Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

EmieBrowserModeList Trojan


  • This topic is locked This topic is locked
3 replies to this topic

#1 zaheerflys

zaheerflys

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 04 February 2015 - 07:38 PM

Hello, I found you guys after trying to find a solution to this problem. This trojan seems impossible for me to get rid of as it is posing as Chrome and is running multiple process taking up a lot of my CPU power.

 

I say you needed the Farbar logs so here is the first log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2015 01
Ran by Matthew (administrator) on HK-47 on 04-02-2015 19:33:00
Running from C:\Users\Matthew\Downloads
Loaded Profiles: Matthew (Available profiles: Matthew)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.CSSQL08\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Pharos Systems International) C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.CSSQL08\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.CSSQL08\MSSQL\Binn\fdhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(ooVoo LLC) C:\Program Files (x86)\ooVoo\ooVoo.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(BitTorrent Inc.) C:\Users\Matthew\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Sysinternals - www.sysinternals.com) C:\Users\Matthew\Documents\ProcessExplorer\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Matthew\AppData\Local\Temp\procexp64.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2170784 2012-07-27] (SRS Labs, Inc.)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2991856 2013-02-20] (Logitech, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2013-08-28] (Synaptics Incorporated)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2995904 2012-07-11] (Symantec Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TPUReg] => C:\Program Files (x86)\TOSHIBA\Password Utility\Reg.exe [2085376 2012-07-09] (TODO: <公司名稱>)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-19] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-12] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-308137982-2248262705-1768575252-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-308137982-2248262705-1768575252-1001\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-308137982-2248262705-1768575252-1001\...\Run: [ooVoo.exe] => C:\Program Files (x86)\ooVoo\oovoo.exe [35253824 2013-08-04] (ooVoo LLC)
HKU\S-1-5-21-308137982-2248262705-1768575252-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-308137982-2248262705-1768575252-1001\...\Run: [uTorrent] => C:\Users\Matthew\AppData\Roaming\uTorrent\uTorrent.exe [1377872 2015-01-13] (BitTorrent Inc.)
HKU\S-1-5-21-308137982-2248262705-1768575252-1001\...\Run: [Mtpidknfitwz] => regsvr32.exe /s "C:\Users\Matthew\AppData\Local\FalloutNV\Mtpidknfitwz.dll" <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-308137982-2248262705-1768575252-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
URLSearchHook: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Users\Matthew\AppData\LocalLow\uTorrentControl_v6\prxtbuTo2.dll (ClientConnect Ltd.)
URLSearchHook: HKU\S-1-5-21-308137982-2248262705-1768575252-1001 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Users\Matthew\AppData\LocalLow\uTorrentControl_v6\prxtbuTo2.dll (ClientConnect Ltd.)
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-308137982-2248262705-1768575252-1001 -> {5FC6A0E3-AD5D-4BE1-83A1-B69D98485B4B} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: uTorrentControl_v6 Toolbar -> {96f454ea-9d38-474f-b504-56193e00c1a5} -> C:\Users\Matthew\AppData\LocalLow\uTorrentControl_v6\prxtbuTo2.dll (ClientConnect Ltd.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - uTorrentControl_v6 Toolbar - {96f454ea-9d38-474f-b504-56193e00c1a5} - C:\Users\Matthew\AppData\LocalLow\uTorrentControl_v6\prxtbuTo2.dll (ClientConnect Ltd.)
Toolbar: HKU\S-1-5-21-308137982-2248262705-1768575252-1001 -> No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\tnzqdtmg.default
FF Keyword.URL: https://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=282369&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @cambridgesoft.com/Chem3D,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF Plugin-x32: @cambridgesoft.com/ChemDraw,version=13.0 -> C:\Program Files (x86)\CambridgeSoft\ChemOffice2012\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\tnzqdtmg.default\searchplugins\trustworthy-customized-web-search.xml
FF Extension: Hola Better Internet - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\tnzqdtmg.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-01-29]
FF Extension: TrustWorthy  - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\tnzqdtmg.default\Extensions\{8480b7b1-a45c-4feb-8653-60f834f7ca4b} [2014-11-11]
FF Extension: uTorrentControl_v6  - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\tnzqdtmg.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2013-09-15]
FF Extension: Reddit Enhancement Suite - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\tnzqdtmg.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2014-02-20]
FF Extension: Adblock Plus - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\tnzqdtmg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn [2015-02-04]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2014-05-17]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-08]

Chrome:
=======
CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-04]
CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-17]
CHR Extension: (Google Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-17]
CHR Extension: (Google Wallet) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-17]
CHR HKLM\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKU\S-1-5-21-308137982-2248262705-1768575252-1001\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Matthew\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-08-08]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\Exts\Chrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Matthew\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-08-08]
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2013-05-15]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-07-30] (BioWare)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-08] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe [156672 2011-10-13] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 MSSQL$CSSQL08; c:\Program Files\Microsoft SQL Server\MSSQL10_50.CSSQL08\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation)
R3 MSSQLFDLauncher$CSSQL08; c:\Program Files\Microsoft SQL Server\MSSQL10_50.CSSQL08\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3939008 2012-07-11] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-12-25] (Symantec Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
R2 Pharos Systems ComTaskMaster; C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe [339456 2012-06-14] (Pharos Systems International) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S4 SQLAgent$CSSQL08; c:\Program Files\Microsoft SQL Server\MSSQL10_50.CSSQL08\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130531.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00B\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1406000.01B\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-16] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-05-16] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140515.001\IDSvia64.sys [525016 2014-05-15] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130613.001\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130613.001\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
R2 PEGAGFN; C:\Program Files (x86)\Toshiba\Password Utility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1406000.01B\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1406000.01B\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1406000.01B\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1406000.01B\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-18] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1406000.01B\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1406000.01B\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 19:33 - 2015-02-04 19:34 - 00029751 _____ () C:\Users\Matthew\Downloads\FRST.txt
2015-02-04 19:05 - 2015-02-04 19:33 - 00000000 ____D () C:\FRST
2015-02-04 19:02 - 2015-02-04 19:02 - 02131968 _____ (Farbar) C:\Users\Matthew\Downloads\FRST64.exe
2015-02-04 18:26 - 2015-02-04 18:45 - 00000000 ____D () C:\AdwCleaner
2015-02-04 18:25 - 2015-02-04 18:25 - 02194432 _____ () C:\Users\Matthew\Downloads\adwcleaner_4.109.exe
2015-02-04 18:05 - 2015-02-04 18:05 - 00000000 ____D () C:\Users\Matthew\Documents\ProcessExplorer-1
2015-02-04 14:43 - 2015-02-04 19:19 - 00000000 ____D () C:\Users\Matthew\Documents\ProcessExplorer
2015-02-03 21:40 - 2015-02-04 14:52 - 00000000 ____D () C:\Users\Matthew\Downloads\Whiplash (2014) 720p WEB-DL x264 625 MB @bhishek Nogi@
2015-02-03 20:42 - 2015-02-03 20:43 - 00000000 ____D () C:\Users\Matthew\Downloads\Whiplash 2014 HDRIP [AVI,AC3] Ehhhh
2015-02-01 01:22 - 2015-02-01 01:22 - 00281528 _____ () C:\WINDOWS\Minidump\020115-27437-01.dmp
2015-02-01 01:22 - 2015-02-01 01:22 - 00000000 ____D () C:\WINDOWS\Minidump
2015-01-25 14:03 - 2015-01-27 11:21 - 00253840 _____ () C:\Users\Matthew\Documents\Team Outsiders.pptx
2015-01-25 14:03 - 2015-01-25 19:06 - 00252690 _____ () C:\Users\Matthew\Documents\pptA786.tmp
2015-01-25 14:03 - 2015-01-25 14:03 - 00000165 ____H () C:\Users\Matthew\Documents\~$Team Outsiders.pptx
2015-01-25 11:44 - 2015-01-25 15:54 - 00017161 ____H () C:\Users\Matthew\Documents\~WRL3657.tmp
2015-01-17 21:21 - 2015-02-03 23:29 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-17 21:21 - 2015-01-17 21:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-17 21:18 - 2015-02-04 19:23 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-17 21:18 - 2015-02-04 18:35 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-17 21:18 - 2015-01-17 21:18 - 00003884 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-17 21:18 - 2015-01-17 21:18 - 00003648 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-17 21:13 - 2015-01-17 21:13 - 00880784 _____ (Google Inc.) C:\Users\Matthew\Downloads\ChromeSetup.exe
2015-01-16 23:28 - 2015-01-17 00:30 - 00000000 ____D () C:\Users\Matthew\Downloads\American.Sniper.2014.DVDSCR.XviD.AC3-EVO
2015-01-13 17:38 - 2014-12-08 20:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-13 17:37 - 2014-12-19 01:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-13 17:37 - 2014-12-11 21:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-13 17:37 - 2014-12-11 19:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-13 17:37 - 2014-12-08 14:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-13 17:37 - 2014-12-08 14:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-13 17:37 - 2014-12-08 14:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-13 17:37 - 2014-12-08 14:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-13 17:37 - 2014-12-08 14:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-13 17:37 - 2014-12-08 14:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-13 17:37 - 2014-12-08 14:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-13 17:37 - 2014-12-08 14:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-13 17:37 - 2014-12-05 22:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-13 17:37 - 2014-12-05 20:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-13 17:37 - 2014-12-05 20:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-13 17:37 - 2014-10-28 23:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-13 17:37 - 2014-10-28 23:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-13 17:37 - 2014-10-28 22:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-13 17:37 - 2014-10-28 22:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-13 17:37 - 2014-10-28 22:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-13 17:37 - 2014-10-28 22:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-13 17:37 - 2014-10-28 22:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-13 17:37 - 2014-10-28 22:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-13 17:37 - 2014-10-28 22:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-13 17:37 - 2014-10-28 22:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-13 17:37 - 2014-10-28 22:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-13 17:37 - 2014-10-28 21:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-13 17:37 - 2014-10-28 20:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-13 17:37 - 2014-10-28 20:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-13 17:37 - 2014-10-28 20:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-13 17:37 - 2014-10-28 20:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-01-05 20:15 - 2015-01-05 20:15 - 00000000 ____H () C:\Users\Matthew\AppData\Local\BITDE9E.tmp
2015-01-05 20:13 - 2015-01-05 20:17 - 00000000 _____ () C:\Users\Matthew\AppData\Local\{235AE23B-BE50-49A5-9E65-D8AB2966A701}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-04 19:33 - 2013-05-17 23:54 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\uTorrent
2015-02-04 19:26 - 2013-05-15 11:33 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-04 19:17 - 2014-10-30 21:59 - 01152926 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-04 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-04 18:40 - 2013-05-14 20:20 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-308137982-2248262705-1768575252-1001
2015-02-04 18:38 - 2013-05-15 03:03 - 00000000 ____D () C:\Users\Matthew\AppData\Local\CrashDumps
2015-02-04 18:35 - 2014-10-31 07:29 - 00000000 __RDO () C:\Users\Matthew\OneDrive
2015-02-04 18:35 - 2013-07-06 00:25 - 00120320 ___SH () C:\Users\Matthew\Desktop\Thumbs.db
2015-02-04 18:35 - 2013-05-14 20:25 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-04 18:34 - 2014-09-24 02:03 - 00029906 _____ () C:\WINDOWS\PFRO.log
2015-02-04 18:34 - 2013-08-22 09:46 - 00298666 _____ () C:\WINDOWS\setupact.log
2015-02-04 18:34 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-04 18:33 - 2013-08-22 08:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-04 18:32 - 2014-10-30 21:28 - 00000000 ____D () C:\Users\Matthew
2015-02-04 15:26 - 2013-05-15 11:33 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 14:34 - 2014-11-02 14:44 - 00003922 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{583C6780-20ED-403A-8F57-851143C84844}
2015-02-03 20:55 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-02-03 17:44 - 2013-05-15 18:23 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Skype
2015-02-02 15:09 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-01 01:22 - 2013-05-21 20:45 - 454574831 _____ () C:\WINDOWS\MEMORY.DMP
2015-01-29 12:05 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-01-26 10:05 - 2014-09-24 02:15 - 00005778 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-25 11:48 - 2013-09-10 19:16 - 00012160 _____ () C:\Users\Matthew\AppData\Local\CDXLExtendedShim.log
2015-01-24 15:20 - 2014-09-24 04:55 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-01-24 15:20 - 2014-09-24 04:55 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-22 16:25 - 2013-07-17 10:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-22 15:50 - 2013-05-15 20:27 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-01-17 21:20 - 2013-05-14 20:17 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-14 22:27 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-11 21:24 - 2014-07-11 17:20 - 00000000 ____D () C:\Users\Matthew\AppData\Local\FalloutNV

==================== Files in the root of some directories =======

2013-03-24 15:51 - 2013-03-24 15:51 - 0009129 _____ () C:\Program Files (x86)\Common Files\Samples.sln
2015-01-05 20:15 - 2015-01-05 20:15 - 0000000 ____H () C:\Users\Matthew\AppData\Local\BITDE9E.tmp
2013-09-10 19:16 - 2015-01-25 11:48 - 0012160 _____ () C:\Users\Matthew\AppData\Local\CDXLExtendedShim.log
2015-01-05 20:13 - 2015-01-05 20:17 - 0000000 _____ () C:\Users\Matthew\AppData\Local\{235AE23B-BE50-49A5-9E65-D8AB2966A701}
2013-05-14 20:53 - 2013-05-14 21:06 - 0000816 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Matthew\CTX.DAT
C:\Users\Matthew\jagex_cl_runescape_LIVE.dat
C:\Users\Matthew\jagex_cl_runescape_LIVE1.dat
C:\Users\Matthew\random.dat


Some content of TEMP:
====================
C:\Users\Matthew\AppData\Local\Temp\jzvsusm.dll
C:\Users\Matthew\AppData\Local\Temp\procexp64.exe
C:\Users\Matthew\AppData\Local\Temp\Runner.exe
C:\Users\Matthew\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Matthew\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Matthew\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-02 01:46

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 zaheerflys

zaheerflys
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:06 PM

Posted 04 February 2015 - 07:40 PM

And here is the Addition Log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-02-2015 01
Ran by Matthew at 2015-02-04 19:35:47
Running from C:\Users\Matthew\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-308137982-2248262705-1768575252-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AC3Filter 2.6.0b (HKLM-x32\...\AC3Filter_is1) (Version: 2.6.0b - Alexander Vigovsky)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{79AE0BD1-A930-B07C-C96D-E11FA9BB586F}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.4.2.541 - Online Media Technologies Ltd.)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.1.7 - EA Digital Illusions CE AB)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BioShock 2 (HKLM-x32\...\Steam App 8850) (Version:  - 2K Marin)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands (HKLM-x32\...\Steam App 8980) (Version:  - Gearbox Software)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CambridgeSoft ChemBioOffice 2012 (HKLM-x32\...\{535CDE5A-39D6-46EE-B6E5-9F38D0664D97}) (Version: 13.0 - CambridgeSoft Corporation)
CambridgeSoft ChemDraw ActiveX Enterprise Constant 13.0 (HKLM-x32\...\{D25E0C13-7792-4E5C-8C54-A287C65834C9}) (Version: 13.0 - CambridgeSoft Corporation)
CambridgeSoft ChemScript 13.0 (HKLM-x32\...\{B5E0CD7D-992D-4345-BD66-EC580CFA15D1}) (Version: 13.0 - CambridgeSoft Corporation)
CambridgeSoft Desktop Inventory 13.0 (HKLM-x32\...\{C13DDA66-6AF3-4BFE-91C2-1D54B5A6C169}) (Version: 13.0 - CambridgeSoft Corporation)
CambridgeSoft E-Notebook 13.0 Client (HKLM-x32\...\{1E6FC31C-315E-4129-8140-67E7E618BF6E}) (Version: 13.0 - CambridgeSoft Corporation)
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DJ_AIO_05_F4400_Software_Min (x32 Version: 140.0.841.000 - Hewlett-Packard) Hidden
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version:  - BioWare)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
F4400 (x32 Version: 140.0.841.000 - Hewlett-Packard) Hidden
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version:  - Rockstar North)
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{82D96D11-AF74-4449-8811-4D6CE66FEF63}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
L.A. Noire (HKLM-x32\...\Steam App 110800) (Version:  - Team Bondi)
Logitech SetPoint 6.52 (HKLM\...\sp6) (Version: 6.52.74 - Logitech)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Mass Effect (HKLM-x32\...\Steam App 17460) (Version:  - BioWare)
Mass Effect 2 (HKLM-x32\...\Steam App 24980) (Version:  - BioWare)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Mass Effect™ 3 Demo (HKLM-x32\...\{A1683CA7-4850-4A21-982B-C6D853C79AF7}) (Version: 1.0.0.0 - Electronic Arts)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
MestReNova LITE 5.2.5-5780 (HKLM-x32\...\MestReNova LITE) (Version: 5.2.5-5780 - Mestrelab Research S.L.)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.6.0.27 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.45 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.11 - Symantec Corporation) Hidden
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.18.15 - Symantec Corporation)
Norton Security Dashboard (HKLM-x32\...\NortonSD) (Version: 1.1.1.9 - Symantec Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.9056 - ooVoo LLC.)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pharos (HKLM-x32\...\Pharos) (Version:  - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Premium Sound HD (HKLM\...\{94F03B8E-CB73-4653-AFE9-79112C01FED2}) (Version: 1.12.4600 - SRS Labs, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 3.2.2 (HKLM-x32\...\{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}) (Version: 3.2.2150 - Python Software Foundation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6687 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.1 - Rockstar Games)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version:  - BioWare)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.63.5 - Electronic Arts)
The Sims™ 3 Generations (HKLM-x32\...\{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}) (Version: 8.0.152 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
Toshiba Book Place (HKLM-x32\...\{24B45620-22B6-4E4A-B836-FF30A0B0404E}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.00.0007.00002 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.0.6414 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6425 - Toshiba Corporation)
Toshiba Password Utility (HKLM-x32\...\InstallShield_{6D35FF17-A8B3-43D3-917E-5A1F2C3FB628}) (Version: 2.00.800 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.8.17.640104 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.2.0.54043005 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.1.00 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B8C8422F-01F1-4791-B084-047AAFF9BFCC}) (Version: 2.4.4 - TOSHIBA)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0012 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0001.32002 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.1.0.12-A - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
uTorrentControl_v6 Toolbar (HKLM-x32\...\uTorrentControl_v6 Toolbar) (Version: 6.11.2.6 - uTorrentControl_v6) <==== ATTENTION
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.25 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

13-01-2015 18:28:50 Windows Update
21-01-2015 15:37:47 Windows Update
26-01-2015 11:07:50 Windows Update
29-01-2015 12:00:15 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {10C1A1BB-6556-4AC7-A04C-CFE1DE0FBF3C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {4CD10B4C-84E4-42DE-850F-C2721211C6A1} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {50F9C4F5-FCE5-438E-BB08-7352E119E588} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {6207335B-6DFF-4D90-A9D8-8F2B3AD68C70} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-17] (Google Inc.)
Task: {65F4959F-2218-4DA3-8808-2A5B83A8AF67} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {6BC1717B-2BB3-4E91-9A04-E35C1B9DFFBE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {72EDF367-4A1F-4280-94C1-ED09D9A874B6} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {79C36765-E4E5-4EF6-ACCF-AE635E8D6786} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-22] (Microsoft Corporation)
Task: {878D27F6-F9A5-4EE6-A56A-48F04CD0F3AA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {894978B1-9A0E-43BB-9E54-FFE49FFF0C42} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-12-25] (Symantec Corporation)
Task: {8E62B9E9-E960-4984-9147-55EA82C8E9ED} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\WSCStub.exe [2014-12-06] (Symantec Corporation)
Task: {ACB6597B-BA2A-41C9-867B-FDF16C4C0966} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-17] (Google Inc.)
Task: {B1954D64-C646-4ED1-BC9B-2F8CF0326DB7} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {C68EB04E-F14F-4899-B598-E6BAADD38A26} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {C968B688-5F12-405F-AAAA-FEB762376E2D} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) ==============

2011-10-13 17:38 - 2011-10-13 17:38 - 00156672 _____ () C:\Program Files (x86)\Toshiba\Password Utility\GFNEXSrv.exe
2012-07-18 21:38 - 2012-07-18 21:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-08-13 22:13 - 2012-08-13 22:13 - 00018344 _____ () C:\Program Files\Toshiba\Teco\TecoMUI.dll
2013-02-12 21:37 - 2013-02-12 21:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2013-08-22 02:19 - 2013-08-22 01:54 - 00174592 _____ () C:\WINDOWS\system32\WinMetadata\Windows.UI.winmd
2013-08-22 02:19 - 2013-08-22 01:54 - 00050176 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Data.winmd
2013-08-22 02:19 - 2013-08-22 01:54 - 00030208 _____ () C:\WINDOWS\system32\WinMetadata\Windows.Foundation.winmd
2013-01-28 15:08 - 2013-01-28 15:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 15:08 - 2013-01-28 15:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-11 21:24 - 2015-01-11 21:24 - 00275968 _____ () C:\Users\Matthew\AppData\Local\FalloutNV\Mtpidknfitwz.dll
2013-02-12 21:38 - 2013-02-12 21:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-05-09 19:04 - 2014-05-09 19:04 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-09 18:21 - 2012-05-30 01:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.6.0.27\wincfi39.dll
2015-02-04 17:53 - 2015-02-04 17:53 - 00718152 _____ () C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\36.0.1985.143\libglesv2.dll
2015-02-04 17:53 - 2015-02-04 17:53 - 00126280 _____ () C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\36.0.1985.143\libegl.dll
2015-02-04 17:53 - 2015-02-04 17:53 - 08537928 _____ () C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\36.0.1985.143\pdf.dll
2015-02-04 17:53 - 2015-02-04 17:53 - 00353096 _____ () C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2015-02-04 17:53 - 2015-02-04 17:53 - 01732936 _____ () C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\36.0.1985.143\ffmpegsumo.dll
2015-02-04 17:53 - 2015-02-04 17:53 - 14669128 _____ () C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\36.0.1985.143\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Matthew\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Registry Areas =====================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-308137982-2248262705-1768575252-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthew\Desktop\illusive.JPEG

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-308137982-2248262705-1768575252-500 - Administrator - Disabled)
Guest (S-1-5-21-308137982-2248262705-1768575252-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-308137982-2248262705-1768575252-1003 - Limited - Enabled)
Matthew (S-1-5-21-308137982-2248262705-1768575252-1001 - Administrator - Enabled) => C:\Users\Matthew

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/04/2015 06:40:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: c10

Start Time: 01d040d3330a901a

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 29b43619-acc7-11e4-806c-7c0507012291

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (02/04/2015 06:38:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ooVoo.exe, version: 3.5.9.56, time stamp: 0x51fe70e9
Faulting module name: Flash.ocx, version: 0.0.0.0, time stamp: 0x54c2c414
Exception code: 0xc0000005
Fault offset: 0x00980770
Faulting process id: 0x128c
Faulting application start time: 0xooVoo.exe0
Faulting application path: ooVoo.exe1
Faulting module path: ooVoo.exe2
Report Id: ooVoo.exe3
Faulting package full name: ooVoo.exe4
Faulting package-relative application ID: ooVoo.exe5

Error: (02/04/2015 06:38:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ooVoo.exe, version: 3.5.9.56, time stamp: 0x51fe70e9
Faulting module name: Flash.ocx, version: 0.0.0.0, time stamp: 0x54c2c414
Exception code: 0xc0000005
Fault offset: 0x00980770
Faulting process id: 0x128c
Faulting application start time: 0xooVoo.exe0
Faulting application path: ooVoo.exe1
Faulting module path: ooVoo.exe2
Report Id: ooVoo.exe3
Faulting package full name: ooVoo.exe4
Faulting package-relative application ID: ooVoo.exe5

Error: (02/04/2015 06:38:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ooVoo.exe, version: 3.5.9.56, time stamp: 0x51fe70e9
Faulting module name: Flash.ocx, version: 0.0.0.0, time stamp: 0x54c2c414
Exception code: 0xc0000005
Fault offset: 0x00980770
Faulting process id: 0x128c
Faulting application start time: 0xooVoo.exe0
Faulting application path: ooVoo.exe1
Faulting module path: ooVoo.exe2
Report Id: ooVoo.exe3
Faulting package full name: ooVoo.exe4
Faulting package-relative application ID: ooVoo.exe5

Error: (02/04/2015 06:38:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ooVoo.exe, version: 3.5.9.56, time stamp: 0x51fe70e9
Faulting module name: Flash.ocx, version: 0.0.0.0, time stamp: 0x54c2c414
Exception code: 0xc0000005
Fault offset: 0x00980770
Faulting process id: 0x128c
Faulting application start time: 0xooVoo.exe0
Faulting application path: ooVoo.exe1
Faulting module path: ooVoo.exe2
Report Id: ooVoo.exe3
Faulting package full name: ooVoo.exe4
Faulting package-relative application ID: ooVoo.exe5

Error: (02/04/2015 06:38:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ooVoo.exe, version: 3.5.9.56, time stamp: 0x51fe70e9
Faulting module name: Flash.ocx, version: 0.0.0.0, time stamp: 0x54c2c414
Exception code: 0xc0000005
Fault offset: 0x00980770
Faulting process id: 0x128c
Faulting application start time: 0xooVoo.exe0
Faulting application path: ooVoo.exe1
Faulting module path: ooVoo.exe2
Report Id: ooVoo.exe3
Faulting package full name: ooVoo.exe4
Faulting package-relative application ID: ooVoo.exe5

Error: (02/04/2015 06:38:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ooVoo.exe, version: 3.5.9.56, time stamp: 0x51fe70e9
Faulting module name: Flash.ocx, version: 0.0.0.0, time stamp: 0x54c2c414
Exception code: 0xc0000005
Fault offset: 0x00980770
Faulting process id: 0x128c
Faulting application start time: 0xooVoo.exe0
Faulting application path: ooVoo.exe1
Faulting module path: ooVoo.exe2
Report Id: ooVoo.exe3
Faulting package full name: ooVoo.exe4
Faulting package-relative application ID: ooVoo.exe5

Error: (02/04/2015 06:37:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.18, time stamp: 0x50124a31
Faulting module name: ntdll.dll, version: 6.3.9600.17278, time stamp: 0x53eebd22
Exception code: 0xc0000374
Fault offset: 0x00000000000f0d6c
Faulting process id: 0x9c4
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3
Faulting package full name: TPCHSrv.exe4
Faulting package-relative application ID: TPCHSrv.exe5

Error: (02/04/2015 06:37:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ooVoo.exe, version: 3.5.9.56, time stamp: 0x51fe70e9
Faulting module name: Flash.ocx, version: 0.0.0.0, time stamp: 0x54c2c414
Exception code: 0xc0000005
Fault offset: 0x00980770
Faulting process id: 0x128c
Faulting application start time: 0xooVoo.exe0
Faulting application path: ooVoo.exe1
Faulting module path: ooVoo.exe2
Report Id: ooVoo.exe3
Faulting package full name: ooVoo.exe4
Faulting package-relative application ID: ooVoo.exe5

Error: (02/04/2015 06:37:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ooVoo.exe, version: 3.5.9.56, time stamp: 0x51fe70e9
Faulting module name: Flash.ocx, version: 0.0.0.0, time stamp: 0x54c2c414
Exception code: 0xc0000005
Fault offset: 0x00980770
Faulting process id: 0x128c
Faulting application start time: 0xooVoo.exe0
Faulting application path: ooVoo.exe1
Faulting module path: ooVoo.exe2
Report Id: ooVoo.exe3
Faulting package full name: ooVoo.exe4
Faulting package-relative application ID: ooVoo.exe5


System errors:
=============
Error: (02/04/2015 07:36:28 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HK-47\Matthew (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (02/04/2015 07:29:46 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HK-47\Matthew (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (02/04/2015 07:19:31 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HK-47\Matthew (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (02/04/2015 07:16:59 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HK-47\Matthew (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (02/04/2015 07:09:50 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HK-47\Matthew (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (02/04/2015 07:09:21 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HK-47\Matthew (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (02/04/2015 06:57:43 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HK-47\Matthew (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (02/04/2015 06:50:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/04/2015 06:49:28 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HK-47\Matthew (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (02/04/2015 06:47:50 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user HK-47\Matthew (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.


Microsoft Office Sessions:
=========================
Error: (02/04/2015 06:40:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20689c1001d040d3330a901a4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe29b43619-acc7-11e4-806c-7c0507012291microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (02/04/2015 06:38:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ooVoo.exe3.5.9.5651fe70e9Flash.ocx0.0.0.054c2c414c000000500980770128c01d040d34a585855C:\Program Files (x86)\ooVoo\ooVoo.exeC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocxf9bd114d-acc6-11e4-806c-7c0507012291

Error: (02/04/2015 06:38:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ooVoo.exe3.5.9.5651fe70e9Flash.ocx0.0.0.054c2c414c000000500980770128c01d040d34a585855C:\Program Files (x86)\ooVoo\ooVoo.exeC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocxf87d61d0-acc6-11e4-806c-7c0507012291

Error: (02/04/2015 06:38:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ooVoo.exe3.5.9.5651fe70e9Flash.ocx0.0.0.054c2c414c000000500980770128c01d040d34a585855C:\Program Files (x86)\ooVoo\ooVoo.exeC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocxf74467ee-acc6-11e4-806c-7c0507012291

Error: (02/04/2015 06:38:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ooVoo.exe3.5.9.5651fe70e9Flash.ocx0.0.0.054c2c414c000000500980770128c01d040d34a585855C:\Program Files (x86)\ooVoo\ooVoo.exeC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocxf39c5d49-acc6-11e4-806c-7c0507012291

Error: (02/04/2015 06:38:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ooVoo.exe3.5.9.5651fe70e9Flash.ocx0.0.0.054c2c414c000000500980770128c01d040d34a585855C:\Program Files (x86)\ooVoo\ooVoo.exeC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocxed8262e6-acc6-11e4-806c-7c0507012291

Error: (02/04/2015 06:38:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ooVoo.exe3.5.9.5651fe70e9Flash.ocx0.0.0.054c2c414c000000500980770128c01d040d34a585855C:\Program Files (x86)\ooVoo\ooVoo.exeC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocxeb397b82-acc6-11e4-806c-7c0507012291

Error: (02/04/2015 06:37:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TPCHSrv.exe1.0.0.1850124a31ntdll.dll6.3.9600.1727853eebd22c000037400000000000f0d6c9c401d040d38f0e328eC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\WINDOWS\SYSTEM32\ntdll.dllcdac95f1-acc6-11e4-806c-7c0507012291

Error: (02/04/2015 06:37:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ooVoo.exe3.5.9.5651fe70e9Flash.ocx0.0.0.054c2c414c000000500980770128c01d040d34a585855C:\Program Files (x86)\ooVoo\ooVoo.exeC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocxc1767cc0-acc6-11e4-806c-7c0507012291

Error: (02/04/2015 06:37:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ooVoo.exe3.5.9.5651fe70e9Flash.ocx0.0.0.054c2c414c000000500980770128c01d040d34a585855C:\Program Files (x86)\ooVoo\ooVoo.exeC:\Windows\SYSTEM32\Macromed\Flash\Flash.ocxbfcb53c2-acc6-11e4-806c-7c0507012291


==================== Memory info ===========================

Processor: AMD A6-4400M APU with Radeon™ HD Graphics
Percentage of memory in use: 52%
Total physical RAM: 5596.73 MB
Available physical RAM: 2685.75 MB
Total Pagefile: 11228.73 MB
Available Pagefile: 7900.23 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: (TI10649600G) (Fixed) (Total:585.55 GB) (Free:42.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 08 February 2015 - 09:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
(Google Inc.) C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-308137982-2248262705-1768575252-1001\...\Run: [Mtpidknfitwz] => regsvr32.exe /s "C:\Users\Matthew\AppData\Local\FalloutNV\Mtpidknfitwz.dll" <===== ATTENTION
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-308137982-2248262705-1768575252-1001 -> No Name - {96F454EA-9D38-474F-B504-56193E00C1A5} -  No File
FF Extension: TrustWorthy  - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\tnzqdtmg.default\Extensions\{8480b7b1-a45c-4feb-8653-60f834f7ca4b} [2014-11-11]
FF Extension: uTorrentControl_v6  - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\tnzqdtmg.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5} [2013-09-15]
CHR Extension: (Google Wallet) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKU\S-1-5-21-308137982-2248262705-1768575252-1001\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Matthew\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-08-08]
CHR HKLM-x32\...\Chrome\Extension: [dkjaldeegndmngnahlmdbfnejdobkmil] - C:\Users\Matthew\AppData\Local\CRE\dkjaldeegndmngnahlmdbfnejdobkmil.crx [2013-08-08]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
C:\Users\Matthew\AppData\Local\Temp\jzvsusm.dll
C:\Users\Matthew\AppData\Local\Temp\procexp64.exe
C:\Users\Matthew\AppData\Local\Temp\Runner.exe
C:\Users\Matthew\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Matthew\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Matthew\AppData\Local\Temp\SPSetup.exe
C:\Users\Matthew\AppData\LocalLow\EmieBrowserModeList\Piuhhayxoju\Upwcrjqugf\byptjghqxod.exe
C:\Users\Matthew\AppData\Local\FalloutNV\Mtpidknfitwz.dll
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\tnzqdtmg.default\Extensions\{8480b7b1-a45c-4feb-8653-60f834f7ca4b}
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\tnzqdtmg.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:06 PM

Posted 14 February 2015 - 09:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users