Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP, adultcamera.info chrome popup virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 droolq

droolq

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 30 January 2015 - 12:17 AM

Hello, 

Sorry I couldn't search for the above mentioned problem before posting as it is becoming very frustrating and I'am in need of quick help.

So, since today morning my chrome browser has been infected with this (adultcamera.info) pop up virus and I'am not able to get rid of this annoying  pop-up. It became even worse when the same virus got transferred to my phone, so now whenever I browse on my phone this same problem occurs.

I think so my entire router is infected with this virus.

Any form of immediate help will be appreciated.

Thank you

 

Edit: Just found out that my second phone which wasn't connected to my PC when it got infected with the virus isn't affected by it, only my first one which was connected is infected alongside my PC.  


Edited by droolq, 30 January 2015 - 12:31 AM.


BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:47 AM

Posted 30 January 2015 - 07:35 AM

Hello droolq,

Welcome to Bleeping Computer! :welcome:

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
==========================================================================

Also, do you have a Google account that you are logged into on both your PC and phone (assuming you also use Google Chrome as the web browser on your phone)?

Edited by TheShooter93, 30 January 2015 - 07:43 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 droolq

droolq
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 30 January 2015 - 07:52 AM

Hello Cody,

Thank you for your response. Below are the two files you mentioned about.

 

FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by droolq (administrator) on droolq-PC on 30-01-2015 18:10:11
Running from C:\Users\droolq\Downloads\Programs
Loaded Profiles: droolq & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS (Available profiles: droolq & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12856936 2011-09-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TFPUPWDBankService] => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe [925104 2010-03-02] (TOSHIBA)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe [789368 2010-11-05] (TOSHIBA)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-08-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => "D:\VM Ware\vmware-tray.exe"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [New Value #1] 1
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [Akamai NetSession Interface] => C:\Users\droolq\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [iFunBox Price Watch] => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [BlackBerryLink.exe] => "D:\Research In Motion\BlackBerryLink.exe" /minimize
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-13] (Google Inc.)
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\MountPoints2: {44c68f4b-8ff1-11e3-9706-e89d878ceb31} - G:\Windows\Autorun.exe
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\MountPoints2: {866f9988-9baf-11e4-918a-e89d878ceb31} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\MountPoints2: {fb94f068-7fa9-11e4-b08e-e89d878ceb31} - D:\Lenovo_Suite.exe
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\MountPoints2: {fb94f078-7fa9-11e4-b08e-e89d878ceb31} - D:\Lenovo_Suite.exe
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\MSSQLFDLauncher$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\ReportServer$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll (TOSHIBA)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-856131112-1585500613-1037051914-1001 -> DefaultScope {F52BA9B7-EF1B-4571-AFBA-4D011587FD5D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_enAE564
SearchScopes: HKU\S-1-5-21-856131112-1585500613-1037051914-1001 -> {F52BA9B7-EF1B-4571-AFBA-4D011587FD5D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_enAE564
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-856131112-1585500613-1037051914-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0E1C1992-6DD4-4772-BBF7-A8B10FC19290}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{698E4F58-FE32-44D9-9C2B-089FEC6EC694}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pmang.com/npPMangFX -> C:\windows\system32\npPMangFX-x86.DLL No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - 
FF HKLM-x32\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - 
FF HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\droolq\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\droolq\AppData\Roaming\IDM\idmmzcc5 [2013-12-02]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.thesixtyone.com/", "hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Find your way to Oz) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2014-08-12]
CHR Extension: (Box) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-08-12]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2014-08-12]
CHR Extension: (Text to ASCII Art) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnnnhgifkejnkjbmigmenlfnjkngelg [2015-01-22]
CHR Extension: (TweetDeck by Twitter) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-08-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-15]
CHR Extension: (Google Wallet) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
CHR HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\droolq\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [192160 2014-07-23] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [4797064 2013-11-05] (INCA Internet Co., Ltd.)
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2423792 2012-10-20] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613024 2014-07-23] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 VMAuthdService; "D:\VM Ware\vmware-authd.exe" [X]
S2 VMwareHostd; "D:\VM Ware\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml"
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 HWiNFO32; C:\windows\system32\drivers\HWiNFO64A.SYS [27552 2014-10-26] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
S3 SDGame; C:\Windows\System32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MFE_RR; \??\C:\Users\droolq\AppData\Local\Temp\mfe_rr.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 18:02 - 2015-01-30 18:02 - 00000000 ____D () C:\Quarantine
2015-01-30 17:48 - 2015-01-30 17:57 - 00000000 ____D () C:\AdwCleaner
2015-01-30 17:47 - 2015-01-30 18:02 - 00000000 ____D () C:\Program Files (x86)\stinger
2015-01-30 17:47 - 2015-01-30 17:47 - 02194432 _____ () C:\Users\droolq\Desktop\AdwCleaner.exe
2015-01-30 10:33 - 2015-01-30 10:33 - 00044220 _____ () C:\Users\droolq\Desktop\Addition.txt
2015-01-30 10:33 - 2015-01-30 10:33 - 00040544 _____ () C:\Users\droolq\Desktop\FRST.txt
2015-01-30 10:28 - 2015-01-30 18:10 - 00000000 ____D () C:\FRST
2015-01-30 07:40 - 2015-01-30 07:40 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\TaiG
2015-01-30 07:37 - 2014-12-10 09:13 - 51938816 _____ (taig tools) C:\Users\droolq\Downloads\TaiGJBreak_EN_1201.exe
2015-01-30 07:09 - 2015-01-30 07:36 - 50037296 _____ () C:\Users\droolq\Downloads\TaiGJBreak_EN_1201 (1).zip
2015-01-30 06:14 - 2015-01-30 06:14 - 00000000 _____ () C:\autoexec.bat
2015-01-30 06:02 - 2015-01-30 07:00 - 00000864 _____ () C:\windows\wininit.ini
2015-01-30 04:48 - 2015-01-30 04:48 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-30 04:45 - 2015-01-30 07:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-30 04:40 - 2015-01-30 10:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-27 19:44 - 2015-01-27 19:44 - 00000000 __SHD () C:\Users\droolq\AppData\Local\EmieBrowserModeList
2015-01-23 20:58 - 2015-01-23 20:38 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2015-01-23 20:58 - 2015-01-23 20:38 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2015-01-23 20:58 - 2015-01-23 20:38 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-01-23 12:52 - 2015-01-23 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-01-23 12:23 - 2015-01-23 12:40 - 17811112 _____ (The Git Development Community ) C:\Users\droolq\Downloads\Git-1.9.5-preview20141217.exe
2015-01-19 17:54 - 2015-01-19 17:54 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\Research In Motion
2015-01-19 16:14 - 2013-03-15 19:37 - 00000000 ____D () C:\Users\droolq\Desktop\images
2015-01-19 16:14 - 2013-03-15 19:36 - 00000000 ____D () C:\Users\droolq\Desktop\720x720
2015-01-19 09:44 - 2015-01-30 07:01 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\VMware
2015-01-19 09:44 - 2015-01-30 07:01 - 00000000 ____D () C:\Users\droolq\AppData\Local\VMware
2015-01-17 23:50 - 2012-11-01 02:35 - 00357016 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe
2015-01-17 23:50 - 2012-11-01 02:34 - 00435864 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe
2015-01-17 23:50 - 2012-11-01 02:34 - 00067224 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmx86.sys
2015-01-17 23:50 - 2012-11-01 02:34 - 00030360 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetuserif.sys
2015-01-17 23:50 - 2012-10-24 14:17 - 00070296 _____ (VMware, Inc.) C:\windows\system32\Drivers\vsock.sys
2015-01-17 23:50 - 2012-10-24 14:17 - 00067224 _____ (VMware, Inc.) C:\windows\system32\vsocklib.dll
2015-01-17 23:50 - 2012-10-24 14:17 - 00063128 _____ (VMware, Inc.) C:\windows\SysWOW64\vsocklib.dll
2015-01-17 23:49 - 2015-01-17 23:49 - 00001532 _____ () C:\Users\Public\Desktop\VMware Workstation.lnk
2015-01-17 23:49 - 2015-01-17 23:49 - 00001024 _____ () C:\windows\SysWOW64\%TMP%
2015-01-17 23:49 - 2015-01-17 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-01-17 23:49 - 2015-01-17 23:49 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-01-17 23:49 - 2012-11-01 02:35 - 00933528 _____ (VMware, Inc.) C:\windows\system32\vnetlib64.dll
2015-01-17 23:49 - 2012-10-11 17:15 - 00052376 _____ (VMware, Inc.) C:\windows\system32\Drivers\hcmon.sys
2015-01-17 23:48 - 2015-01-30 17:58 - 00000000 ____D () C:\ProgramData\VMware
2015-01-17 23:48 - 2015-01-17 23:48 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2015-01-17 23:48 - 2015-01-17 23:48 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-01-17 23:46 - 2015-01-17 23:46 - 00000000 ____D () C:\Users\droolq\New folder (2)
2015-01-17 21:40 - 2012-12-12 19:19 - 00000000 ____D () C:\Users\droolq\Desktop\VM-WARE 9 WORKSTATION
2015-01-15 20:25 - 2015-01-15 20:25 - 00000568 _____ () C:\Users\droolq\Desktop\Momentics.lnk
2015-01-14 19:53 - 2015-01-23 14:31 - 00001073 _____ () C:\Users\droolq\.deployData
2015-01-14 19:52 - 2015-01-14 19:52 - 00000000 ____D () C:\Users\droolq\Documents\BlackBerry
2015-01-14 19:51 - 2015-01-14 19:51 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\XCPCSync.OEM
2015-01-14 19:47 - 2015-01-14 19:47 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2015-01-14 19:46 - 2015-01-14 19:46 - 00000000 ____D () C:\ProgramData\Research In Motion
2015-01-14 19:46 - 2015-01-14 19:46 - 00000000 _____ () C:\windows\SysWOW64\out.txt
2015-01-14 19:46 - 2015-01-14 19:46 - 00000000 _____ () C:\windows\SysWOW64\err.txt
2015-01-14 14:37 - 2015-01-14 14:37 - 00000020 _____ () C:\Users\droolq\Desktop\input.txt
2015-01-14 11:25 - 2014-12-19 08:36 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 11:25 - 2014-12-19 07:16 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 11:25 - 2014-12-12 11:05 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 11:25 - 2014-12-12 11:01 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 11:25 - 2014-12-12 11:01 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 11:25 - 2014-12-12 11:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 11:25 - 2014-12-12 10:41 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:25 - 2014-12-12 10:41 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:25 - 2014-12-12 10:37 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 11:25 - 2014-12-11 23:17 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 11:25 - 2014-12-06 09:47 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 11:25 - 2014-12-06 09:20 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 11:25 - 2014-12-06 09:20 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 11:08 - 2015-01-30 17:58 - 00004542 _____ () C:\windows\setupact.log
2015-01-14 11:08 - 2015-01-14 11:08 - 00000000 _____ () C:\windows\setuperr.log
2015-01-13 18:55 - 2015-01-13 19:06 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qt 5.2.1
2015-01-13 16:56 - 2015-01-22 18:19 - 00000000 ____D () C:\Users\droolq\momentics-workspace
2015-01-13 16:56 - 2015-01-19 17:54 - 00000000 ____D () C:\Users\droolq\AppData\Local\Research In Motion
2015-01-13 16:50 - 2015-01-14 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Momentics
2015-01-12 11:07 - 2015-01-12 11:07 - 00000904 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-01-12 11:05 - 2015-01-12 11:07 - 00000000 ____D () C:\Program Files\GIMP 2
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-30 18:05 - 2009-07-14 10:15 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-30 18:05 - 2009-07-14 10:15 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-30 18:04 - 2013-12-02 15:46 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\IDM
2015-01-30 18:04 - 2009-07-14 10:43 - 00924292 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-30 18:02 - 2013-12-02 10:04 - 01202344 _____ () C:\windows\WindowsUpdate.log
2015-01-30 17:58 - 2011-10-13 05:25 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-30 17:58 - 2009-07-14 10:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-30 17:57 - 2010-11-21 09:17 - 00201702 _____ () C:\windows\PFRO.log
2015-01-30 17:50 - 2014-10-25 09:19 - 00004966 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for droolq-PC-droolq droolq-PC
2015-01-30 17:48 - 2013-12-02 15:46 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\DMCache
2015-01-30 17:37 - 2014-06-25 00:09 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-30 17:16 - 2011-10-13 05:25 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-30 15:51 - 2013-12-09 01:48 - 00000000 ____D () C:\Users\MSSQLFDLauncher$SQLEXPRESS
2015-01-30 10:21 - 2009-07-14 10:38 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-30 06:13 - 2014-11-11 07:53 - 00000000 ____D () C:\Users\droolq\Documents\DragonNest
2015-01-29 19:27 - 2014-08-21 17:33 - 00000000 ____D () C:\Users\droolq\Downloads\Compressed
2015-01-28 06:46 - 2013-12-02 02:02 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\uTorrent
2015-01-27 07:20 - 2011-10-13 05:25 - 00002153 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-26 06:38 - 2014-06-25 00:09 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 06:38 - 2014-06-25 00:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 06:38 - 2014-06-25 00:09 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-23 20:58 - 2013-12-02 21:03 - 00000000 ____D () C:\Program Files\Java
2015-01-23 20:58 - 2013-12-02 19:46 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 20:57 - 2011-10-13 05:14 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-23 20:38 - 2013-12-02 21:04 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2015-01-23 20:37 - 2014-02-08 20:12 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-23 20:37 - 2014-02-08 20:12 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-23 20:37 - 2014-02-08 20:12 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-23 20:37 - 2013-12-02 19:57 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-22 21:03 - 2013-12-09 01:49 - 00000000 ____D () C:\Users\ReportServer$SQLEXPRESS
2015-01-22 20:32 - 2013-12-01 21:08 - 00000000 ____D () C:\Users\droolq
2015-01-21 11:34 - 2013-12-02 15:43 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\vlc
2015-01-20 19:01 - 2013-12-09 01:48 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS
2015-01-17 23:49 - 2013-12-04 19:23 - 00929278 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-01-16 14:36 - 2014-01-11 23:09 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\QtProject
2015-01-16 03:11 - 2013-12-02 11:42 - 00000000 ____D () C:\windows\system32\MRT
2015-01-16 03:00 - 2013-12-02 11:42 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-13 18:55 - 2014-07-05 12:12 - 00000000 ____D () C:\Qt
2015-01-08 10:56 - 2014-07-02 21:32 - 00000000 ____D () C:\Users\droolq\Documents\Visual Studio 2010
2015-01-08 10:09 - 2013-12-05 13:27 - 00000000 ____D () C:\Users\droolq\AppData\Local\Eclipse
2014-12-31 16:44 - 2010-11-21 08:57 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
 
==================== Files in the root of some directories =======
 
2013-12-12 19:06 - 2014-01-11 22:04 - 0000256 _____ () C:\Users\droolq\AppData\Roaming\settings.set
2014-11-12 22:43 - 2014-11-12 22:43 - 0007602 _____ () C:\Users\droolq\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\droolq\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\droolq\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\droolq\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\droolq\AppData\Local\Temp\Quarantine.exe
C:\Users\droolq\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 13:06
 
==================== End Of Log ============================
 
 
 
Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-01-2015
Ran by droolq at 2015-01-30 10:30:11
Running from C:\Users\droolq\Downloads\Programs
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta1 - Michael Tippach)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.9 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
AuthenTec Fingerprint Software (HKLM\...\{5F1DFCC1-595D-4235-A044-E05B706D800A}) (Version: 9.0.8.36 - AuthenTec, Inc.)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.13(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP495 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP495_series) (Version:  - Canon Inc.)
CMake 3.0.0, a cross-platform, open-source build system (HKLM-x32\...\CMake 3.0.0) (Version: 3.0.0 - Kitware)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CPUID HWMonitor 1.25 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240 - SAP) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.7000.7 - Dolby Laboratories Inc)
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GDR 3128 for SQL Server 2012 (KB2793634) (64-bit) (HKLM\...\KB2793634) (Version: 11.1.3128.0 - Microsoft Corporation)
GDR 3153 for SQL Server 2012 (KB2977326) (64-bit) (HKLM\...\KB2977326) (Version: 11.1.3153.0 - Microsoft Corporation)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Git version 1.9.5-preview20141217 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20141217 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Gtk# for .Net 2.12.22 (HKLM-x32\...\{06AF6533-F201-47C0-8675-AAAE5CB81B41}) (Version: 2.12.22 - Xamarin, Inc.)
HWiNFO64 Version 4.46 (HKLM\...\HWiNFO64_is1) (Version: 4.46 - Martin Malík - REALiX)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Chipset Device Software (x32 Version: 10.0.13 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Identity Protection Technology 1.2.18.0 (HKLM-x32\...\{9602841E-ECE2-1019-AAEE-906A4DE25D6B}) (Version: 1.2.18.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.5 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\{6E579724-82F9-454C-A98E-39DDDAB167FF}) (Version: 1.0.0.1008 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java SE Development Kit 8 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180250}) (Version: 8.0.250.18 - Oracle Corporation)
LenovoUsbDriver 1.0.12 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.12 - Lenovo)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{2C303EE0-A595-3543-A71A-931C7AC40EDE}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{B29CAAEC-E52C-4941-9729-1AB85B7970CA}) (Version: 11.1.3153.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{FE022499-97DD-45C9-A86B-7D34EA4E3A8D}) (Version: 11.1.3153.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{D6737142-1A85-4299-8523-5F3A1636EBE7}) (Version: 11.1.3153.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM\...\{A67C75DE-BED6-4F1B-97EB-30CD1D40FFED}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools – Database Projects – Web installer entry point (HKLM-x32\...\{F3BBC56F-2282-4464-952F-A89772181F30}) (Version: 10.3.20116.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20627.00) (HKLM-x32\...\{FA804794-2CCB-4301-954F-2C2894698876}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00) (HKLM-x32\...\{790E9425-8570-493F-9AE7-81AFC9E46930}) (Version: 11.1.20627.00 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM-x32\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Qt 5.2.1 (HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Qt 5.2.1) (Version: 5.2.1 - Digia Plc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6458 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.25.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.25.0 - Renesas Electronics Corporation) Hidden
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 1 for SQL Server 2012 (KB2674319) (64-bit) (HKLM\...\KB2674319) (Version: 11.1.3000.0 - Microsoft Corporation)
SharePoint Client Components (Version: 15.0.4481.1505 - Microsoft Corporation) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SQL Server 2012 BI Development Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Client Tools (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Documentation Components (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Full text search (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Reporting Services (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server 2012 SQL Data Quality Common (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.1.3000.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.1.3000.0 - Microsoft Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TFPU (Version: 1.0.0 - TOSHIBA) Hidden
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA ConfigFree (HKLM-x32\...\{A9FD58A9-7640-4E61-B166-F5FBAD8219F6}) (Version: 8.0.42 - TOSHIBA CORPORATION)
TOSHIBA eco Utility (HKLM\...\{41C2B21A-63BB-4377-9567-A97B15F21E59}) (Version: 1.3.7.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.3.50 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.6 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.11.64 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2003 - TOSHIBA Corporation)
TOSHIBA Security Assist (HKLM-x32\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.9 - TOSHIBA)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.9 - TOSHIBA Corporation)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.29 - TOSHIBA Corporation)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.1 - VMware, Inc)
VMware Workstation (Version: 9.0.1 - VMware, Inc.) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Windows Azure Storage Tools - v2.2 (HKLM-x32\...\{E7FCA9E4-CDCB-472B-B168-567B16088E89}) (Version: 2.2.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-856131112-1585500613-1037051914-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> D:\Git\git-cheetah\git_shell_ext64.dll No File
 
==================== Restore Points  =========================
 
30-01-2015 05:06:08 random
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2009-06-11 02:30 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {5094AD1E-6886-45A1-880B-0815E157A97F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {6450EA5B-2790-4197-8992-10987AC7865A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {6CDBA5C7-6729-4940-BA2D-B93334F302EF} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-26] (Adobe Systems Incorporated)
Task: {7D2094E8-0B29-43B8-A92F-7B6EA1FAD037} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8417F52E-EDA1-46BF-BADE-BC59CA071A0E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for droolq-PC-droolq droolq-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-11-12] (Microsoft Corporation)
Task: {9212A9E5-05BF-4DE8-B8FC-7C8E385A87D2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {95CE0272-B3AF-424A-8F51-12CB26A98FF3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {97E767BF-A78A-448C-B31D-BD7C0EE72077} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B7B7E961-5B7E-47C3-BD23-CCE6FEF9357A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {D8496C2A-A0CB-4B8D-A205-14A71C15E84C} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2011-06-16] (TOSHIBA CORPORATION)
Task: {FA136BF3-87B9-48D8-8190-D77C22F9606C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-11-12 17:17 - 2014-11-12 17:17 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-09-01 01:43 - 2011-09-01 01:43 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-09 01:19 - 2011-01-09 01:19 - 00360312 _____ () C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll
2010-12-16 04:49 - 2010-12-16 04:49 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-10-13 05:52 - 2011-02-22 15:36 - 00563576 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\en\Humphrey.resources.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-27 07:20 - 2015-01-25 11:38 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 07:20 - 2015-01-25 11:38 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 07:20 - 2015-01-25 11:38 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-01-27 07:20 - 2015-01-25 11:38 - 14913864 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll
2014-11-12 17:17 - 2014-11-12 17:17 - 08897696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TOSHIBA Bluetooth Service => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^droolq^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Pastebin Desktop.lnk => C:\windows\pss\Pastebin Desktop.lnk.Startup
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: Toshiba TEMPRO => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-856131112-1585500613-1037051914-500 - Administrator - Disabled)
droolq (S-1-5-21-856131112-1585500613-1037051914-1001 - Administrator - Enabled) => C:\Users\droolq
Guest (S-1-5-21-856131112-1585500613-1037051914-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-856131112-1585500613-1037051914-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/30/2015 10:28:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/30/2015 10:27:04 AM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQLEXPRESS) cannot connect to the report server database.
 
Error: (01/30/2015 10:24:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/30/2015 10:21:45 AM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQLEXPRESS) cannot connect to the report server database.
 
Error: (01/30/2015 10:20:19 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file  for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program vmware-hostd.exe because of this error.
 
Program: vmware-hostd.exe
File: 
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000026E
Disk type: 0
 
Error: (01/30/2015 10:20:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vmware-hostd.exe, version: 0.0.0.0, time stamp: 0x50923949
Faulting module name: vmacore.dll, version: 0.0.0.0, time stamp: 0x50923615
Exception code: 0xc0000006
Fault offset: 0x002476f4
Faulting process id: 0x608
Faulting application start time: 0xvmware-hostd.exe0
Faulting application path: vmware-hostd.exe1
Faulting module path: vmware-hostd.exe2
Report Id: vmware-hostd.exe3
 
Error: (01/30/2015 07:03:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpyHunter4.exe version 4.18.9.4384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4ec
 
Start Time: 01d03c2938488a30
 
Termination Time: 13
 
Application Path: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
 
Report Id: ebe7df2e-a81f-11e4-9028-005056c00008
 
Error: (01/30/2015 06:38:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpyHunter4.exe version 4.18.9.4384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1914
 
Start Time: 01d03c25ccc0a47f
 
Termination Time: 42
 
Application Path: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
 
Report Id: 6f7d514b-a81c-11e4-9028-005056c00008
 
Error: (01/30/2015 06:03:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDLogReport.exe version 2.4.40.107 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1e80
 
Start Time: 01d03c244e7d7fcb
 
Termination Time: 23
 
Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe
 
Report Id: 92871260-a817-11e4-9028-005056c00008
 
Error: (01/30/2015 04:44:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 198c
 
Start Time: 01d03c183382d296
 
Termination Time: 98
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
 
System errors:
=============
Error: (01/30/2015 10:27:05 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (01/30/2015 10:26:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VMware Workstation Server service depends on the VMware Authorization Service service which failed to start because of the following error: 
%%2
 
Error: (01/30/2015 10:26:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The VMware Authorization Service service failed to start due to the following error: 
%%2
 
Error: (01/30/2015 10:25:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/30/2015 10:25:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/30/2015 10:25:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/30/2015 10:24:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/30/2015 10:24:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/30/2015 10:24:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (01/30/2015 10:24:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (01/30/2015 10:28:20 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/30/2015 10:27:04 AM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQLEXPRESS)
 
Error: (01/30/2015 10:24:33 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/30/2015 10:21:45 AM) (Source: Report Server Windows Service (SQLEXPRESS)) (EventID: 107) (User: )
Description: Report Server Windows Service (SQLEXPRESS)
 
Error: (01/30/2015 10:20:19 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: vmware-hostd.exeC000026E0
 
Error: (01/30/2015 10:20:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: vmware-hostd.exe0.0.0.050923949vmacore.dll0.0.0.050923615c0000006002476f460801d03c15be06c757D:\VM Ware\vmware-hostd.exeD:\VM Ware\vmacore.dll7d69b673-a83b-11e4-9028-005056c00008
 
Error: (01/30/2015 07:03:01 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SpyHunter4.exe4.18.9.43844ec01d03c2938488a3013C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exeebe7df2e-a81f-11e4-9028-005056c00008
 
Error: (01/30/2015 06:38:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SpyHunter4.exe4.18.9.4384191401d03c25ccc0a47f42C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe6f7d514b-a81c-11e4-9028-005056c00008
 
Error: (01/30/2015 06:03:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SDLogReport.exe2.4.40.1071e8001d03c244e7d7fcb23C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe92871260-a817-11e4-9028-005056c00008
 
Error: (01/30/2015 04:44:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17496198c01d03c183382d29698C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2467M CPU @ 1.60GHz
Percentage of memory in use: 51%
Total physical RAM: 6044.55 MB
Available physical RAM: 2917.24 MB
Total Pagefile: 8283.64 MB
Available Pagefile: 4876.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Local Disk) (Fixed) (Total:97.11 GB) (Free:1.31 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (NEW VOLUME) (Removable) (Total:29.71 GB) (Free:0.99 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 3F8F6C0A)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=97.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=84)
Partition 4: (Not Active) - (Size=12.7 GB) - (Type=17)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.7 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:47 AM

Posted 31 January 2015 - 05:16 PM

Hello droolq,

Please read over and do the following.  :)

================================================================

P2P Warning

 

Going over your logs I noticed that you have uTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Programs and Features.

If you wish to keep it, please do not use it until your computer is cleaned.

================================================================

:exclame: Before beginning with these steps, make sure to move FRST.exe to your Desktop. You are currently running FRST from a location other than your Desktop and continuing to do so will cause an error with the following steps!  :exclame:

 

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
    HKLM\...\Run: [] => [X]
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    CHR HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] 
    C:\Users\droolq\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
    CHR HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

================================================================

Junkware Removal Tool

  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply

================================================================

Farbar Recovery Scan Tool (FRST)

  • Launch FRST.
  • Click the Scan button.
  • A new FRST.txt log will be produced. Include the contents of this log in your next post.

================================================================

Launch Google Chrome Incognito

 

Please see these directions https://support.google.com/chrome/answer/95464?hl=en on how to launch Google Chrome in incognito mode.

Let me know if this pop-up appears while in Incognito mode.

================================================================

Additional Questions

 

Does this pop-up appear while using any other browsers (Firefox, Internet Explorer, Opera, etc)?

Does this pop-up appear while on any network other than your home network?

================================================================

What I'd like to see in your next post:   :thumbsup2:

  • Confirmation you've read P2P warning.
  • Fixlog.txt.
  • JRT log.
  • Fresh FRST.txt.
  • Chrome Incognito results.
  • Answers to additional questions.

Edited by TheShooter93, 31 January 2015 - 05:16 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 droolq

droolq
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 31 January 2015 - 11:07 PM

Hello Cody,

Thanks again for taking your time for my problem.

 

I have uninstalled uTorrent like you've mentioned, also I have noticed after I followed up your 1st post, frequency of the pop-up has drastically decreased(usually it was about 3-4 times under 10min but now its 1-2 in about 30-45 min) but not gone  :(

 

Here's the Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by droolq at 2015-02-01 08:27:58 Run:1
Running from C:\Users\droolq\Desktop
Loaded Profiles: droolq & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS (Available profiles: droolq & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
CHR HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] 
C:\Users\droolq\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
CHR HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\SOFTWARE\Google\Chrome\Extensions\CHR HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] => Key not found. 
"CHR HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf]" => File/Directory not found.
"C:\Users\droolq\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]" => File/Directory not found.
"HKU\S-1-5-21-856131112-1585500613-1037051914-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
 
==== End of Fixlog 08:27:59 ====
 
 
JRT log:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by droolq on 01-02-2015 at  8:40:06.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf
Successfully deleted: [File] "C:\windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\droolq\appdata\local\{1A331A2F-9622-4D6F-9990-E21345C4758B}
Successfully deleted: [Empty Folder] C:\Users\droolq\appdata\local\{BC450A4C-36F5-4C83-A483-5EC37713185F}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01-02-2015 at  8:46:07.69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by droolq (administrator) on droolq-PC on 01-02-2015 08:53:40
Running from C:\Users\droolq\Desktop
Loaded Profiles: droolq & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS (Available profiles: droolq & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\droolq\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\droolq\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12856936 2011-09-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TFPUPWDBankService] => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe [925104 2010-03-02] (TOSHIBA)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe [789368 2010-11-05] (TOSHIBA)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-08-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => "D:\VM Ware\vmware-tray.exe"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [New Value #1] 1
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [Akamai NetSession Interface] => C:\Users\droolq\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [iFunBox Price Watch] => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [BlackBerryLink.exe] => "D:\Research In Motion\BlackBerryLink.exe" /minimize
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-13] (Google Inc.)
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\MountPoints2: {44c68f4b-8ff1-11e3-9706-e89d878ceb31} - G:\Windows\Autorun.exe
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\MountPoints2: {866f9988-9baf-11e4-918a-e89d878ceb31} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\MountPoints2: {fb94f068-7fa9-11e4-b08e-e89d878ceb31} - D:\Lenovo_Suite.exe
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\MountPoints2: {fb94f078-7fa9-11e4-b08e-e89d878ceb31} - D:\Lenovo_Suite.exe
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\MSSQLFDLauncher$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\ReportServer$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll (TOSHIBA)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
SearchScopes: HKU\S-1-5-21-856131112-1585500613-1037051914-1001 -> DefaultScope {F52BA9B7-EF1B-4571-AFBA-4D011587FD5D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_enAE564
SearchScopes: HKU\S-1-5-21-856131112-1585500613-1037051914-1001 -> {F52BA9B7-EF1B-4571-AFBA-4D011587FD5D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_enAE564
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-856131112-1585500613-1037051914-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0E1C1992-6DD4-4772-BBF7-A8B10FC19290}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{698E4F58-FE32-44D9-9C2B-089FEC6EC694}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pmang.com/npPMangFX -> C:\windows\system32\npPMangFX-x86.DLL No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - 
FF HKLM-x32\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - 
FF HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\droolq\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\droolq\AppData\Roaming\IDM\idmmzcc5 [2013-12-02]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.thesixtyone.com/", "hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live? Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Find your way to Oz) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2014-08-12]
CHR Extension: (Box) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-08-12]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2014-08-12]
CHR Extension: (Text to ASCII Art) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnnnhgifkejnkjbmigmenlfnjkngelg [2015-01-22]
CHR Extension: (TweetDeck by Twitter) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-08-12]
CHR Extension: (Google Wallet) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
CHR HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\droolq\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [192160 2014-07-23] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [4797064 2013-11-05] (INCA Internet Co., Ltd.)
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2423792 2012-10-20] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613024 2014-07-23] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 VMAuthdService; "D:\VM Ware\vmware-authd.exe" [X]
S2 VMwareHostd; "D:\VM Ware\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml"
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 HWiNFO32; C:\windows\system32\drivers\HWiNFO64A.SYS [27552 2014-10-26] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
S3 SDGame; C:\Windows\System32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MFE_RR; \??\C:\Users\droolq\AppData\Local\Temp\mfe_rr.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-01 08:46 - 2015-02-01 08:48 - 00001146 _____ () C:\Users\droolq\Desktop\JRT.txt
2015-02-01 08:39 - 2015-02-01 08:39 - 00000000 ____D () C:\windows\ERUNT
2015-02-01 08:33 - 2015-02-01 08:34 - 01707939 _____ (Thisisu) C:\Users\droolq\Desktop\JRT.exe
2015-02-01 08:27 - 2015-02-01 08:27 - 00000000 ____D () C:\Users\droolq\Desktop\FRST-OlderVersion
2015-01-31 17:55 - 2015-01-31 17:55 - 00001763 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-31 17:55 - 2015-01-31 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-31 17:54 - 2015-01-31 17:55 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 17:54 - 2015-01-31 17:55 - 00000000 ____D () C:\Program Files\iTunes
2015-01-31 17:54 - 2015-01-31 17:54 - 00000000 ____D () C:\Program Files\iPod
2015-01-31 17:54 - 2015-01-31 17:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-30 22:01 - 2015-01-30 22:02 - 00000000 ____D () C:\2a355686896cd80d89c033
2015-01-30 21:57 - 2015-01-30 21:58 - 00000000 ____D () C:\40794fe0d1fa5249df
2015-01-30 18:09 - 2015-02-01 08:27 - 02131456 _____ (Farbar) C:\Users\droolq\Desktop\FRST64.exe
2015-01-30 18:02 - 2015-01-30 18:02 - 00000000 ____D () C:\Quarantine
2015-01-30 17:48 - 2015-01-30 17:57 - 00000000 ____D () C:\AdwCleaner
2015-01-30 17:47 - 2015-01-30 18:02 - 00000000 ____D () C:\Program Files (x86)\stinger
2015-01-30 17:47 - 2015-01-30 17:47 - 02194432 _____ () C:\Users\droolq\Desktop\AdwCleaner.exe
2015-01-30 10:33 - 2015-02-01 08:53 - 00026712 _____ () C:\Users\droolq\Desktop\FRST.txt
2015-01-30 10:33 - 2015-01-30 18:21 - 00044194 _____ () C:\Users\droolq\Desktop\Addition.txt
2015-01-30 10:28 - 2015-02-01 08:53 - 00000000 ____D () C:\FRST
2015-01-30 07:40 - 2015-01-30 07:40 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\TaiG
2015-01-30 07:37 - 2014-12-10 09:13 - 51938816 _____ (taig tools) C:\Users\droolq\Downloads\TaiGJBreak_EN_1201.exe
2015-01-30 07:09 - 2015-01-30 07:36 - 50037296 _____ () C:\Users\droolq\Downloads\TaiGJBreak_EN_1201 (1).zip
2015-01-30 06:14 - 2015-01-30 06:14 - 00000000 _____ () C:\autoexec.bat
2015-01-30 04:48 - 2015-01-30 04:48 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-30 04:45 - 2015-01-30 07:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-30 04:40 - 2015-01-30 10:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-27 19:44 - 2015-01-27 19:44 - 00000000 __SHD () C:\Users\droolq\AppData\Local\EmieBrowserModeList
2015-01-23 20:58 - 2015-01-23 20:38 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2015-01-23 20:58 - 2015-01-23 20:38 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2015-01-23 20:58 - 2015-01-23 20:38 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-01-23 12:52 - 2015-01-23 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-01-23 12:23 - 2015-01-23 12:40 - 17811112 _____ (The Git Development Community ) C:\Users\droolq\Downloads\Git-1.9.5-preview20141217.exe
2015-01-19 17:54 - 2015-01-19 17:54 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\Research In Motion
2015-01-19 16:14 - 2013-03-15 19:37 - 00000000 ____D () C:\Users\droolq\Desktop\images
2015-01-19 16:14 - 2013-03-15 19:36 - 00000000 ____D () C:\Users\droolq\Desktop\720x720
2015-01-19 09:44 - 2015-01-30 07:01 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\VMware
2015-01-19 09:44 - 2015-01-30 07:01 - 00000000 ____D () C:\Users\droolq\AppData\Local\VMware
2015-01-17 23:50 - 2012-11-01 02:35 - 00357016 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe
2015-01-17 23:50 - 2012-11-01 02:34 - 00435864 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe
2015-01-17 23:50 - 2012-11-01 02:34 - 00067224 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmx86.sys
2015-01-17 23:50 - 2012-11-01 02:34 - 00030360 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetuserif.sys
2015-01-17 23:50 - 2012-10-24 14:17 - 00070296 _____ (VMware, Inc.) C:\windows\system32\Drivers\vsock.sys
2015-01-17 23:50 - 2012-10-24 14:17 - 00067224 _____ (VMware, Inc.) C:\windows\system32\vsocklib.dll
2015-01-17 23:50 - 2012-10-24 14:17 - 00063128 _____ (VMware, Inc.) C:\windows\SysWOW64\vsocklib.dll
2015-01-17 23:49 - 2015-01-17 23:49 - 00001532 _____ () C:\Users\Public\Desktop\VMware Workstation.lnk
2015-01-17 23:49 - 2015-01-17 23:49 - 00001024 _____ () C:\windows\SysWOW64\%TMP%
2015-01-17 23:49 - 2015-01-17 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-01-17 23:49 - 2015-01-17 23:49 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-01-17 23:49 - 2012-11-01 02:35 - 00933528 _____ (VMware, Inc.) C:\windows\system32\vnetlib64.dll
2015-01-17 23:49 - 2012-10-11 17:15 - 00052376 _____ (VMware, Inc.) C:\windows\system32\Drivers\hcmon.sys
2015-01-17 23:48 - 2015-02-01 06:38 - 00000000 ____D () C:\ProgramData\VMware
2015-01-17 23:48 - 2015-01-17 23:48 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2015-01-17 23:48 - 2015-01-17 23:48 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-01-17 23:46 - 2015-01-17 23:46 - 00000000 ____D () C:\Users\droolq\New folder (2)
2015-01-17 21:40 - 2012-12-12 19:19 - 00000000 ____D () C:\Users\droolq\Desktop\VM-WARE 9 WORKSTATION
2015-01-15 20:25 - 2015-01-15 20:25 - 00000568 _____ () C:\Users\droolq\Desktop\Momentics.lnk
2015-01-14 19:53 - 2015-01-23 14:31 - 00001073 _____ () C:\Users\droolq\.deployData
2015-01-14 19:52 - 2015-01-14 19:52 - 00000000 ____D () C:\Users\droolq\Documents\BlackBerry
2015-01-14 19:51 - 2015-01-14 19:51 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\XCPCSync.OEM
2015-01-14 19:47 - 2015-01-14 19:47 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2015-01-14 19:46 - 2015-01-14 19:46 - 00000000 ____D () C:\ProgramData\Research In Motion
2015-01-14 19:46 - 2015-01-14 19:46 - 00000000 _____ () C:\windows\SysWOW64\out.txt
2015-01-14 19:46 - 2015-01-14 19:46 - 00000000 _____ () C:\windows\SysWOW64\err.txt
2015-01-14 14:37 - 2015-01-14 14:37 - 00000020 _____ () C:\Users\droolq\Desktop\input.txt
2015-01-14 11:25 - 2014-12-19 08:36 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 11:25 - 2014-12-19 07:16 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 11:25 - 2014-12-12 11:05 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 11:25 - 2014-12-12 11:01 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 11:25 - 2014-12-12 11:01 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 11:25 - 2014-12-12 11:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 11:25 - 2014-12-12 10:41 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:25 - 2014-12-12 10:41 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:25 - 2014-12-12 10:37 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 11:25 - 2014-12-11 23:17 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 11:25 - 2014-12-06 09:47 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 11:25 - 2014-12-06 09:20 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 11:25 - 2014-12-06 09:20 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 11:08 - 2015-02-01 06:37 - 00004766 _____ () C:\windows\setupact.log
2015-01-14 11:08 - 2015-01-14 11:08 - 00000000 _____ () C:\windows\setuperr.log
2015-01-13 18:55 - 2015-01-13 19:06 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qt 5.2.1
2015-01-13 16:56 - 2015-01-22 18:19 - 00000000 ____D () C:\Users\droolq\momentics-workspace
2015-01-13 16:56 - 2015-01-19 17:54 - 00000000 ____D () C:\Users\droolq\AppData\Local\Research In Motion
2015-01-13 16:50 - 2015-01-14 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Momentics
2015-01-12 11:07 - 2015-01-12 11:07 - 00000904 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-01-12 11:05 - 2015-01-12 11:07 - 00000000 ____D () C:\Program Files\GIMP 2
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-01 08:50 - 2013-12-02 10:04 - 01419552 _____ () C:\windows\WindowsUpdate.log
2015-02-01 08:37 - 2014-06-25 00:09 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-01 08:24 - 2013-12-02 02:02 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\uTorrent
2015-02-01 08:16 - 2011-10-13 05:25 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-01 06:45 - 2009-07-14 10:15 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-01 06:45 - 2009-07-14 10:15 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-01 06:43 - 2009-07-14 10:43 - 00924292 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-01 06:38 - 2011-10-13 05:25 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-01 06:37 - 2009-07-14 10:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-31 22:15 - 2013-12-02 15:46 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\DMCache
2015-01-31 20:20 - 2014-10-25 09:19 - 00004966 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for droolq-PC-droolq droolq-PC
2015-01-31 17:54 - 2013-12-01 21:39 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-31 11:42 - 2011-10-13 05:25 - 00002153 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-31 05:38 - 2013-12-09 01:48 - 00000000 ____D () C:\Users\MSSQLFDLauncher$SQLEXPRESS
2015-01-30 18:04 - 2013-12-02 15:46 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\IDM
2015-01-30 17:57 - 2010-11-21 09:17 - 00201702 _____ () C:\windows\PFRO.log
2015-01-30 10:21 - 2009-07-14 10:38 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-30 06:13 - 2014-11-11 07:53 - 00000000 ____D () C:\Users\droolq\Documents\DragonNest
2015-01-29 19:27 - 2014-08-21 17:33 - 00000000 ____D () C:\Users\droolq\Downloads\Compressed
2015-01-26 06:38 - 2014-06-25 00:09 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 06:38 - 2014-06-25 00:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 06:38 - 2014-06-25 00:09 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-23 20:58 - 2013-12-02 21:03 - 00000000 ____D () C:\Program Files\Java
2015-01-23 20:58 - 2013-12-02 19:46 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 20:57 - 2011-10-13 05:14 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-23 20:38 - 2013-12-02 21:04 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2015-01-23 20:37 - 2014-02-08 20:12 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-23 20:37 - 2014-02-08 20:12 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-23 20:37 - 2014-02-08 20:12 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-23 20:37 - 2013-12-02 19:57 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-22 21:03 - 2013-12-09 01:49 - 00000000 ____D () C:\Users\ReportServer$SQLEXPRESS
2015-01-22 20:32 - 2013-12-01 21:08 - 00000000 ____D () C:\Users\droolq
2015-01-21 11:34 - 2013-12-02 15:43 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\vlc
2015-01-20 19:01 - 2013-12-09 01:48 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS
2015-01-17 23:49 - 2013-12-04 19:23 - 00929278 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-01-16 14:36 - 2014-01-11 23:09 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\QtProject
2015-01-16 03:11 - 2013-12-02 11:42 - 00000000 ____D () C:\windows\system32\MRT
2015-01-16 03:00 - 2013-12-02 11:42 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-13 18:55 - 2014-07-05 12:12 - 00000000 ____D () C:\Qt
2015-01-08 10:56 - 2014-07-02 21:32 - 00000000 ____D () C:\Users\droolq\Documents\Visual Studio 2010
2015-01-08 10:09 - 2013-12-05 13:27 - 00000000 ____D () C:\Users\droolq\AppData\Local\Eclipse
 
==================== Files in the root of some directories =======
 
2013-12-12 19:06 - 2014-01-11 22:04 - 0000256 _____ () C:\Users\droolq\AppData\Roaming\settings.set
2014-11-12 22:43 - 2014-11-12 22:43 - 0007602 _____ () C:\Users\droolq\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\droolq\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\droolq\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\droolq\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\droolq\AppData\Local\Temp\Quarantine.exe
C:\Users\droolq\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 13:06
 
==================== End Of Log ============================
 
Chrome Incognito showed pop-ups previously when I started this thread, but now since the frequency became less I haven't noticed it ever since.
For testing purposes I opened up a porn site in incognito(as they usually have numerous pop-ups) and to my surprise instead of any fake online jobs or any other similar purpose pop-ups adultcameras.info popped-up.
 
For any other browser, I tested it on Internet Explorer and nothing happened but as I mentioned opening of any porn site either in incognito or normal browsing mode pop adultcameras.info up.
 
As for my infected phone, I did few changes in the settings of the browser and the pop-ups are gone completely even with porn sites opened.
 
Also other laptops and phones in my house are not affected with this malware and it does not appear on any other network. 


#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:47 AM

Posted 02 February 2015 - 07:48 AM

Hi droolq,

Thanks again for taking your time for my problem.

You're welcome.  :)

Below I have another FRST Fix to run along with questions about things in your logs I couldn't quite identify. Hoping you know something about them.

====================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\droolq\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
2015-01-30 22:01 - 2015-01-30 22:02 - 00000000 ____D () C:\2a355686896cd80d89c033
2015-01-30 21:57 - 2015-01-30 21:58 - 00000000 ____D () C:\40794fe0d1fa5249df
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

====================================================

Additional Questions

HKLM\...\Policies\Explorer: [New Value #1] 1 

This appears to be a registry entry that was created manually or by some 3rd party program. In other words, it doesn't usually appear in the Windows Registry and I can't find out much about it.

Did you create this entry and/or are you familiar with it?

Tcpip\..\Interfaces\{0E1C1992-6DD4-4772-BBF7-A8B10FC19290}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{698E4F58-FE32-44D9-9C2B-089FEC6EC694}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 

These entries in your logs indicate several DNS servers. Did you set this yourself and/or do you know of a program on your system that would have done this?

All the addresses appear to be legitimate, but it struck me as odd so I wanted to ask you about it.

 

====================================================

 

Lastly, I didn't see a response to the following question I asked back in post #2: Do you have a Google account that you are logged into on both your PC and phone (assuming you also use Google Chrome as the web browser on your phone)? 


Edited by TheShooter93, 02 February 2015 - 07:49 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 droolq

droolq
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 02 February 2015 - 08:06 AM

Hi Cody, 

Below are the contents of Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by droolq at 2015-02-02 18:28:47 Run:2
Running from C:\Users\droolq\Desktop
Loaded Profiles: droolq & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS (Available profiles: droolq & fbwuser0FC8 & fbwuser0F14 & fbwuser985A & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\droolq\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [Not Found]
2015-01-30 22:01 - 2015-01-30 22:02 - 00000000 ____D () C:\2a355686896cd80d89c033
2015-01-30 21:57 - 2015-01-30 21:58 - 00000000 ____D () C:\40794fe0d1fa5249df
*****************
 
C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll not found.
"HKU\S-1-5-21-856131112-1585500613-1037051914-1001\SOFTWARE\Google\Chrome\Extensions\apdfllckaahabafndbhieahigkjlhalf" => Key deleted successfully.
C:\2a355686896cd80d89c033 => Moved successfully.
C:\40794fe0d1fa5249df => Moved successfully.
 
==== End of Fixlog 18:28:47 ====
 
 
As for the registry entry, unfortunately I have no idea about it.
 
and also I'am using a gmail account but that's used only for youtube, it's not my main account for mails. I use safari on my phone btw. 


#8 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:47 AM

Posted 03 February 2015 - 02:51 PM

Hello droolq,

:step1: Farbar Recovery Scan Tool (FRST)

  • Launch FRST.
  • Click the Scan button.
  • A new FRST.txt log will be produced. Include the contents of this log in your next post.

====================================================

:step2: From my last post...


Tcpip\..\Interfaces\{0E1C1992-6DD4-4772-BBF7-A8B10FC19290}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 Tcpip\..\Interfaces\{698E4F58-FE32-44D9-9C2B-089FEC6EC694}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

These entries in your logs indicate several DNS servers. Did you set this yourself and/or do you know of a program on your system that would have done this?

All the addresses appear to be legitimate, but it struck me as odd so I wanted to ask you about it.

====================================================

:step3: Lastly, how is your computer doing? Are you still seeing the pop-up behavior?


Edited by TheShooter93, 03 February 2015 - 02:51 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#9 droolq

droolq
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 04 February 2015 - 05:30 AM

Hello Cody,

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by droolq (administrator) on droolq-PC on 04-02-2015 15:47:39
Running from C:\Users\droolq\Desktop
Loaded Profiles: droolq & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS (Available profiles: droolq & fbwuser0FC8 & fbwuser0F14 & fbwuser985A & MSSQL$SQLEXPRESS & ReportServer$SQLEXPRESS & MSSQLFDLauncher$SQLEXPRESS)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\ATService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
() C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe
(Akamai Technologies, Inc.) C:\Users\droolq\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Akamai Technologies, Inc.) C:\Users\droolq\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdhost.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\HSSCP.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12856936 2011-09-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-04] (Synaptics Incorporated)
HKLM\...\Run: [TFPUPWDBankService] => C:\Program Files\TOSHIBA\TFPU\TFPUPWDBank.exe [925104 2010-03-02] (TOSHIBA)
HKLM\...\Run: [TFPUService] => C:\Program Files\TOSHIBA\TFPU\TFPUTaskMonitor.exe [789368 2010-11-05] (TOSHIBA)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-08-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-12] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => "D:\VM Ware\vmware-tray.exe"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [New Value #1] 1
HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [Akamai NetSession Interface] => C:\Users\droolq\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [iFunBox Price Watch] => C:\Program Files (x86)\iFunbox 2014\iFunBox2014.exe /tray
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [BlackBerryLink.exe] => "D:\Research In Motion\BlackBerryLink.exe" /minimize
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-13] (Google Inc.)
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\MountPoints2: {44c68f4b-8ff1-11e3-9706-e89d878ceb31} - G:\Windows\Autorun.exe
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\MountPoints2: {866f9988-9baf-11e4-918a-e89d878ceb31} - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\MountPoints2: {fb94f068-7fa9-11e4-b08e-e89d878ceb31} - D:\Lenovo_Suite.exe
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\MountPoints2: {fb94f078-7fa9-11e4-b08e-e89d878ceb31} - D:\Lenovo_Suite.exe
HKU\S-1-5-80-3880006512-4290199581-1648723128-3569869737-3631323133\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-80-425977601-1203083412-1631309457-2457533047-3321749933\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-80-997390408-2153310517-3119169589-2253446180-2226563786\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\fbwuser0F14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\fbwuser0FC8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\fbwuser985A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\MSSQLFDLauncher$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\ReportServer$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [ATFPUOverlayIcon] -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll (TOSHIBA)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-856131112-1585500613-1037051914-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA
SearchScopes: HKU\S-1-5-21-856131112-1585500613-1037051914-1001 -> DefaultScope {F52BA9B7-EF1B-4571-AFBA-4D011587FD5D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_enAE564
SearchScopes: HKU\S-1-5-21-856131112-1585500613-1037051914-1001 -> {F52BA9B7-EF1B-4571-AFBA-4D011587FD5D} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_enAE564
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\x86\TFPUPWDBankBHO.dll (TODO: <Company name>)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-856131112-1585500613-1037051914-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0E1C1992-6DD4-4772-BBF7-A8B10FC19290}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{698E4F58-FE32-44D9-9C2B-089FEC6EC694}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pmang.com/npPMangFX -> C:\windows\system32\npPMangFX-x86.DLL No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - 
FF HKLM-x32\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - 
FF HKU\S-1-5-21-856131112-1585500613-1037051914-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\droolq\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\droolq\AppData\Roaming\IDM\idmmzcc5 [2013-12-02]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR StartupUrls: Default -> "hxxp://www.thesixtyone.com/", "hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\gcswf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Find your way to Oz) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgmbnhmcbgnenhcjpmgfhneiiamfijel [2014-08-12]
CHR Extension: (Box) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2014-08-12]
CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2014-08-12]
CHR Extension: (Text to ASCII Art) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgnnnhgifkejnkjbmigmenlfnjkngelg [2015-01-22]
CHR Extension: (TweetDeck by Twitter) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-08-12]
CHR Extension: (Google Wallet) - C:\Users\droolq\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-17] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-17] ()
R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-17] ()
R2 irstrtsv; C:\windows\SysWOW64\irstrtsv.exe [184320 2011-07-07] (Intel Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [192160 2014-07-23] (Microsoft Corporation)
R3 MSSQLFDLauncher$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S3 npggsvc; C:\windows\SysWOW64\GameMon.des [4797064 2013-11-05] (INCA Internet Co., Ltd.)
R2 ReportServer$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2423792 2012-10-20] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [613024 2014-07-23] (Microsoft Corporation)
R2 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 VMAuthdService; "D:\VM Ware\vmware-authd.exe" [X]
S2 VMwareHostd; "D:\VM Ware\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml"
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [44744 2014-05-17] (AnchorFree Inc.)
R1 HWiNFO32; C:\windows\system32\drivers\HWiNFO64A.SYS [27552 2014-10-26] (REALiX™)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2014-06-23] (Research in Motion Limited)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
S3 SDGame; C:\Windows\System32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-17] (Anchorfree Inc.)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
S3 hxsyol; \??\C:\AeriaGames\AuraKingdom\avital\hxsy64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 MFE_RR; \??\C:\Users\droolq\AppData\Local\Temp\mfe_rr.sys [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
S3 ZTEusbvoice; system32\DRIVERS\ZTEusbvoice.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-02 06:10 - 2015-02-02 06:10 - 00000000 ____D () C:\Users\fbwuser0FC8\AppData\Roaming\Google
2015-02-02 06:10 - 2015-02-02 06:10 - 00000000 ____D () C:\Users\fbwuser0FC8\AppData\Local\VirtualStore
2015-02-02 06:10 - 2015-02-02 06:10 - 00000000 ____D () C:\Users\fbwuser0FC8\AppData\Local\Google
2015-02-02 06:05 - 2015-02-02 06:05 - 00000000 __SHD () C:\Users\fbwuser0FC8\AppData\Local\EmieUserList
2015-02-02 06:05 - 2015-02-02 06:05 - 00000000 __SHD () C:\Users\fbwuser0FC8\AppData\Local\EmieSiteList
2015-02-02 06:05 - 2015-02-02 06:05 - 00000000 __SHD () C:\Users\fbwuser0FC8\AppData\Local\EmieBrowserModeList
2015-02-02 06:05 - 2015-02-02 06:05 - 00000000 ____D () C:\Users\fbwuser0FC8\AppData\Roaming\Adobe
2015-02-01 13:30 - 2015-02-01 13:30 - 00000020 ___SH () C:\Users\fbwuser985A\ntuser.ini
2015-02-01 13:30 - 2015-02-01 13:30 - 00000020 ___SH () C:\Users\fbwuser0FC8\ntuser.ini
2015-02-01 13:30 - 2015-02-01 13:30 - 00000020 ___SH () C:\Users\fbwuser0F14\ntuser.ini
2015-02-01 13:30 - 2015-02-01 13:30 - 00000000 ____D () C:\Users\fbwuser985A
2015-02-01 13:30 - 2015-02-01 13:30 - 00000000 ____D () C:\Users\fbwuser0FC8
2015-02-01 13:30 - 2015-02-01 13:30 - 00000000 ____D () C:\Users\fbwuser0F14
2015-02-01 13:30 - 2014-07-02 22:49 - 00000000 ____D () C:\Users\fbwuser985A\Documents\Visual Studio 2008
2015-02-01 13:30 - 2014-07-02 22:49 - 00000000 ____D () C:\Users\fbwuser0FC8\Documents\Visual Studio 2008
2015-02-01 13:30 - 2014-07-02 22:49 - 00000000 ____D () C:\Users\fbwuser0F14\Documents\Visual Studio 2008
2015-02-01 13:30 - 2013-12-09 13:11 - 00000000 ____D () C:\Users\fbwuser985A\Documents\Visual Studio 2010
2015-02-01 13:30 - 2013-12-09 13:11 - 00000000 ____D () C:\Users\fbwuser0FC8\Documents\Visual Studio 2010
2015-02-01 13:30 - 2013-12-09 13:11 - 00000000 ____D () C:\Users\fbwuser0F14\Documents\Visual Studio 2010
2015-02-01 13:30 - 2013-12-02 16:12 - 00000000 ____D () C:\Users\fbwuser985A\AppData\Roaming\Macromedia
2015-02-01 13:30 - 2013-12-02 16:12 - 00000000 ____D () C:\Users\fbwuser0FC8\AppData\Roaming\Macromedia
2015-02-01 13:30 - 2013-12-02 16:12 - 00000000 ____D () C:\Users\fbwuser0F14\AppData\Roaming\Macromedia
2015-02-01 13:30 - 2013-12-02 11:50 - 00000000 ____D () C:\Users\fbwuser985A\AppData\Local\Microsoft Help
2015-02-01 13:30 - 2013-12-02 11:50 - 00000000 ____D () C:\Users\fbwuser0FC8\AppData\Local\Microsoft Help
2015-02-01 13:30 - 2013-12-02 11:50 - 00000000 ____D () C:\Users\fbwuser0F14\AppData\Local\Microsoft Help
2015-02-01 13:30 - 2009-07-14 10:24 - 00000000 ___RD () C:\Users\fbwuser985A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-01 13:30 - 2009-07-14 10:24 - 00000000 ___RD () C:\Users\fbwuser0FC8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-01 13:30 - 2009-07-14 10:24 - 00000000 ___RD () C:\Users\fbwuser0F14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-01 13:30 - 2009-07-14 10:19 - 00000000 ___RD () C:\Users\fbwuser985A\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-01 13:30 - 2009-07-14 10:19 - 00000000 ___RD () C:\Users\fbwuser0FC8\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-01 13:30 - 2009-07-14 10:19 - 00000000 ___RD () C:\Users\fbwuser0F14\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-01 12:51 - 2015-02-01 12:51 - 00001090 _____ () C:\Users\Public\Desktop\Hotspot Shield.lnk
2015-02-01 11:20 - 2015-02-01 11:21 - 00000000 ____D () C:\ProgramData\Hotspot Shield
2015-02-01 11:20 - 2015-02-01 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
2015-02-01 11:19 - 2015-02-01 11:21 - 00000000 ____D () C:\Program Files (x86)\Hotspot Shield
2015-02-01 11:19 - 2015-02-01 11:19 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\Hotspot Shield
2015-02-01 11:19 - 2014-05-17 08:05 - 00044744 _____ (AnchorFree Inc.) C:\windows\system32\Drivers\hssdrv6.sys
2015-02-01 11:17 - 2015-02-01 11:19 - 08039992 _____ () C:\Users\droolq\Downloads\HSS-3.42-install-hss-689-conduit.exe
2015-02-01 08:46 - 2015-02-01 08:48 - 00001146 _____ () C:\Users\droolq\Desktop\JRT.txt
2015-02-01 08:39 - 2015-02-01 08:39 - 00000000 ____D () C:\windows\ERUNT
2015-02-01 08:33 - 2015-02-01 08:34 - 01707939 _____ (Thisisu) C:\Users\droolq\Desktop\JRT.exe
2015-02-01 08:27 - 2015-02-01 08:27 - 00000000 ____D () C:\Users\droolq\Desktop\FRST-OlderVersion
2015-01-31 17:55 - 2015-01-31 17:55 - 00001763 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-31 17:55 - 2015-01-31 17:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-31 17:54 - 2015-01-31 17:55 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-31 17:54 - 2015-01-31 17:55 - 00000000 ____D () C:\Program Files\iTunes
2015-01-31 17:54 - 2015-01-31 17:54 - 00000000 ____D () C:\Program Files\iPod
2015-01-31 17:54 - 2015-01-31 17:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-30 18:09 - 2015-02-01 08:27 - 02131456 _____ (Farbar) C:\Users\droolq\Desktop\FRST64.exe
2015-01-30 18:02 - 2015-01-30 18:02 - 00000000 ____D () C:\Quarantine
2015-01-30 17:48 - 2015-01-30 17:57 - 00000000 ____D () C:\AdwCleaner
2015-01-30 17:47 - 2015-01-30 18:02 - 00000000 ____D () C:\Program Files (x86)\stinger
2015-01-30 17:47 - 2015-01-30 17:47 - 02194432 _____ () C:\Users\droolq\Desktop\AdwCleaner.exe
2015-01-30 10:33 - 2015-02-04 15:47 - 00028364 _____ () C:\Users\droolq\Desktop\FRST.txt
2015-01-30 10:33 - 2015-01-30 18:21 - 00044194 _____ () C:\Users\droolq\Desktop\Addition.txt
2015-01-30 10:28 - 2015-02-04 15:47 - 00000000 ____D () C:\FRST
2015-01-30 07:40 - 2015-01-30 07:40 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\TaiG
2015-01-30 07:37 - 2014-12-10 09:13 - 51938816 _____ (taig tools) C:\Users\droolq\Downloads\TaiGJBreak_EN_1201.exe
2015-01-30 07:09 - 2015-01-30 07:36 - 50037296 _____ () C:\Users\droolq\Downloads\TaiGJBreak_EN_1201 (1).zip
2015-01-30 06:14 - 2015-01-30 06:14 - 00000000 _____ () C:\autoexec.bat
2015-01-30 04:48 - 2015-01-30 04:48 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-30 04:45 - 2015-01-30 07:00 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-30 04:40 - 2015-01-30 10:21 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-27 19:44 - 2015-01-27 19:44 - 00000000 __SHD () C:\Users\droolq\AppData\Local\EmieBrowserModeList
2015-01-23 20:58 - 2015-01-23 20:38 - 00191400 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2015-01-23 20:58 - 2015-01-23 20:38 - 00190888 _____ (Oracle Corporation) C:\windows\system32\java.exe
2015-01-23 20:58 - 2015-01-23 20:38 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2015-01-23 12:52 - 2015-01-23 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2015-01-23 12:23 - 2015-01-23 12:40 - 17811112 _____ (The Git Development Community ) C:\Users\droolq\Downloads\Git-1.9.5-preview20141217.exe
2015-01-19 17:54 - 2015-01-19 17:54 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\Research In Motion
2015-01-19 16:14 - 2013-03-15 19:37 - 00000000 ____D () C:\Users\droolq\Desktop\images
2015-01-19 16:14 - 2013-03-15 19:36 - 00000000 ____D () C:\Users\droolq\Desktop\720x720
2015-01-19 09:44 - 2015-02-03 16:05 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\VMware
2015-01-19 09:44 - 2015-02-03 16:05 - 00000000 ____D () C:\Users\droolq\AppData\Local\VMware
2015-01-17 23:50 - 2012-11-01 02:35 - 00357016 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnetdhcp.exe
2015-01-17 23:50 - 2012-11-01 02:34 - 00435864 _____ (VMware, Inc.) C:\windows\SysWOW64\vmnat.exe
2015-01-17 23:50 - 2012-11-01 02:34 - 00067224 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmx86.sys
2015-01-17 23:50 - 2012-11-01 02:34 - 00030360 _____ (VMware, Inc.) C:\windows\system32\Drivers\vmnetuserif.sys
2015-01-17 23:50 - 2012-10-24 14:17 - 00070296 _____ (VMware, Inc.) C:\windows\system32\Drivers\vsock.sys
2015-01-17 23:50 - 2012-10-24 14:17 - 00067224 _____ (VMware, Inc.) C:\windows\system32\vsocklib.dll
2015-01-17 23:50 - 2012-10-24 14:17 - 00063128 _____ (VMware, Inc.) C:\windows\SysWOW64\vsocklib.dll
2015-01-17 23:49 - 2015-01-17 23:49 - 00001532 _____ () C:\Users\Public\Desktop\VMware Workstation.lnk
2015-01-17 23:49 - 2015-01-17 23:49 - 00001024 _____ () C:\windows\SysWOW64\%TMP%
2015-01-17 23:49 - 2015-01-17 23:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-01-17 23:49 - 2015-01-17 23:49 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-01-17 23:49 - 2012-11-01 02:35 - 00933528 _____ (VMware, Inc.) C:\windows\system32\vnetlib64.dll
2015-01-17 23:49 - 2012-10-11 17:15 - 00052376 _____ (VMware, Inc.) C:\windows\system32\Drivers\hcmon.sys
2015-01-17 23:48 - 2015-02-04 10:41 - 00000000 ____D () C:\ProgramData\VMware
2015-01-17 23:48 - 2015-01-17 23:48 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2015-01-17 23:48 - 2015-01-17 23:48 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-01-17 23:46 - 2015-01-17 23:46 - 00000000 ____D () C:\Users\droolq\New folder (2)
2015-01-17 21:40 - 2012-12-12 19:19 - 00000000 ____D () C:\Users\droolq\Desktop\VM-WARE 9 WORKSTATION
2015-01-15 20:25 - 2015-01-15 20:25 - 00000568 _____ () C:\Users\droolq\Desktop\Momentics.lnk
2015-01-14 19:53 - 2015-02-03 15:49 - 00000371 _____ () C:\Users\droolq\.deployData
2015-01-14 19:52 - 2015-01-14 19:52 - 00000000 ____D () C:\Users\droolq\Documents\BlackBerry
2015-01-14 19:51 - 2015-01-14 19:51 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\XCPCSync.OEM
2015-01-14 19:47 - 2015-01-14 19:47 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
2015-01-14 19:46 - 2015-01-14 19:46 - 00000000 ____D () C:\ProgramData\Research In Motion
2015-01-14 19:46 - 2015-01-14 19:46 - 00000000 _____ () C:\windows\SysWOW64\out.txt
2015-01-14 19:46 - 2015-01-14 19:46 - 00000000 _____ () C:\windows\SysWOW64\err.txt
2015-01-14 14:37 - 2015-01-14 14:37 - 00000020 _____ () C:\Users\droolq\Desktop\input.txt
2015-01-14 11:25 - 2014-12-19 08:36 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 11:25 - 2014-12-19 07:16 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 11:25 - 2014-12-12 11:05 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 11:25 - 2014-12-12 11:01 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 11:25 - 2014-12-12 11:01 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 11:25 - 2014-12-12 11:01 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 11:25 - 2014-12-12 10:41 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 11:25 - 2014-12-12 10:41 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 11:25 - 2014-12-12 10:37 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 11:25 - 2014-12-11 23:17 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 11:25 - 2014-12-06 09:47 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 11:25 - 2014-12-06 09:20 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 11:25 - 2014-12-06 09:20 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 11:08 - 2015-02-04 10:40 - 00005270 _____ () C:\windows\setupact.log
2015-01-14 11:08 - 2015-01-14 11:08 - 00000000 _____ () C:\windows\setuperr.log
2015-01-13 18:55 - 2015-01-13 19:06 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qt 5.2.1
2015-01-13 16:56 - 2015-02-03 15:47 - 00000000 ____D () C:\Users\droolq\momentics-workspace
2015-01-13 16:56 - 2015-01-19 17:54 - 00000000 ____D () C:\Users\droolq\AppData\Local\Research In Motion
2015-01-13 16:50 - 2015-01-14 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Momentics
2015-01-12 11:07 - 2015-01-12 11:07 - 00000904 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-01-12 11:05 - 2015-01-12 11:07 - 00000000 ____D () C:\Program Files\GIMP 2
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-04 15:37 - 2014-06-25 00:09 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-04 15:22 - 2013-12-02 10:04 - 01722581 _____ () C:\windows\WindowsUpdate.log
2015-02-04 15:16 - 2011-10-13 05:25 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-04 10:48 - 2009-07-14 10:15 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-04 10:48 - 2009-07-14 10:15 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-04 10:45 - 2009-07-14 10:43 - 00924292 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-04 10:41 - 2011-10-13 05:25 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-04 10:40 - 2009-07-14 10:38 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-04 09:46 - 2014-06-15 21:06 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-04 05:39 - 2013-12-09 01:48 - 00000000 ____D () C:\Users\MSSQLFDLauncher$SQLEXPRESS
2015-02-03 15:45 - 2013-12-01 21:08 - 00000000 ____D () C:\Users\droolq
2015-02-03 07:42 - 2014-10-25 09:19 - 00004966 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for droolq-PC-droolq droolq-PC
2015-02-02 21:56 - 2013-12-02 15:46 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\DMCache
2015-02-01 08:24 - 2013-12-02 02:02 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\uTorrent
2015-01-31 17:54 - 2013-12-01 21:39 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-31 11:42 - 2011-10-13 05:25 - 00002153 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-30 18:04 - 2013-12-02 15:46 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\IDM
2015-01-30 17:57 - 2010-11-21 09:17 - 00201702 _____ () C:\windows\PFRO.log
2015-01-30 10:21 - 2009-07-14 10:38 - 00032620 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-30 06:13 - 2014-11-11 07:53 - 00000000 ____D () C:\Users\droolq\Documents\DragonNest
2015-01-29 19:27 - 2014-08-21 17:33 - 00000000 ____D () C:\Users\droolq\Downloads\Compressed
2015-01-26 06:38 - 2014-06-25 00:09 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-26 06:38 - 2014-06-25 00:09 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-26 06:38 - 2014-06-25 00:09 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-23 20:58 - 2013-12-02 21:03 - 00000000 ____D () C:\Program Files\Java
2015-01-23 20:58 - 2013-12-02 19:46 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-23 20:57 - 2011-10-13 05:14 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-23 20:38 - 2013-12-02 21:04 - 00319912 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2015-01-23 20:37 - 2014-02-08 20:12 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2015-01-23 20:37 - 2014-02-08 20:12 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2015-01-23 20:37 - 2014-02-08 20:12 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2015-01-23 20:37 - 2013-12-02 19:57 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-22 21:03 - 2013-12-09 01:49 - 00000000 ____D () C:\Users\ReportServer$SQLEXPRESS
2015-01-21 11:34 - 2013-12-02 15:43 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\vlc
2015-01-20 19:01 - 2013-12-09 01:48 - 00000000 ____D () C:\Users\MSSQL$SQLEXPRESS
2015-01-17 23:49 - 2013-12-04 19:23 - 00929278 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2015-01-16 14:36 - 2014-01-11 23:09 - 00000000 ____D () C:\Users\droolq\AppData\Roaming\QtProject
2015-01-16 03:11 - 2013-12-02 11:42 - 00000000 ____D () C:\windows\system32\MRT
2015-01-16 03:00 - 2013-12-02 11:42 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-13 18:55 - 2014-07-05 12:12 - 00000000 ____D () C:\Qt
2015-01-08 10:56 - 2014-07-02 21:32 - 00000000 ____D () C:\Users\droolq\Documents\Visual Studio 2010
2015-01-08 10:09 - 2013-12-05 13:27 - 00000000 ____D () C:\Users\droolq\AppData\Local\Eclipse
 
==================== Files in the root of some directories =======
 
2013-12-12 19:06 - 2014-01-11 22:04 - 0000256 _____ () C:\Users\droolq\AppData\Roaming\settings.set
2014-11-12 22:43 - 2014-11-12 22:43 - 0007602 _____ () C:\Users\droolq\AppData\Local\Resmon.ResmonCfg
 
Some content of TEMP:
====================
C:\Users\droolq\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\droolq\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\droolq\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\droolq\AppData\Local\Temp\Quarantine.exe
C:\Users\droolq\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-03 07:25
 
==================== End Of Log ============================
 
 
I have VM ware installed on my laptop, maybe its because of that.
 
The problem still persists and has become more frequent since past 1 day.


#10 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:47 AM

Posted 04 February 2015 - 04:06 PM

Hi droolq,
 
Please do the following.  :)
 
======================================================

:step1: Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop(<<<Important) as fixlist.txt
HKLM\...\Policies\Explorer: [New Value #1] 1
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

======================================================

:step2: Reset Your Router
 
:exclame: Note: The following process will take down internet connectivity for some time, and any custom configurations on your router will need to be re-configured.  :exclame:

  • On the back of your router you should find a small button labeled "reset". Often times you need a pen or other small object to press this button.
  • Press and hold this button down for 30 seconds or until all the lights on the router turn off and then on again.
  • Once this is complete you will need to re-connect all wireless devices. The SSID of your wireless network will be gone and the default SSID will be broadcasted.
  • Once you have successfully connected and confirmed you have an internet connection, test your computer and phone to see if you experience the pop-up.

======================================================

Tcpip\..\Interfaces\{0E1C1992-6DD4-4772-BBF7-A8B10FC19290}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{698E4F58-FE32-44D9-9C2B-089FEC6EC694}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1

:step3: These entries in your logs indicate several DNS servers. Did you set this yourself and/or do you know of a program on your system that would have done this?
 
======================================================

What I'd like to see in your next post:   :thumbsup2:

  • Fixlog.txt
  • After resetting your router, do you experience the pop-up?
  • Do you know why you have so many DNS servers listed?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#11 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:47 AM

Posted 07 February 2015 - 01:50 PM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#12 droolq

droolq
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 07 February 2015 - 11:32 PM

Hello Cody, apologies for the delay

 

I have found a fix for the problem and that involved manually entering the DNS across all the devices in my house and changing registry entry for Tcpip,

however this seems like a temporary fix to me.

 

Do I still have to go through all the scans for a permanent solution?



#13 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:47 AM

Posted 09 February 2015 - 09:54 AM

Hi droolq,

 

Sorry for my delay - I am just seeing your response now. I must have missed the notification email.

 

As for your fix, the issue regarding the DNS servers was mentioned in my last post. I take it that was the culprit.

 

That being said, in order for me to conclude your computer and network is clean, I do need you to complete the last steps I gave. The fix you performed is a workaround, but not a permanent fix.

 

Please let me know how you would like to proceed.


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#14 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:08:47 AM

Posted 12 February 2015 - 11:50 AM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:01:47 PM

Posted 15 February 2015 - 01:42 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users