizz\AppData\Roaming\vlc
2015-01-08 14:19 - 2014-10-10 14:32 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\uTorrent
2015-01-07 20:44 - 2013-09-20 17:25 - 00000000 ____D () C:\Users\Troy\Documents\Anki
2015-01-06 04:36 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 12:22 - 2013-11-07 00:45 - 00000000 ____D () C:\Spyware Cleaners
2015-01-05 12:18 - 2014-10-11 07:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-01-05 08:14 - 2011-11-28 21:11 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-04 23:50 - 2014-09-27 19:59 - 00004956 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Troy trmcummi
2015-01-04 17:20 - 2013-08-23 17:29 - 00133008 _____ () C:\Users\Lizz\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-04 09:57 - 2014-09-27 20:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-01-03 15:37 - 2012-10-18 16:18 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-01-03 14:44 - 2013-08-23 17:29 - 00000000 ____D () C:\Users\Lizz
2015-01-03 14:44 - 2012-02-08 17:32 - 00000000 ____D () C:\Users\Mcx1-TRMCUMMI
2015-01-03 14:11 - 2011-12-06 17:32 - 00000000 ____D () C:\Users\Troy
2015-01-03 12:25 - 2012-04-07 16:23 - 00000000 ____D () C:\Users\Troy\.autobahn
2015-01-03 12:23 - 2014-10-13 13:54 - 00000000 ____D () C:\Users\Troy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-02 23:20 - 2013-11-07 01:10 - 00000000 ____D () C:\Qoobox
2015-01-02 23:19 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-02 22:46 - 2011-11-28 21:08 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-02 21:05 - 2014-05-11 10:59 - 00000000 ____D () C:\temp
2015-01-02 16:52 - 2014-10-22 20:48 - 11222744 _____ (SurfRight B.V.) C:\Users\Troy\Downloads\HitmanPro_x64.exe
2015-01-01 22:48 - 2014-12-14 21:04 - 00018885 _____ () C:\Users\Troy\Desktop\Words from Class 2.xlsx
2014-12-30 23:21 - 2014-10-22 16:55 - 00000000 ____D () C:\Users\Troy\Desktop\Turkish Language Pack
2014-12-29 15:26 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Web
2014-12-29 14:25 - 2014-03-07 19:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-29 14:13 - 2013-10-18 17:13 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-29 14:13 - 2013-10-18 17:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-29 14:13 - 2013-10-18 17:13 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-29 14:13 - 2013-10-18 17:13 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-29 14:13 - 2012-09-04 10:35 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-24 20:41 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-24 16:05 - 2014-03-14 18:08 - 00000000 ____D () C:\Users\Troy\AppData\Local\Windows Live
2014-12-22 10:48 - 2011-09-02 08:16 - 00036352 _____ () C:\Users\Troy\Documents\Lizz and Troy's Address Book.xls
2014-12-22 08:22 - 2014-03-06 09:42 - 00000000 ____D () C:\Users\Lizz\AppData\Local\Windows Live
2014-12-18 09:59 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
 
==================== Files in the root of some directories =======
2011-12-09 17:43 - 2010-03-21 14:24 - 0000175 _____ () C:\Program Files\autorun.inf
2011-12-09 17:43 - 2010-09-22 07:46 - 5503488 _____ () C:\Program Files\IU.MSP
2011-12-09 17:43 - 2010-03-26 07:22 - 0001941 _____ () C:\Program Files\README.HTM
2011-12-09 17:43 - 2006-11-16 09:45 - 0000035 _____ () C:\Program Files\run.bat
2011-12-09 15:59 - 2010-11-10 21:15 - 0808400 _____ (Adobe Systems Incorporated) C:\Program Files\Set-up.exe
2011-12-09 17:43 - 2010-03-11 13:45 - 1377656 _____ (Microsoft Corporation) C:\Program Files\setup.exe
2014-10-10 07:39 - 2014-10-10 07:43 - 0000000 _____ () C:\Users\Troy\AppData\Roaming\bitlord_log.txt
2013-04-18 13:09 - 2013-09-20 21:30 - 0042990 _____ () C:\Users\Troy\AppData\Roaming\eyeVocab Arabic1304100800-2012.pref
2014-04-17 09:57 - 2014-04-17 09:57 - 0893239 _____ () C:\Users\Troy\AppData\Local\a.zip
2014-04-17 09:57 - 2014-04-17 09:57 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Troy\AppData\Local\BcsKtYcHW.dll
2011-12-17 19:18 - 2012-10-24 20:50 - 0020480 _____ () C:\Users\Troy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-08 21:06 - 2013-11-08 21:06 - 0007597 _____ () C:\Users\Troy\AppData\Local\Resmon.ResmonCfg
2012-06-14 11:26 - 2014-10-04 15:11 - 0017755 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-14 10:18
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by Troy at 2015-01-17 13:22:00
Running from C:\Users\Troy\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Panda Free Antivirus (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\uTorrent) (Version: 3.4.2.36802 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\Amazon Kindle) (Version:  - Amazon)
Anki (HKLM-x32\...\Anki) (Version:  - )
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audials (HKLM-x32\...\{CA50136F-9F9E-4AFC-ADD4-471F896AC922}) (Version: 11.0.51800.0 - Audials AG)
Blio (HKLM-x32\...\{400182B4-CA55-46A9-9D88-F8413DCFB36D}) (Version: 2.3.7140 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DVDFab 8.2.2.8 (26/02/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
eyeVocab Arabic Quiz version 1.0 (HKLM-x32\...\{E07ABF83-9FBC-48BE-8D82-EDAF6FB68DC0}_is1) (Version: 1.0 - Miles Becker)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{43AC7CBC-1D6A-3B5B-81B1-A0C166FE48F4}) (Version: 4.8.2.15856 - Google)
Google Talk Plugin (HKLM-x32\...\{F7770F7F-0ABC-30CB-95BC-93761A05CAB6}) (Version: 5.38.4.0 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM-x32\...\HandBrake) (Version: 0.9.8 - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.232 - SurfRight B.V.)
HP Support Solutions Framework (HKLM-x32\...\{348A1F5B-07B3-4436-9A47-FFE44EFE856E}) (Version: 11.51.0004 - Hewlett-Packard Company)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.0.0.1046 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - اللغة العربية (HKLM\...\{90150000-001F-0401-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.09 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.09 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
THX TruStudio PC (HKLM-x32\...\{010A785B-F920-4350-821B-6309909C20BB}) (Version: 1.0 - Creative Technology Limited)
Turkish Essentials (HKU\S-1-5-21-2893754199-1963525480-799371462-1001\...\Turkish Essentials) (Version:  - Transparent Language, Inc.)
Turkish Essentials (x32 Version: 1.0.0 - Transparent Language, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 4.2.1.0 - BiniSoft.org)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
03-01-2015 12:29:33 Removed TrustedID IDMonitor Identity Protection
03-01-2015 13:39:54 Checkpoint by HitmanPro
04-01-2015 19:00:16 Windows Backup
06-01-2015 08:36:52 Windows Update
09-01-2015 10:32:00 Windows Update
11-01-2015 20:09:04 Windows Backup
13-01-2015 08:44:16 Windows Update
14-01-2015 21:46:28 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2015-01-02 23:19 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0878C06A-6394-4EC7-8157-75B4392D20BB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {0BBC723D-E09E-44D6-A687-025F8EB39C5A} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-TRMCUMMI => C:\Windows\ehome\McxTask.exe [2009-07-13] (Microsoft Corporation)
Task: {11799E94-0B62-46A3-AB1A-4C67C4094927} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {12CBEEA3-DDB3-4384-A31D-22F8F77D738C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1761DBFE-0F39-45B0-9A8D-458F8D0DCEF5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1EA1903F-B8FF-461B-818A-0B2560494EC5} - \SystemToolsDailyTest No Task File <==== ATTENTION
Task: {2D6F16DF-ED40-4B09-9E9B-87AC2666B76B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Troy trmcummi => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {3C7A52DF-0A45-4CD2-9E72-0C19A5FF5383} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {475EBECC-D5DA-486F-8C69-A578C56AAB5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004UA1cf2859e821c273 => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {5A0D47B4-BC79-4599-8EDA-A8201F7C488B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {5A8BD515-4708-4850-9E01-898256A0FA64} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {5F3A7E70-AA77-4675-A573-D1931ADC882F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {628D7652-2AD0-4A04-AD06-8C6A5DE22067} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {6456FAD8-EC60-46FD-B4C5-791B1F049842} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004Core1cf2859e7fb9c44 => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-30] (Google Inc.)
Task: {64C58A62-5154-4C22-BBF6-E8A023143F4B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {709844A5-12B4-48E0-AA73-708EE72BF59E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for trmcummi-Lizz trmcummi => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {7F8FB65F-338D-4815-B69B-A4556488F66B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {84AB3B8E-AF8E-4899-A42A-5BB207F5C898} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8C4B02B1-50F3-4858-B5D7-F8B42BA2A404} - \{42491CED-DF4F-4671-80C1-8D3D1396EF1D} No Task File <==== ATTENTION
Task: {A71C5CA4-AFF6-48B0-B25C-CEE4F37893DD} - \{36E574BB-42D2-4672-9813-8D269134AAE4} No Task File <==== ATTENTION
Task: {AD49B708-1300-4817-BD21-FDDCAF5A8E61} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {B6D225E9-287F-445B-8B44-82C63E2AD3B1} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-31] (PC-Doctor, Inc.)
Task: {C869B24C-77EC-4A7F-B466-594F30933EDE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {CAFD563C-77E2-4E3E-BB3A-247EE7E8BB0D} - System32\Tasks\{6BCB00B6-7A22-4D09-AC02-BCD7FB47E5BF} => pcalua.exe -a "C:\Spyware Cleaners\Shortcut Manager fixer\shman\shman.exe" -d "C:\Spyware Cleaners\Shortcut Manager fixer\shman"
Task: {F2837931-DE89-456D-BC4C-7E161BE521C3} - System32\Tasks\AdobeAAMUpdater-1.0-trmcummi-Troy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004Core1cf2859e7fb9c44.job => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893754199-1963525480-799371462-1004UA1cf2859e821c273.job => C:\Users\Lizz\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-07 19:06 - 2014-12-13 00:03 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-12 17:58 - 2014-02-12 17:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-12 09:23 - 2013-04-12 09:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-10-16 07:50 - 2014-10-16 07:50 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ba8588c3319d63350220ec2ac3eb2c36\IsdiInterop.ni.dll
2011-11-28 20:53 - 2010-09-13 16:28 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-09-24 16:44 - 2014-09-22 20:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 16:44 - 2014-09-22 20:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 16:44 - 2014-09-22 20:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 16:44 - 2014-09-22 20:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 16:44 - 2014-09-22 20:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-24 16:44 - 2014-09-22 20:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\temp:pid1
AlternateDataStreams: C:\temp:pid2
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Troy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Send to OneNote.lnk => C:\Windows\pss\Send to OneNote.lnk.Startup
MSCONFIG\startupreg: AccuWeatherWidget => "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DellStage => "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PhotoshopElements8SyncAgent => C:\Program Files (x86)\Adobe\Elements 10 Organizer\ElementsOrganizerSyncAgent.exe
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2893754199-1963525480-799371462-500 - Administrator - Disabled)
Guest (S-1-5-21-2893754199-1963525480-799371462-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2893754199-1963525480-799371462-1007 - Limited - Enabled)
Lizz (S-1-5-21-2893754199-1963525480-799371462-1004 - Administrator - Enabled) => C:\Users\Lizz
Mcx1-TRMCUMMI (S-1-5-21-2893754199-1963525480-799371462-1003 - Limited - Enabled) => C:\Users\Mcx1-TRMCUMMI
Troy (S-1-5-21-2893754199-1963525480-799371462-1001 - Administrator - Enabled) => C:\Users\Troy
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/17/2015 01:18:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8081
 
Error: (01/17/2015 01:18:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8081
 
Error: (01/17/2015 01:18:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/17/2015 01:18:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7083
 
Error: (01/17/2015 01:18:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7083
 
Error: (01/17/2015 01:18:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/17/2015 01:18:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084
 
Error: (01/17/2015 01:18:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084
 
Error: (01/17/2015 01:18:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/17/2015 01:18:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5086
 
 
System errors:
=============
Error: (01/15/2015 08:06:55 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (01/15/2015 01:23:55 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (01/13/2015 06:34:21 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error: 
%%5
 
Error: (01/13/2015 05:55:28 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
 
Microsoft Office Sessions:
=========================
Error: (01/17/2015 01:18:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8081
 
Error: (01/17/2015 01:18:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8081
 
Error: (01/17/2015 01:18:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/17/2015 01:18:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7083
 
Error: (01/17/2015 01:18:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7083
 
Error: (01/17/2015 01:18:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/17/2015 01:18:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6084
 
Error: (01/17/2015 01:18:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6084
 
Error: (01/17/2015 01:18:18 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/17/2015 01:18:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5086
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-02 23:18:24.855
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 23:18:24.808
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 23:18:24.777
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 23:18:24.730
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.291
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.260
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.198
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.151
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\zykfbwqah.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.089
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\jehwbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-01-02 22:52:40.042
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Spyware Cleaners\XueTR\jehwbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 8174.44 MB
Available physical RAM: 6281.71 MB
Total Pagefile: 16347.07 MB
Available Pagefile: 13172 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:452.47 GB) (Free:245.75 GB) NTFS
Drive i: (Movies) (Fixed) (Total:1862.98 GB) (Free:1485.85 GB) NTFS
Drive j: (Computer Backup) (Fixed) (Total:465.73 GB) (Free:11.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B15A467D)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=13.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 465.7 GB) (Disk ID: 044E0803)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#14 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:21 PM

Posted 17 January 2015 - 04:45 PM

Hello trmcummi,

well done. :)

It Appears That Your Pc Is Now Clean!
 

***


Clean up:

We used Combofix.
Deactivate your antivirus software once more.
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

    CF-Uninstall.png
Enable your antivirus software.


***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
start
EmptyTemp:
DeleteQuarantine:
end

Run FRST/FRST64 and press the Fix button just once and wait.
no needed to post the log this time.
 

***


Right-click AdwCleaner.exe and select Run As Administrator.
  • Click on the Uninstall button.
  • A window will open, press the Confirm button.
  • AdwCleaner will uninstall now.

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.


***


Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
  • Open Internet Explorer
  • Click on Tools > Internet Options
  • Press Security tab
  • Select Internet zone then place check next to Enable Protected Mode if not already done
  • Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
  • Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Make sure you keep your Windows OS current.
  • Windows XP is no longer supported from MS.
    This is a security risk anyway.
  • Windows Vista / 7 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
4. Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan.
https://secunia.com/vulnerability_scanning/personal/


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:21 PM

Posted 21 January 2015 - 03:07 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users