Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slowing down...cant fix


  • This topic is locked This topic is locked
8 replies to this topic

#1 jmaywc00

jmaywc00

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 03 March 2015 - 10:36 PM

My software says I have no Virus-Malware (Panda-Superantispyware-MalwareBytes)

 

OTL.txt report

 

OTL logfile created on: 3/3/2015 9:03:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\May Family\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.58 Gb Total Physical Memory | 5.68 Gb Available Physical Memory | 75.01% Memory free
7.57 Gb Paging File | 5.69 Gb Available in Paging File | 75.17% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 431.94 Gb Free Space | 92.76% Space Free | Partition Type: NTFS
 
Computer Name: MAYFAMILY-PC | User Name: May Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/03/03 21:00:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\May Family\Downloads\OTL.exe
PRC - [2015/02/25 05:36:46 | 000,376,944 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/10/16 07:21:23 | 000,038,136 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
PRC - [2014/10/16 07:21:22 | 000,037,624 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
PRC - [2014/10/13 14:03:10 | 000,142,072 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
PRC - [2014/10/09 15:40:48 | 000,066,808 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
PRC - [2013/12/03 09:59:32 | 001,168,960 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2015/01/08 00:47:55 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/09/15 16:03:18 | 000,239,616 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2014/07/22 17:31:23 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/06/13 13:31:10 | 000,357,144 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/13 11:47:42 | 000,230,408 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV:64bit: - [2010/09/09 17:26:34 | 000,162,824 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/02/25 05:36:44 | 000,148,080 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2015/02/05 00:29:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/01/09 23:24:25 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/10/16 07:21:23 | 000,038,136 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe -- (PSUAService)
SRV - [2014/10/13 14:03:10 | 000,142,072 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe -- (NanoServiceMain)
SRV - [2014/10/09 15:40:48 | 000,066,808 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe -- (PandaAgent)
SRV - [2014/03/20 16:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/03 09:59:32 | 001,168,960 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/05/28 03:14:56 | 001,044,840 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/02 14:43:07 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2014/11/29 20:28:49 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2014/10/13 14:04:37 | 000,107,792 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINReg.sys -- (PSINReg)
DRV:64bit: - [2014/10/13 14:04:36 | 000,163,088 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2014/10/13 14:04:36 | 000,121,616 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2014/10/07 14:10:48 | 003,562,200 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2014/09/15 16:26:58 | 016,750,080 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2014/09/15 15:59:06 | 000,576,000 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2014/08/12 23:38:24 | 000,032,912 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\rawdsk3.sys -- (RawDisk3)
DRV:64bit: - [2014/07/24 12:24:04 | 000,132,128 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2014/07/24 12:24:03 | 000,195,616 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2014/07/24 12:24:03 | 000,122,400 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2014/06/18 04:18:25 | 000,162,336 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP)
DRV:64bit: - [2014/06/04 09:59:32 | 000,261,152 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM)
DRV:64bit: - [2014/06/04 09:59:32 | 000,109,088 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC)
DRV:64bit: - [2014/06/04 09:59:31 | 000,306,720 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT)
DRV:64bit: - [2014/06/04 09:59:31 | 000,169,504 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV)
DRV:64bit: - [2014/06/04 09:59:31 | 000,115,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV:64bit: - [2014/06/04 09:59:30 | 000,125,984 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3)
DRV:64bit: - [2014/06/04 09:59:30 | 000,070,176 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV:64bit: - [2014/06/04 09:59:29 | 000,115,232 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS)
DRV:64bit: - [2014/06/04 09:59:29 | 000,095,776 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC)
DRV:64bit: - [2014/06/04 09:59:28 | 000,112,160 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttps.sys -- (NNSHTTPS)
DRV:64bit: - [2014/06/04 09:59:27 | 000,096,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC)
DRV:64bit: - [2014/03/25 07:15:06 | 000,060,400 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2014/01/16 11:42:08 | 000,046,336 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV:64bit: - [2013/12/03 09:54:50 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2013/11/05 21:40:46 | 000,083,176 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/11/05 21:40:46 | 000,043,240 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2013/10/01 20:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/08 16:27:54 | 000,329,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2013/05/27 13:09:38 | 000,227,648 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2013/05/27 13:09:38 | 000,106,816 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2013/05/23 00:12:56 | 000,040,728 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013/05/23 00:12:52 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/05/23 00:12:50 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/01/15 19:11:26 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/28 20:27:24 | 000,058,536 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/12/09 10:59:28 | 000,023,464 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2007/11/09 05:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2014/11/22 00:33:20 | 000,079,052 | ---- | M] (Oak Technology Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\AFS.SYS -- (AFS)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-601764955-2754836260-3994798295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-601764955-2754836260-3994798295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-601764955-2754836260-3994798295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-601764955-2754836260-3994798295-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 A8 D7 25 17 06 D0 01  [binary data]
IE - HKU\S-1-5-21-601764955-2754836260-3994798295-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-601764955-2754836260-3994798295-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-601764955-2754836260-3994798295-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.highlightCount: 0
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "http://hsrd.yahoo.com/_ylt=ArAgmfo7ugBLoX4PgndDf9abvZx4/RV=1/RE=1425860735/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly93d3cueWFob28uY29tLw--/RS=%5EADAZL5l5borZ6oakJwJw5gXpA.mxRE-"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:36.0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014/12/13 01:21:54 | 000,000,000 | ---D | M]
 
[2014/11/21 23:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\May Family\AppData\Roaming\mozilla\Extensions
[2015/03/01 22:25:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\May Family\AppData\Roaming\mozilla\Firefox\Profiles\0vae3kxt.default\extensions
[2015/01/15 01:00:22 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\May Family\AppData\Roaming\mozilla\firefox\profiles\0vae3kxt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2015/01/26 15:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/02/25 05:36:49 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:64bit: - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Panda Security, S.L.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-601764955-2754836260-3994798295-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-601764955-2754836260-3994798295-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-601764955-2754836260-3994798295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-601764955-2754836260-3994798295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-601764955-2754836260-3994798295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{885D24D4-A07D-4588-97CD-E0FF476F7994}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{885D24D4-A07D-4588-97CD-E0FF476F7994}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6ebc1aee-720d-11e4-9d3e-f9d47f2a5cc8}\Shell - "" = AutoRun
O33 - MountPoints2\{6ebc1aee-720d-11e4-9d3e-f9d47f2a5cc8}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{6ebc1aee-720d-11e4-9d3e-f9d47f2a5cc8}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{6ebc1aee-720d-11e4-9d3e-f9d47f2a5cc8}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/03/02 13:22:05 | 000,060,400 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\PSKMAD.sys
[2015/03/01 22:33:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
[2015/03/01 22:33:46 | 002,155,152 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\Incinerator64.dll
[2015/03/01 22:33:45 | 002,097,984 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysWow64\Incinerator32.dll
[2015/03/01 22:33:42 | 000,082,160 | ---- | C] (Raxco Software, Inc.) -- C:\Windows\SysNative\drivers\PDFsFilter.sys
[2015/03/01 22:33:42 | 000,057,584 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\iolobtdfg.exe
[2015/03/01 22:33:42 | 000,026,184 | ---- | C] (iolo technologies, LLC) -- C:\Windows\SysNative\smrgdf.exe
[2015/03/01 22:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ioloGovernor
[2015/03/01 22:33:41 | 000,000,000 | ---D | C] -- C:\Users\May Family\AppData\Roaming\ioloGovernor
[2015/03/01 22:33:40 | 000,069,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\offreg.dll
[2015/03/01 22:33:40 | 000,056,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\offreg.dll
[2015/03/01 22:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iolo
[2015/03/01 22:32:44 | 000,000,000 | ---D | C] -- C:\Users\May Family\AppData\Roaming\iolo
[2015/03/01 22:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2015/03/01 20:21:50 | 000,000,000 | ---D | C] -- C:\Users\May Family\AppData\Roaming\Nitro PDF
[2015/02/24 23:19:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2015/02/23 11:22:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2015/02/23 11:20:48 | 000,000,000 | ---D | C] -- C:\Users\May Family\Documents\EA Games
[2015/02/23 11:20:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
[2015/02/23 11:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA GAMES
[2015/02/23 11:01:10 | 000,442,368 | R--- | C] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll
[2015/02/22 18:20:57 | 000,000,000 | ---D | C] -- C:\Users\May Family\AppData\Roaming\SUPERAntiSpyware.com
[2015/02/22 18:20:38 | 000,000,000 | ---D | C] -- C:\Users\May Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2015/02/22 18:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2015/02/22 18:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2015/02/11 03:17:24 | 000,029,704 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2015/02/11 03:17:24 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2015/02/02 15:51:20 | 000,000,000 | ---D | C] -- C:\Users\May Family\AppData\Roaming\ImgBurn
[2015/02/02 15:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2015/02/02 15:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2014/11/29 20:28:49 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\May Family\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2015/03/03 21:02:22 | 000,001,130 | ---- | M] () -- C:\Users\May Family\Desktop\OTL - Shortcut.lnk
[2015/03/03 20:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/03/02 20:35:18 | 000,797,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/03/02 20:35:18 | 000,672,428 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/03/02 20:35:18 | 000,127,314 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/03/02 13:21:54 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2015/03/02 13:21:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/03/01 22:32:44 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
[2015/03/01 22:03:13 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/03/01 22:03:13 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/03/01 20:54:56 | 000,041,472 | ---- | M] () -- C:\Users\May Family\Documents\sign up sheet.sig
[2015/03/01 20:44:58 | 000,453,632 | ---- | M] () -- C:\Users\May Family\Documents\Weapons camp.sig
[2015/02/24 23:19:11 | 000,136,408 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/02/24 23:18:20 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/02/24 16:52:34 | 000,007,606 | ---- | M] () -- C:\Users\May Family\AppData\Local\Resmon.ResmonCfg
[2015/02/05 00:29:08 | 000,701,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/02/05 00:29:08 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2015/03/03 21:02:22 | 000,001,130 | ---- | C] () -- C:\Users\May Family\Desktop\OTL - Shortcut.lnk
[2015/03/01 22:32:44 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2015/03/01 20:54:56 | 000,041,472 | ---- | C] () -- C:\Users\May Family\Documents\sign up sheet.sig
[2015/03/01 20:42:31 | 000,453,632 | ---- | C] () -- C:\Users\May Family\Documents\Weapons camp.sig
[2015/02/24 16:52:34 | 000,007,606 | ---- | C] () -- C:\Users\May Family\AppData\Local\Resmon.ResmonCfg
[2015/02/11 03:17:20 | 000,002,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2015/02/03 22:49:41 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2015/02/02 15:41:51 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2015/01/09 23:24:55 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\srvany.exe
[2014/12/26 23:50:49 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/12/13 02:26:33 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/11/30 22:56:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2014/11/29 20:30:40 | 000,000,668 | ---- | C] () -- C:\Users\May Family\AppData\Roaming\vso_ts_preview.xml
[2014/11/29 20:28:49 | 000,099,384 | ---- | C] () -- C:\Users\May Family\AppData\Roaming\inst.exe
[2014/11/29 20:28:49 | 000,007,859 | ---- | C] () -- C:\Users\May Family\AppData\Roaming\pcouffin.cat
[2014/11/29 20:28:49 | 000,001,167 | ---- | C] () -- C:\Users\May Family\AppData\Roaming\pcouffin.inf
[2014/11/22 14:08:48 | 000,000,632 | RHS- | C] () -- C:\Users\May Family\ntuser.pol
[2014/11/22 01:48:03 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/11/22 00:56:08 | 000,196,238 | ---- | C] () -- C:\Windows\hpwins20.dat
[2014/11/22 00:56:08 | 000,001,678 | ---- | C] () -- C:\Windows\hpwmdl20.dat
[2014/11/21 23:36:46 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2014/11/21 23:27:00 | 000,128,312 | ---- | C] () -- C:\Windows\SysWow64\GFNEX.dll
[2014/11/21 23:01:10 | 000,814,218 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/15 16:18:02 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2014/09/15 16:18:02 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2014/09/15 16:06:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2014/09/15 16:06:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 20:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 19:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
 

OTL Extras.txt

 

OTL Extras logfile created on: 3/3/2015 9:03:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\May Family\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.58 Gb Total Physical Memory | 5.68 Gb Available Physical Memory | 75.01% Memory free
7.57 Gb Paging File | 5.69 Gb Available in Paging File | 75.17% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 431.94 Gb Free Space | 92.76% Space Free | Partition Type: NTFS
 
Computer Name: MAYFAMILY-PC | User Name: May Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-601764955-2754836260-3994798295-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09C0F2A8-5362-477D-98BF-27F323C76FAF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20EF9C82-B1EC-4D81-8984-DB8A717BAB76}" = lport=445 | protocol=6 | dir=in | app=system |
"{2BEF3188-6D00-47E3-8229-A3A37325AD19}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{50F4E5A9-4362-4849-9BC6-D3A629C93CFF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55177C21-7190-40B9-8259-BB1E61C1091C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{61CAF234-4DFC-4AC5-A63E-5C69ACF8CA38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{647D22AB-5F01-4983-9B26-15D64A3AAED0}" = rport=139 | protocol=6 | dir=out | app=system |
"{69813CA9-F2E1-4B37-A307-43CA7088BDDF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6A67F86A-4EA7-4155-A637-95645376C469}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6D9B4516-4081-48AC-B0D1-CF30EC606E35}" = rport=445 | protocol=6 | dir=out | app=system |
"{7B61C5F6-BB5C-444C-81EA-183F8485F11C}" = rport=138 | protocol=17 | dir=out | app=system |
"{83518E73-79B5-40E9-B428-D34E82ED8C8D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A0E7AF1C-390C-4C9F-AC17-6C3DFE50EA78}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A40D838E-A677-4361-A9C8-443C9B16F496}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A5334BED-14A1-4312-9CD3-BF82A6E1573B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7C6F83C-93FD-4990-8F44-8BA022DE336D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AB7DB401-1362-4691-9051-1CF05A2A3121}" = rport=137 | protocol=17 | dir=out | app=system |
"{AD23199D-8C9E-4073-8E8E-2FA1A40512C5}" = lport=138 | protocol=17 | dir=in | app=system |
"{B6B88DC5-B613-4DCB-9FF8-1D64DDB30CAB}" = lport=139 | protocol=6 | dir=in | app=system |
"{DE7EBD0E-C411-4413-BD9E-75BCCB1D8410}" = lport=5357 | protocol=6 | dir=in | name=ws-eventing tcp port 5357 |
"{E2A7D125-5AE8-4BB9-A9C6-724125BE2315}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E68377FE-F0F3-4592-8A6D-ED4EFB24A872}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7A5CDB4-B990-4F78-B1CA-CDE5F944A2F3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F26AC405-13BD-4C11-8054-09BF439E8816}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F3BCF549-461B-4CA0-ACFA-65DE5DE3DE13}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0012D07A-4132-44B7-95CD-2988464A7E42}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{03D3A169-6944-40B8-ADD9-331A3ABB35ED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{0AD8C7D8-3054-4A61-90B0-C21825289982}" = protocol=6 | dir=in | app=c:\users\may family\appdata\roaming\utorrent\utorrent.exe |
"{0E8E098F-DDAB-430C-926B-4F0C46B725A0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15ACDB65-A744-4581-B6D3-7A07892FACFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DDB8993-7AA7-41C9-A83F-E74267BB6CEE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2D4ABD7D-A388-4DE1-8F79-922B18CC3A9A}" = protocol=17 | dir=in | app=c:\users\may family\appdata\roaming\utorrent\utorrent.exe |
"{2E77F202-8047-4D22-A437-F0B2F7B9C10E}" = dir=in | app=c:\program files\hp\hp officejet 4630 series\bin\sendafax.exe |
"{369DB65F-A59A-40CF-9E21-17B89DB79207}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3AF8FB4D-CD28-4D05-A10F-13C5369AE8EE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40FA9F33-A443-43C7-AD40-A0127C1985E1}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{4EEFF7A2-C758-49D5-9804-1CE518A6556E}" = protocol=6 | dir=out | app=system |
"{50C3D7C6-440C-4074-AD6D-5EBCFD946F99}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{620D59E6-C947-4753-A6CA-1857FCD4FB91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65F77E2B-7C36-45BE-A019-E80C495E3DA7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{677EE343-3BA6-499E-B4A3-49D448F8AFC2}" = dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{67ACE1C5-D3D8-46F0-B1C8-ED53B331C8D0}" = dir=in | app=c:\program files\hp\hp officejet 4630 series\bin\hpnetworkcommunicatorcom.exe |
"{6BDD0C0A-1678-4113-B175-AC938D7E9F78}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70896D75-CC95-4195-BF4C-184EF56BA8CB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{88C1C57A-33DB-4D7C-A572-1658B149E972}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{940827CB-A9F9-4893-BB49-D65117035AD1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AAC1987A-EDF5-4584-8277-3D3E013A12FF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AD663CAB-B75D-4CAB-B452-868453BC1EB5}" = dir=in | app=c:\program files\hp\hp officejet 4630 series\bin\faxapplications.exe |
"{B3E9258A-EA11-4A44-A67A-4E14C8F54C4E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5EE9922-10FD-461C-B187-C10C63DA986A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C941DDB6-1498-4CF8-A09E-3AF1B58B5596}" = dir=in | app=c:\program files\hp\hp officejet 4630 series\bin\digitalwizards.exe |
"{DEED9D29-77C2-4A0D-830A-36306493CEA0}" = dir=in | app=c:\program files\hp\hp officejet 4630 series\bin\devicesetup.exe |
"{E1DF10C1-1AB7-4D0E-A3BD-51296C3ACE69}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7184170-E523-49B5-BFFB-CBD652B41064}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{F6577DAD-402D-4961-9D15-56B106975272}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{C5262253-1C4D-48ED-A88E-F972694C77F5}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{8FEAF880-4D37-4E0E-B288-6D85A52638D0}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{522D6D76-B109-4C83-BA3C-D26D08391EBC}" = Nitro Pro 8
"{61CF256E-CC63-4A4C-97CC-A48411054D60}" = HP OfficeJet J4600 All-In-One Series
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB81499-64E9-4880-9CD0-A68824752D5B}" = HP Officejet 4630 series Basic Device Software
"{90140000-0016-0000-1000-0000000FF1CE}" = Microsoft Office Excel 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-001B-0000-1000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D5E6ECB-C686-4FFC-8EA8-2DF907C6B733}" = Panda Free Antivirus
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}" = HP Deskjet 1000 J110 series Basic Device Software
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C16CD4C0-48EE-0F40-C9FD-0778EAF73FBD}" = AMD Wireless Display v3.0
"{C2956908-53A3-88FC-B795-B16508296FC4}" = AMD Catalyst Install Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"Office14.EXCEL" = Microsoft Excel 2010
"Office14.WORD" = Microsoft Word 2010
"sp6" = Logitech SetPoint 6.61
"WinRAR archiver" = WinRAR 5.11 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}" = Cisco PEAP Module
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}" = TOSHIBA Hardware Setup
"{38F03569-A636-4CF3-BDDE-032C8C251304}" = Movie Maker
"{3B540E44-8382-4899-B481-1E2E02E38F3E}" = 4660_4680_Help
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{548083DD-D99B-2CE1-8D2B-D78BEB834F7A}" = OEM Application Profile
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}" = Realtek Card Reader
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6522F5F9-411B-4513-A75B-CEA00395F032}" = Windows Live UX Platform Language Pack
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{66B5819D-DE70-42BE-B40F-978FBA12452E}" = Windows Live Essentials
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.1
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{949F1EA1-D3E2-472E-BC7C-CB72374C0E55}" = Panda Devices Agent
"{95CECD78-72C9-4C03-8693-4C97A02AE702}" = HP Update
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{A5107464-AA9B-4177-8129-5FF2F42DD322}" = REALTEK Wireless LAN Driver
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.10)
"{AF312B06-5C5C-468E-89B3-BE6DE2645722}" = Cisco LEAP Module
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B629CD93-A629-4A9F-8B6E-218E741A316E}" = BPDSoftware_Ini
"{C992FFE0-AC32-4FA9-BC9A-F1637B9E655D}" = Photo Gallery
"{CAA0F57A-BA8C-4AD8-AA03-F32B0E4F5623}" = Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB800D0F-80E8-4E79-8423-09908CF1DB07}" = J4600_Basic
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{DCE9C52A-95DD-4075-9FC6-3313FB8748A5}" = BPDSoftware
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34351A4-4B10-4DFF-96BC-84C642D9C625}" = The Print Shop 22
"{EC7FE03D-239A-4E36-9907-0E327922D2A2}" = bpd_scan
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI
"DAEMON Tools Lite" = DAEMON Tools Lite
"Game Booster_is1" = Game Booster 3
"ImgBurn" = ImgBurn
"IObitUninstall" = IObit Uninstaller
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Mozilla Firefox 36.0 (x86 en-US)" = Mozilla Firefox 36.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Panda Devices Agent" = Panda Devices Agent
"Panda Universal Agent Endpoint" = Panda Free Antivirus
"RocketDock_is1" = RocketDock 1.3.5
"Security Task Manager" = Security Task Manager 1.8g
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-601764955-2754836260-3994798295-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 3/1/2015 10:39:09 PM | Computer Name = MayFamily-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 3/1/2015 11:39:09 PM | Computer Name = MayFamily-PC | Source = Software Protection Platform Service | ID = 8193
Description = License Activation Scheduler (sppuinotify.dll) failed with the following
 error code:  0x80070005
 
Error - 3/2/2015 12:16:16 AM | Computer Name = MayFamily-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 3/2/2015 2:57:03 AM | Computer Name = MayFamily-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 3/2/2015 3:21:59 PM | Computer Name = MayFamily-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 3/2/2015 6:27:19 PM | Computer Name = MayFamily-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 3/2/2015 10:32:20 PM | Computer Name = MayFamily-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 3/3/2015 6:14:52 AM | Computer Name = MayFamily-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 3/3/2015 2:37:58 PM | Computer Name = MayFamily-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
Error - 3/3/2015 9:57:44 PM | Computer Name = MayFamily-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
 
[ System Events ]
Error - 3/2/2015 12:06:49 AM | Computer Name = MayFamily-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AFS
 
Error - 3/2/2015 1:53:43 AM | Computer Name = MayFamily-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 3/2/2015 2:55:55 AM | Computer Name = MayFamily-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
 
Error - 3/2/2015 2:56:33 AM | Computer Name = MayFamily-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
 
Error - 3/2/2015 2:57:05 AM | Computer Name = MayFamily-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 3/2/2015 2:57:06 AM | Computer Name = MayFamily-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AFS
 
Error - 3/2/2015 3:21:33 PM | Computer Name = MayFamily-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
 
Error - 3/2/2015 3:22:07 PM | Computer Name = MayFamily-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 3/2/2015 3:22:07 PM | Computer Name = MayFamily-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   AFS
 
Error - 3/3/2015 2:37:56 PM | Computer Name = MayFamily-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{885D24D4-A07D-4588-97CD-E0FF476F7994}
 because another computer on the network has the same name.  The server could not
 start.
 
 
< End of report >
 



BC AdBot (Login to Remove)

 


#2 jmaywc00

jmaywc00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 03 March 2015 - 11:22 PM

Some background info. Computer is a toshiba Satellite that came with Windows 8. I downgraded to Windows 7 and had to change the mode in bios for it to work. I dont know if thats related but Firefox videos crash and pages load slow. I just added 4gigs of memory.


Edited by jmaywc00, 03 March 2015 - 11:27 PM.


#3 jmaywc00

jmaywc00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 05 March 2015 - 09:48 PM

Anybody?



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,901 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:57 AM

Posted 07 March 2015 - 10:22 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#5 jmaywc00

jmaywc00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 07 March 2015 - 03:21 PM

# AdwCleaner v4.111 - Logfile created 07/03/2015 at 14:05:22
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : May Family - MAYFAMILY-PC
# Running from : C:\Users\May Family\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\May Family\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BoBrowser.lnk
File Found : C:\Users\May Family\AppData\Roaming\Mozilla\Firefox\Profiles\0vae3kxt.default\user.js
Folder Found : C:\ProgramData\drivergenius
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver genius
Folder Found : C:\ProgramData\SecTaskMan
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\ProgramData\Uniblue\DriverScanner

***** [ Scheduled tasks ] *****

Task Found : LuckyTab
Task Found : Run_Bobby_Browser

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Box Rock
Key Found : HKLM\SOFTWARE\Clara
Key Found : HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\bobrowser.exe
Key Found : HKLM\SOFTWARE\SimpleFiles
Key Found : HKLM\SOFTWARE\Uniblue

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Mozilla Firefox v36.0.1 (x86 en-US)

*************************

AdwCleaner[R0].txt - [1372 bytes] - [07/03/2015 14:05:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1431 bytes] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by May Family (administrator) on MAYFAMILY-PC on 07-03-2015 14:14:57
Running from C:\Users\May Family\Downloads
Loaded Profiles: May Family & Abby (Available profiles: May Family & Abby)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-601764955-2754836260-3994798295-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-601764955-2754836260-3994798295-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-22] (SUPERAntiSpyware)
HKU\S-1-5-21-601764955-2754836260-3994798295-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-601764955-2754836260-3994798295-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-601764955-2754836260-3994798295-1000\...\MountPoints2: {6ebc1aee-720d-11e4-9d3e-f9d47f2a5cc8} - F:\SETUP.EXE
HKU\S-1-5-21-601764955-2754836260-3994798295-1005\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-601764955-2754836260-3994798295-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-601764955-2754836260-3994798295-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-601764955-2754836260-3994798295-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-601764955-2754836260-3994798295-1005\...\MountPoints2: {6ebc1aee-720d-11e4-9d3e-f9d47f2a5cc8} - F:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-11-23] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-601764955-2754836260-3994798295-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-601764955-2754836260-3994798295-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-601764955-2754836260-3994798295-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-601764955-2754836260-3994798295-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2014-12-30] (IObit)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} ->  No File
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{885D24D4-A07D-4588-97CD-E0FF476F7994}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\May Family\AppData\Roaming\Mozilla\Firefox\Profiles\0vae3kxt.default
FF Homepage: hxxp://hsrd.yahoo.com/_ylt=ArAgmfo7ugBLoX4PgndDf9abvZx4/RV=1/RE=1425860735/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly93d3cueWFob28uY29tLw--/RS=%5EADAZL5l5borZ6oakJwJw5gXpA.mxRE-
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-601764955-2754836260-3994798295-1005: @nsroblox.roblox.com/launcher -> C:\Users\Abby\AppData\Local\Roblox\Versions\version-a59a59ef5163481d\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-601764955-2754836260-3994798295-1005: @nsroblox.roblox.com/launcher64 -> C:\Users\Abby\AppData\Local\Roblox\Versions\version-a59a59ef5163481d\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF user.js: detected! => C:\Users\May Family\AppData\Roaming\Mozilla\Firefox\Profiles\0vae3kxt.default\user.js [2014-12-30]
FF Extension: Adblock Plus - C:\Users\May Family\AppData\Roaming\Mozilla\Firefox\Profiles\0vae3kxt.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-22]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-13]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1168960 2013-12-03] (iolo technologies, LLC)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2015-01-09] () [File not signed]
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S4 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2015-01-02] (Disc Soft Ltd)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [3562200 2014-10-07] (Realtek Semiconductor Corporation                           )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 14:14 - 2015-03-07 14:16 - 00013551 _____ () C:\Users\May Family\Downloads\FRST.txt
2015-03-07 14:14 - 2015-03-07 14:15 - 00000000 ____D () C:\FRST
2015-03-07 14:14 - 2015-03-07 14:14 - 02094592 _____ (Farbar) C:\Users\May Family\Downloads\FRST64.exe
2015-03-07 14:05 - 2015-03-07 14:09 - 00000000 ____D () C:\AdwCleaner
2015-03-07 14:04 - 2015-03-07 14:04 - 02126848 _____ () C:\Users\May Family\Downloads\AdwCleaner.exe
2015-03-03 21:25 - 2015-03-03 21:25 - 00050842 _____ () C:\Users\May Family\Downloads\Extras.Txt
2015-03-03 21:22 - 2015-03-03 21:22 - 00073786 _____ () C:\Users\May Family\Downloads\OTL.Txt
2015-03-03 21:00 - 2015-03-03 21:00 - 00602112 _____ (OldTimer Tools) C:\Users\May Family\Downloads\OTL.exe
2015-03-02 13:22 - 2014-03-25 07:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-01 22:33 - 2015-03-01 22:33 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2015-03-01 22:33 - 2015-03-01 22:33 - 00000000 ____D () C:\Users\May Family\AppData\Roaming\ioloGovernor
2015-03-01 22:33 - 2015-03-01 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-03-01 22:33 - 2015-03-01 22:33 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-03-01 22:33 - 2015-03-01 22:33 - 00000000 ____D () C:\Program Files (x86)\iolo
2015-03-01 22:33 - 2013-12-03 10:47 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2015-03-01 22:33 - 2013-12-03 10:47 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2015-03-01 22:33 - 2013-12-03 10:01 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2015-03-01 22:33 - 2013-12-03 10:01 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2015-03-01 22:33 - 2013-12-03 09:54 - 00082160 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
2015-03-01 22:33 - 2013-12-03 09:54 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2015-03-01 22:33 - 2013-12-03 09:54 - 00056200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2015-03-01 22:32 - 2015-03-02 13:55 - 00000000 ____D () C:\ProgramData\iolo
2015-03-01 22:32 - 2015-03-01 23:55 - 00000000 ____D () C:\Users\May Family\AppData\Roaming\iolo
2015-03-01 22:32 - 2015-03-01 22:32 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2015-03-01 20:54 - 2015-03-01 20:54 - 00041472 _____ () C:\Users\May Family\Documents\sign up sheet.sig
2015-03-01 20:42 - 2015-03-01 20:44 - 00453632 _____ () C:\Users\May Family\Documents\Weapons camp.sig
2015-03-01 20:21 - 2015-03-01 20:21 - 00000000 ____D () C:\Users\May Family\AppData\Roaming\Nitro PDF
2015-03-01 18:06 - 2015-03-01 22:30 - 00000000 ____D () C:\Users\May Family\Downloads\System Mechanic 12.5.0.79 incl. Crack {AmanPC}
2015-02-24 23:19 - 2015-02-24 23:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-24 23:17 - 2015-02-24 23:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\May Family\Downloads\mbar-1.09.1.1004.exe
2015-02-24 16:52 - 2015-02-24 16:52 - 00007606 _____ () C:\Users\May Family\AppData\Local\Resmon.ResmonCfg
2015-02-23 11:22 - 2015-02-23 11:22 - 00000000 ____D () C:\Users\Public\Documents\EA Games
2015-02-23 11:22 - 2015-02-23 11:22 - 00000000 ____D () C:\Users\Abby\Documents\EA Games
2015-02-23 11:21 - 2015-02-23 11:21 - 00000000 __RHD () C:\Users\Abby\AppData\Roaming\SecuROM
2015-02-23 11:20 - 2015-02-23 11:20 - 00000000 ____D () C:\Users\May Family\Documents\EA Games
2015-02-23 11:20 - 2015-02-23 11:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2015-02-23 11:01 - 2015-02-23 11:01 - 00000000 ____D () C:\Program Files (x86)\EA GAMES
2015-02-23 11:01 - 2007-04-04 16:39 - 00442368 ____R (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-02-22 18:20 - 2015-03-07 13:56 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-02-22 18:20 - 2015-02-22 18:20 - 00000000 ____D () C:\Users\May Family\AppData\Roaming\SUPERAntiSpyware.com
2015-02-22 18:20 - 2015-02-22 18:20 - 00000000 ____D () C:\Users\May Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-02-22 18:20 - 2015-02-22 18:20 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-02-22 18:18 - 2015-02-22 18:19 - 21294664 _____ (SUPERAntiSpyware) C:\Users\May Family\Downloads\SUPERAntiSpyware.exe
2015-02-15 22:47 - 2015-03-07 08:53 - 00003766 _____ () C:\Windows\PFRO.log
2015-02-15 22:47 - 2015-03-07 08:53 - 00001456 _____ () C:\Windows\setupact.log
2015-02-15 22:47 - 2015-02-15 22:47 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-11 03:17 - 2015-02-11 03:17 - 00002531 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
2015-02-11 03:17 - 2012-12-13 11:47 - 00029704 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalmon2.dll
2015-02-11 03:17 - 2012-12-13 11:47 - 00017928 _____ (Nitro PDF Software) C:\Windows\system32\nitrolocalui2.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-07 13:57 - 2014-11-22 01:30 - 01963909 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 13:56 - 2014-12-02 21:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 09:01 - 2009-07-13 23:13 - 00797448 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 08:56 - 2014-11-28 11:55 - 00001351 _____ () C:\Users\Abby\Desktop\ROBLOX Player.lnk
2015-03-07 08:56 - 2014-11-28 11:54 - 00001170 _____ () C:\Users\Abby\Desktop\ROBLOX Studio.lnk
2015-03-07 08:56 - 2014-11-28 11:54 - 00000000 ____D () C:\Users\Abby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2015-03-07 08:53 - 2014-11-22 00:18 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-07 08:53 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-05 22:32 - 2015-01-26 15:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 22:30 - 2014-11-22 14:07 - 00000000 ____D () C:\Users\May Family\AppData\Roaming\uTorrent
2015-03-05 22:30 - 2014-11-22 02:18 - 00000000 ____D () C:\Users\May Family\AppData\Local\CrashDumps
2015-03-02 15:11 - 2014-11-22 14:37 - 00000000 ____D () C:\Users\Abby
2015-03-01 22:33 - 2014-11-25 20:23 - 00003148 _____ () C:\Windows\System32\Tasks\SidebarExecute
2015-03-01 22:05 - 2014-12-24 21:00 - 00000000 ____D () C:\ProgramData\ProductData
2015-03-01 22:05 - 2014-11-21 23:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-01 22:05 - 2014-11-21 04:37 - 00000000 ____D () C:\Users\May Family
2015-03-01 22:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2015-03-01 22:05 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-01 22:03 - 2009-07-13 22:45 - 00013040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-01 22:03 - 2009-07-13 22:45 - 00013040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-01 20:25 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-24 23:19 - 2014-11-24 14:04 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 23:18 - 2014-11-24 14:03 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-23 11:21 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-19 17:38 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-02-12 15:14 - 2015-01-06 01:07 - 00000767 _____ () C:\Users\May Family\Documents\preschool emails.txt
2015-02-10 20:41 - 2014-11-30 09:38 - 00000000 ____D () C:\Users\TEMP
2015-02-09 20:55 - 2015-01-19 20:14 - 00000000 ____D () C:\Users\May Family\AppData\Local\Windows Live
2015-02-05 00:29 - 2014-12-02 21:16 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 00:29 - 2014-12-02 21:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 00:29 - 2014-12-02 21:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2014-11-29 20:28 - 2014-11-29 20:28 - 0099384 _____ () C:\Users\May Family\AppData\Roaming\inst.exe
2014-11-29 20:28 - 2014-11-29 20:28 - 0007859 _____ () C:\Users\May Family\AppData\Roaming\pcouffin.cat
2014-11-29 20:28 - 2014-11-29 20:28 - 0001167 _____ () C:\Users\May Family\AppData\Roaming\pcouffin.inf
2014-11-29 20:29 - 2014-11-29 20:29 - 0000034 _____ () C:\Users\May Family\AppData\Roaming\pcouffin.log
2014-11-29 20:28 - 2014-11-29 20:28 - 0082816 _____ (VSO Software) C:\Users\May Family\AppData\Roaming\pcouffin.sys
2014-11-29 20:30 - 2014-12-27 19:45 - 0000668 _____ () C:\Users\May Family\AppData\Roaming\vso_ts_preview.xml
2015-02-24 16:52 - 2015-02-24 16:52 - 0007606 _____ () C:\Users\May Family\AppData\Local\Resmon.ResmonCfg
2014-11-22 01:48 - 2014-11-22 01:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-12-26 23:50 - 2014-12-26 23:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-22 00:56 - 2014-11-22 01:35 - 0002287 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Abby\AppData\Local\Temp\drm_dyndata_7320010.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-05 00:55

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
Ran by May Family at 2015-03-07 14:17:32
Running from C:\Users\May Family\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Free Antivirus (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-601764955-2754836260-3994798295-1000\...\uTorrent) (Version: 3.4.2.36318 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-601764955-2754836260-3994798295-1005\...\uTorrent) (Version: 3.4.2.36318 - BitTorrent Inc.)
4660_4680_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
ConvertXtoDVD 3.0.0.1 (HKLM-x32\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.0.0.1 - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Officejet 4630 series Basic Device Software (HKLM\...\{8AB81499-64E9-4880-9CD0-A68824752D5B}) (Version: 31.0.1176.42778 - Hewlett-Packard Co.)
HP OfficeJet J4600 All-In-One Series (HKLM\...\{61CF256E-CC63-4A4C-97CC-A48411054D60}) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{95CECD78-72C9-4C03-8693-4C97A02AE702}) (Version: 5.005.001.002 - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.0.4.1083 - IObit)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 12.5.0 - iolo technologies, LLC)
J4600_Basic (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Excel 2010 (HKLM\...\Office14.EXCEL) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Web Publishing Wizard 1.52 (HKLM-x32\...\WebPost) (Version:  - )
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nitro Pro 8 (HKLM\...\{522D6D76-B109-4C83-BA3C-D26D08391EBC}) (Version: 8.0.10.7 - Nitro)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Free Antivirus (Version: 7.23.00.0000 - Panda Security) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.38 - REALTEK Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
ROBLOX Player for Abby (HKU\S-1-5-21-601764955-2754836260-3994798295-1005\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Abby (HKU\S-1-5-21-601764955-2754836260-3994798295-1005\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0016-0000-1000-0000000FF1CE}_Office14.EXCEL_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Print Shop 22 (HKLM-x32\...\{E34351A4-4B10-4DFF-96BC-84C642D9C625}) (Version: 22.00.0000 - Broderbund Software)
The Sims™ 2 Deluxe (HKLM-x32\...\{9C244239-ED8E-40f1-937F-51C706CD2160}) (Version:  - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0028 - TOSHIBA)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-601764955-2754836260-3994798295-1005_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Abby\AppData\Local\Roblox\Versions\version-a59a59ef5163481d\RobloxProxy64.dll (ROBLOX Corporation)

==================== Restore Points  =========================

02-03-2015 15:11:28 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {082E1050-3BB1-445C-933F-ED4BAAED01BF} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {203A36AB-3F98-4FD6-ACBC-409B38A849BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {26051D17-13F3-4121-9244-37B5F0487FC5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {3800F463-DEC4-45D9-B3CF-D9FCE98FF578} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {3FAA2E9C-CBBD-4519-9294-25AA5AF7EF5B} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2015-01-13] ()
Task: {5EC2F262-E308-40D2-A941-44189DEC3A88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {9B4CC2DC-7B18-43E2-AD27-B07A2C3F82E7} - \LuckyTab No Task File <==== ATTENTION
Task: {9F4B9036-DB51-49DF-A355-536EAEE5C171} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {ECF46A0B-EF2E-41CD-BAB0-D8A92EDEAD3A} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2013-12-03] (iolo technologies, LLC)
Task: {FFB2EE40-148E-40A0-A021-ED990CFA0C7E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-22 13:58 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-04-12 11:23 - 2013-04-12 11:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2014-11-22 13:58 - 2007-09-02 13:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR430 => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-601764955-2754836260-3994798295-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\May Family\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-601764955-2754836260-3994798295-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Abby\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: GFNEXSrv => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\startupfolder: C:^Users^May Family^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 1000 J110 series.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
MSCONFIG\startupreg: HP Officejet 4630 series (NET) => "C:\Program Files\HP\HP Officejet 4630 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN41K2B17305Y0:NW" -scfn "HP Officejet 4630 series (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\May Family\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== Accounts: =============================

Abby (S-1-5-21-601764955-2754836260-3994798295-1005 - Limited - Enabled) => C:\Users\Abby
Administrator (S-1-5-21-601764955-2754836260-3994798295-500 - Administrator - Disabled)
ASPNET (S-1-5-21-601764955-2754836260-3994798295-1004 - Limited - Enabled)
Guest (S-1-5-21-601764955-2754836260-3994798295-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-601764955-2754836260-3994798295-1002 - Limited - Enabled)
May Family (S-1-5-21-601764955-2754836260-3994798295-1000 - Administrator - Enabled) => C:\Users\May Family

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2015 01:56:30 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/07/2015 08:53:38 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/06/2015 09:12:30 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/06/2015 01:57:40 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/05/2015 10:38:41 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/05/2015 07:48:24 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/05/2015 01:47:12 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/05/2015 08:12:57 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/05/2015 04:44:30 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.

Error: (03/04/2015 04:53:36 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x80070005.


System errors:
=============
Error: (03/07/2015 08:53:54 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS

Error: (03/07/2015 08:53:50 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/07/2015 08:53:15 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (03/05/2015 10:38:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS

Error: (03/05/2015 10:38:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/05/2015 10:38:14 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (03/05/2015 10:37:33 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (03/03/2015 00:37:56 PM) (Source: Server) (EventID: 2505) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{885D24D4-A07D-4588-97CD-E0FF476F7994} because another computer on the network has the same name.  The server could not start.

Error: (03/02/2015 01:22:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFS

Error: (03/02/2015 01:22:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (03/07/2015 01:56:30 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (03/07/2015 08:53:38 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (03/06/2015 09:12:30 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (03/06/2015 01:57:40 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (03/05/2015 10:38:41 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (03/05/2015 07:48:24 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (03/05/2015 01:47:12 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (03/05/2015 08:12:57 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (03/05/2015 04:44:30 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (03/04/2015 04:53:36 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000


CodeIntegrity Errors:
===================================
  Date: 2015-01-20 23:16:37.801
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 23:16:37.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 23:16:37.785
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 23:16:37.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 23:16:37.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-20 23:16:37.754
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-15 01:30:46.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-15 01:30:46.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-15 01:30:46.652
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2015-01-15 01:30:46.574
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD E1-1200 APU with Radeon™ HD Graphics
Percentage of memory in use: 23%
Total physical RAM: 7757.36 MB
Available physical RAM: 5907.86 MB
Total Pagefile: 7755.54 MB
Available Pagefile: 5779.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:431.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 460A0C26)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,901 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:57 AM

Posted 08 March 2015 - 07:09 AM

I suggest you remove uTorrent using the Add/Remove programs applet.

uTorrent it quietly installs a cryptocurrency miner on users' computers
Read about it.
http://www.pcworld.com/article/2893982/utorrent-quietly-installs-a-cryptocurrency-miner-on-users-computers.html
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-601764955-2754836260-3994798295-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} ->  No File
FF Homepage: hxxp://hsrd.yahoo.com/_ylt=ArAgmfo7ugBLoX4PgndDf9abvZx4/RV=1/RE=1425860735/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly93d3cueWFob28uY29tLw--/RS=%5EADAZL5l5borZ6oakJwJw5gXpA.mxRE-
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\May Family\AppData\Roaming\Mozilla\Firefox\Profiles\0vae3kxt.default\user.js [2014-12-30]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - No Path Or update_url value
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Abby\AppData\Local\Temp\drm_dyndata_7320010.dll
Task: {9B4CC2DC-7B18-43E2-AD27-B07A2C3F82E7} - \LuckyTab No Task File <==== ATTENTION
Task: {9F4B9036-DB51-49DF-A355-536EAEE5C171} - \Run_Bobby_Browser No Task File <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#7 jmaywc00

jmaywc00
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 11 March 2015 - 10:34 PM

Wow...videos stopped crashing. Nice!

 

Thank you for your time and effort!

 

Let me know if you see anything else you can fix.

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by May Family at 2015-03-11 22:19:22 Run:1
Running from C:\Users\May Family\Documents
Loaded Profiles: May Family & Abby (Available profiles: May Family & Abby)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-601764955-2754836260-3994798295-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} ->  No File
FF Homepage: hxxp://hsrd.yahoo.com/_ylt=ArAgmfo7ugBLoX4PgndDf9abvZx4/RV=1/RE=1425860735/RH=aHNyZC55YWhvby5jb20-/RO=2/RU=aHR0cHM6Ly93d3cueWFob28uY29tLw--/RS=%5EADAZL5l5borZ6oakJwJw5gXpA.mxRE-
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF user.js: detected! => C:\Users\May Family\AppData\Roaming\Mozilla\Firefox\Profiles\0vae3kxt.default\user.js [2014-12-30]
CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - No Path Or update_url value
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Abby\AppData\Local\Temp\drm_dyndata_7320010.dll
Task: {9B4CC2DC-7B18-43E2-AD27-B07A2C3F82E7} - \LuckyTab No Task File <==== ATTENTION
Task: {9F4B9036-DB51-49DF-A355-536EAEE5C171} - \Run_Bobby_Browser No Task File <==== ATTENTION

End
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-601764955-2754836260-3994798295-1005\User => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}" => Key deleted successfully.
"HKCR\CLSID\{E33CF602-D945-461A-83F0-819F76A199F8}" => Key deleted successfully.
Firefox homepage deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Users\May Family\AppData\Roaming\Mozilla\Firefox\Profiles\0vae3kxt.default\user.js => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd" => Key deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Abby\AppData\Local\Temp\drm_dyndata_7320010.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9B4CC2DC-7B18-43E2-AD27-B07A2C3F82E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B4CC2DC-7B18-43E2-AD27-B07A2C3F82E7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9F4B9036-DB51-49DF-A355-536EAEE5C171}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F4B9036-DB51-49DF-A355-536EAEE5C171}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog 22:19:24 ====

 

 

 

 

 Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Panda Free Antivirus   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
  Java 64-bit 8 Update 31  
 Adobe Flash Player 16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (36.0.1)
````````Process Check: objlist.exe by Laurent````````  
 iolo Common Lib ioloServiceManager.exe
 iolo System Mechanic iologovernor64.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````


Edited by jmaywc00, 11 March 2015 - 10:35 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,901 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:57 AM

Posted 12 March 2015 - 08:18 AM

You ave looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,901 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:57 AM

Posted 18 March 2015 - 08:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users