Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, please check my log to see if everything is ok.


  • This topic is locked This topic is locked
16 replies to this topic

#1 luckyrabbit

luckyrabbit

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 24 March 2015 - 02:04 PM

Hi, 
 
attached is a scan of HJT  to see if my computer is ok it seems fine but just want to make sure. Thanks Roger
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 2:58:02 PM, on 24/03/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16633)
CHROME: 41.0.2272.101
 
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\ROGERT~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roger Trudel\Downloads\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Roger Trudel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Global Startup: AutorunsDisabled
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: USB2.0 VIDBOX NW02 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
 
--
End of file - 4884 bytes

Edited by Queen-Evie, 24 March 2015 - 02:08 PM.
moved from Am I Infected to the appropriate forum. HJT logs are allowed only in Malware Removal Logs


BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:54 PM

Posted 25 March 2015 - 09:38 AM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem. Feel free to call me Makka or something like that.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 25 March 2015 - 08:23 PM

can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Roger Trudel (administrator) on ROGERTRUDEL-PC on 25-03-2015 21:14:39
Running from C:\Users\Roger Trudel\Desktop
Loaded Profiles: Roger Trudel & Jennifer Trudel (Available profiles: Roger Trudel & Jennifer Trudel)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Realtek Semiconductor Corp.) C:\Users\Jennifer Trudel\AppData\Local\temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Realtek Semiconductor Corp.) C:\Users\Roger Trudel\AppData\Local\temp\RtkBtMnt.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5296128 2008-03-11] (Realtek Semiconductor)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [Google Update] => C:\Users\Roger Trudel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-08] (Google Inc.)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PHOTOS~1.SCR
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\Run: [Google Update] => "C:\Users\Jennifer Trudel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\MountPoints2: {6d368012-f26b-11de-8f99-a7ea48ecc468} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\launcher.exe
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\MountPoints2: {80bd30b5-ef4b-11df-9f85-ed2166718a28} - F:\DPFMate.exe
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [879616 2008-01-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
GroupPolicyUsers\S-1-5-21-2394636743-4037641282-260643174-1001\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
URLSearchHook: HKU\S-1-5-21-2394636743-4037641282-260643174-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03] (HiTRUST)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05] (Egis Incorporated.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File []
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll [2014-11-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2008-11-23] (BitTorrent, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\Roger Trudel\Program Files\DNA\plugins\npbtdna.dll [2008-11-23] (BitTorrent, Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Roger Trudel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jennifer Trudel\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-31]
FF HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Roger Trudel\Program Files\DNA
FF Extension: DNA - C:\Users\Roger Trudel\Program Files\DNA [2008-11-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Linkclump) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2013-01-11]
CHR Extension: (Google Wallet) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Profile: C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-21]
CHR Extension: (Google Search) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-21]
CHR Extension: (Google Wallet) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12]
CHR Extension: (Gmail) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Jennifer Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [497712 2008-03-05] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [163840 2007-05-16] (acer) [File not signed]
S4 LexBceS; C:\Windows\System32\LEXBCES.EXE [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)
S4 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63448 2009-12-30] (Lexar Media, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-21] (NewTech Infosystems, Inc.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-31] () [File not signed]
S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [38656 2007-11-20] (Service & Quality Technology.) [File not signed]
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [242139 2006-11-15] (Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-06-27] (Syntek America Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslf1674c66; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68C3044A-4587-4920-B915-B8EBBACB8E76}\MpKslf1674c66.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-25 21:14 - 2015-03-25 21:15 - 00018975 _____ () C:\Users\Roger Trudel\Desktop\FRST.txt
2015-03-25 21:14 - 2015-03-25 21:14 - 00000000 ____D () C:\FRST
2015-03-25 21:12 - 2015-03-25 21:12 - 01135104 _____ (Farbar) C:\Users\Roger Trudel\Desktop\FRST.exe
2015-03-25 21:11 - 2015-03-25 21:12 - 01135104 _____ (Farbar) C:\Users\Roger Trudel\Downloads\FRST.exe
2015-03-25 07:36 - 2015-03-25 16:23 - 00000880 _____ () C:\Windows\PFRO.log
2015-03-24 14:52 - 2015-03-24 14:58 - 00004885 _____ () C:\Users\Roger Trudel\Downloads\hijackthis.log
2015-03-24 14:50 - 2015-03-24 14:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Roger Trudel\Downloads\HijackThis.exe
2015-03-22 00:05 - 2015-03-22 00:05 - 00001339 _____ () C:\Users\Roger Trudel\Documents\raptors roster for fantasy basketball.txt
2015-03-21 21:00 - 2015-03-24 20:57 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\Cori's 9th Bday
2015-03-12 16:18 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 16:17 - 2015-02-25 20:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 16:17 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 16:03 - 2015-02-25 22:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 16:03 - 2015-02-25 22:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 16:03 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 16:03 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 16:03 - 2015-01-08 22:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 16:03 - 2015-01-08 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 16:02 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 16:01 - 2015-03-06 00:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 16:01 - 2014-10-12 21:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 16:00 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 15:58 - 2015-02-21 13:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 15:58 - 2015-02-21 13:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 15:58 - 2015-02-21 13:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-12 15:58 - 2015-02-21 13:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-12 15:57 - 2015-02-21 13:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 15:57 - 2015-02-21 13:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 15:57 - 2015-02-21 13:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 15:57 - 2015-02-21 13:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 15:57 - 2015-02-21 13:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 15:57 - 2015-02-21 13:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 15:57 - 2015-02-21 13:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-12 15:57 - 2015-02-21 13:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 15:57 - 2015-02-21 13:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 15:57 - 2015-02-21 13:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-12 15:57 - 2015-02-21 13:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 23:54 - 2015-03-20 10:39 - 00642048 _____ () C:\Users\Jennifer Trudel\Desktop\March 2015.xls
2015-02-28 01:11 - 2015-02-28 13:17 - 00000000 ____D () C:\Users\Roger Trudel\Desktop\NorthBay Battalion
2015-02-24 19:28 - 2015-02-28 15:57 - 00000503 _____ () C:\Users\Roger Trudel\Documents\Cori Book Report Shoebox.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-25 21:13 - 2008-11-17 11:32 - 01804098 _____ () C:\Windows\WindowsUpdate.log
2015-03-25 20:51 - 2012-06-16 08:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-25 20:43 - 2012-08-08 09:57 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000UA.job
2015-03-25 20:24 - 2012-07-05 17:26 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001UA.job
2015-03-25 19:43 - 2012-08-08 09:57 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000Core.job
2015-03-25 19:16 - 2006-11-02 08:45 - 00003344 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-25 19:16 - 2006-11-02 08:45 - 00003344 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-25 17:04 - 2015-01-22 22:25 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\Moms 65th
2015-03-25 16:31 - 2006-11-02 06:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-25 16:24 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-25 08:45 - 2006-11-02 08:58 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-24 23:12 - 2014-09-30 20:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-24 10:24 - 2012-07-05 17:25 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001Core.job
2015-03-20 18:25 - 2008-11-16 23:52 - 00144384 _____ () C:\Users\Roger Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 18:18 - 2008-11-23 14:49 - 00033792 _____ () C:\Users\Jennifer Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 10:38 - 2012-01-10 19:58 - 00068096 _____ () C:\Users\Jennifer Trudel\Desktop\Books.xls
2015-03-17 14:49 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2015-03-12 16:40 - 2006-11-02 08:44 - 00298752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 16:17 - 2013-07-11 08:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 16:04 - 2006-11-02 06:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-10 10:57 - 2009-03-29 10:33 - 00000032 _____ () C:\Windows\actval.ini
2015-03-03 09:16 - 2009-10-09 18:52 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-03 08:15 - 2015-02-02 21:52 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\DietBet
 
==================== Files in the root of some directories =======
 
2010-04-01 21:19 - 2010-04-01 21:19 - 0000000 _____ () C:\Users\Roger Trudel\AppData\Roaming\wklnhst.dat
2011-06-07 19:31 - 2011-06-07 19:31 - 0000680 _____ () C:\Users\Roger Trudel\AppData\Local\d3d9caps.dat
2008-11-16 23:52 - 2015-03-20 18:25 - 0144384 _____ () C:\Users\Roger Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-12-20 16:31 - 2008-12-20 16:33 - 0015800 _____ () C:\Users\Roger Trudel\AppData\Local\imageCache.db
2009-12-30 19:49 - 2010-09-30 21:39 - 0011021 _____ () C:\ProgramData\hpzinstall.log
2008-11-18 16:24 - 2013-11-27 13:51 - 0000020 ____H () C:\ProgramData\PKP_DLea.DAT
 
Some content of TEMP:
====================
C:\Users\Jennifer Trudel\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Jennifer Trudel\AppData\Local\temp\SkypeSetup.exe
C:\Users\Roger Trudel\AppData\Local\temp\RtkBtMnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 16:34
 
==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Roger Trudel at 2015-03-25 21:15:34
Running from C:\Users\Roger Trudel\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Acer Assist (HKLM\...\Acer Assist) (Version:  - Acer Incorporated)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 2.8.4354 - Egis Inc.)
Acer eLock Management (HKLM\...\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}) (Version: 2.5.4302 - Acer Inc.)
Acer Empowering Technology (HKLM\...\{AB6097D9-D722-4987-BD9E-A076E2848EE2}) (Version: 2.5.4301 - Acer Inc.)
Acer eNet Management (HKLM\...\{C06554A1-2C1E-4D20-B613-EE62C79927CC}) (Version: 2.6.4303 - Acer Inc.)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 2.5.4014 - Acer Inc.)
Acer ePresentation Management (HKLM\...\{BF839132-BD43-4056-ACBF-4377F4A88E2A}) (Version: 2.5.4300 - Acer Inc.)
Acer eSettings Management (HKLM\...\{CE65A9A0-9686-45C6-9098-3C9543A412F0}) (Version: 2.5.4302 - Acer Inc.)
Acer GridVista (HKLM\...\GridVista) (Version: 2.69.110 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 1.0.4301 - Acer Inc.)
Acer Registration (HKLM\...\Acer Registration) (Version:  - Acer - Leader Technologies)
Acer ScreenSaver (HKLM\...\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}) (Version: 1.11.20071207 - Acer Inc.)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Active@ ISO Burner (HKLM\...\{7694E0B1-2332-448B-9235-929F84B41E3F}) (Version: 2.1.0 - LSoft Technologies)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Digital Editions (HKLM\...\Digital Editions) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.5.502.146 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - Agere Systems)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: Version 7.0.1101.17 - Alps Electric)
Apple Application Support (HKLM\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar Updater (HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.0.20007 - Ask.com) <==== ATTENTION
Avery Wizard 3.1 (HKLM\...\{F19F7B24-AAD4-4236-8475-5335483DA676}) (Version: 3.1.9 - Avery)
Baseball Mogul 2010 (HKLM\...\{92B59710-5225-11DE-72AE-0068B1F02CD6}) (Version: 12.12 - Sports Mogul Inc.)
BitTorrent (HKLM\...\BitTorrent) (Version: 7.2.1 - )
BitTorrent (HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\BitTorrent) (Version: 7.9.2.31897 - BitTorrent Inc.)
BitTorrent (HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\BitTorrent) (Version:  - BitTorrent, Inc)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 100.0.170.000 - Hewlett-Packard) Hidden
CameraHelperMsi (Version: 13.31.1038.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco WebEx Meetings (HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM\...\{307ECD26-43D7-4AD4-82CF-794B63EDF096}) (Version: 1.0.141 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Copy (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Destination Component (Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_ProductContext (Version: 100.0.215.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software (Version: 100.0.206.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F4200_Software_Min (Version: 100.0.213.000 - Hewlett-Packard) Hidden
DNA (HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\BitTorrent DNA) (Version: 2.2.1 (13235) - BitTorrent Inc.)
DNA (HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\BitTorrent DNA) (Version: 2.2.1 (13235) - BitTorrent Inc.)
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Eastside UK saved game Editor v2007.0.4 (HKLM\...\Eastside UK saved game Editor for NHL EHM 2007_is1) (Version:  - Eastside UK)
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
F4200 (Version: 100.0.206.000 - Hewlett-Packard) Hidden
F4200_Help (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Free M4a to MP3 Converter 6.0 (HKLM\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free Mp3 Wma Converter V 2.2 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Google Chrome (HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Google Chrome) (Version: 41.0.2272.101 - Google Inc.)
Google Chrome (HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\Google Chrome) (Version: 25.0.1364.97 - Google Inc.)
GoToMeeting 5.4.0.1082 (HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
HandBrake 0.9.9 (HKLM\...\HandBrake) (Version: 0.9.9 - )
honestech VHS to DVD 3.0 Deluxe (HKLM\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 3.0 - honestech)
honestech VHS to DVD 3.0 Deluxe (Version: 3.0 - Honest Technology) Hidden
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3 (HKLM\...\{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}) (Version: 10.0 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
iTunes (HKLM\...\{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
K-Lite Codec Pack 4.8.5 (Standard) (HKLM\...\KLiteCodecPack_is1) (Version: 4.8.5 - )
Kobo (HKLM\...\Kobo) (Version: 2.1.6 - Kobo Inc.)
Launch Manager (HKLM\...\LManager) (Version:  - )
LightScribe  1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.31 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2000 Professional (HKLM\...\{00010409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4SP2 (HKLM\...\{451BB54C-8B23-4455-8BDC-14FC7D43E056}) (Version: 1.00.0000 - Logiciel Dr Tax Software Inc.)
MyDSC2 (HKLM\...\{83d96ed0-98aa-4515-8ddc-816f3efdd104}) (Version: 1.0 - My Company Name)
Neat Image v7.3.0 Demo plug-in for Photoshop (HKLM\...\Neat Image plug-in for Photoshop_is1) (Version:  - Neat Image team, ABSoft)
NHL Eastside Hockey Manager 2007 (HKLM\...\{9DE4E17F-0C99-4A57-8F7D-5B69CC95D7A9}) (Version: 3.0.0 - SEGA)
NikonCapture (HKLM\...\{21DDC579-834B-4C14-8122-853994FA2214}) (Version: 4.0 - )
NTI Backup NOW! 4.7 (HKLM\...\InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}) (Version: 1.00.0000 - NewTech Infosystems)
NTI Backup NOW! 4.7 (Version: 1.00.0000 - NewTech Infosystems) Hidden
NTI CD & DVD-Maker (HKLM\...\InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}) (Version: 7 - NewTech Infosystems)
NTI CD & DVD-Maker (Version: 7 - NewTech Infosystems) Hidden
Orion (HKLM\...\{0BF78E88-A7C9-4406-89CF-0BA473BA7821}) (Version: 1.0.215 - Convesoft)
Out of the Park 8 (HKLM\...\Out of the Park 8) (Version:  - )
Peck's Power Join (HKLM\...\ST4UNST #1) (Version:  - )
Photo Viewer 2.4 (HKLM\...\Photo Viewer) (Version:  - )
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 4.1.2818 - CyberLink Corp.)
PRS-500 USB driver (HKLM\...\{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}) (Version: 1.0.00.08110 - Sony)
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RAD Video Tools (HKLM\...\RADVideo) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5582 - Realtek Semiconductor Corp.)
Scan (Version: 10.0.0.0 - Hewlett-Packard) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Soap 3.0 Toolkit (HKLM\...\{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}) (Version: 1.00.0000 - Your Company Name)
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Status (Version: 100.0.175.000 - Hewlett-Packard) Hidden
Toolbox (Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Tux Paint 0.9.21c (HKLM\...\Tux Paint_is1) (Version:  - New Breed Software)
UFile 2013 (HKLM\...\{D3D79DA4-68EA-450F-A916-0E854CA30984}) (Version: 17.20.0000 - Thomson Reuters DT Tax and Accounting Inc.)
UFile Updater 2010 (HKLM\...\{A859FA27-05AF-4295-BF2C-A9D3A5A707EE}) (Version: 6.01.0000 - Logiciel Dr Tax Software Inc.)
UFile Updater 2011 (HKLM\...\{7087457A-98F4-4F77-967D-0685C8F18308}) (Version: 7.01.0000 - Logiciel Dr Tax Software Inc.)
UFile Updater 2012 (HKLM\...\{EBD3E558-C070-474B-9CC5-CBCA7147EB25}) (Version: 8.01.0000 - Logiciel Dr Tax Software Inc.)
UFile Updater 2013 (HKLM\...\{B37F0361-9323-44F6-83DD-FCA9390F5712}) (Version: 9.01.0000 - Thomson Reuters DT Tax and Accounting Inc.)
Unity Web Player (HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (Version: 10.0.0 - Hewlett-Packard) Hidden
USB2.0 VIDBOX NW02 (HKLM\...\{7CFB90B6-603B-43D5-B2B4-76DE58C5C3D3}) (Version: 1.0.3.0 - Iton)
VLC media player 0.9.6 (HKLM\...\VLC media player) (Version: 0.9.6 - VideoLAN Team)
WebReg (Version: 100.0.170.000 - Hewlett-Packard) Hidden
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Sony Corporation (PRSUSB) USB  (08/08/2006 1.0.03.08080) (HKLM\...\75070B1806113224B16C70296B90DD1AD8A53479) (Version: 08/08/2006 1.0.03.08080 - Sony Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Roger Trudel\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\41.0.2272.101\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{a3c6dafc-e193-42fc-adca-5316b5d6d653}\InprocServer32 -> C:\Users\Roger Trudel\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.25.11\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Jennifer Trudel\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1224\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Users\Jennifer Trudel\AppData\Local\Google\Chrome\Application\25.0.1364.97\delegate_execute.exe" (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{5F387297-4BDB-48CD-8DB0-ACAD1415FABA}\InprocServer32 -> C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.129\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jennifer Trudel\AppData\Local\Citrix\GoToMeeting\1082\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{9000834c-c6c7-43ac-b8ee-dc9668f39a81}\localserver32 -> C:\Users\ROGERT~1\AppData\Local\Temp\{91814ec0-b5f0-11d2-80b9-00104b1f6cea}\IDriver.NonElevated.exe  (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{a3c6dafc-e193-42fc-adca-5316b5d6d653}\InprocServer32 -> C:\Users\Jennifer Trudel\Program Files\DNA\plugins\npbtdna.dll No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{a8625cb7-85fe-4936-92a4-b2a7c925209e}\InprocServer32 -> C:\Program Files\GamingWonderland\bar\1.bin\gtSrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.135\GoogleUpdateOnDemand.exe" No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2394636743-4037641282-260643174-1001_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
 
==================== Restore Points  =========================
 
23-03-2015 17:09:32 Windows Update
25-03-2015 17:37:59 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 06:23 - 2012-06-20 16:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {005A3BAB-C698-43FE-A452-0F0297A36B8B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000UA => C:\Users\Roger Trudel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08] (Google Inc.)
Task: {29CC87B7-4892-4D50-9DA2-38DDD858274D} - System32\Tasks\McDefragTask => c:\PROGRA~1\mcafee\mqc\QcConsol.exe
Task: {31A91D7A-3481-4CAA-82E1-04027C330FDC} - System32\Tasks\{E98C6ABF-9768-46F7-B6E7-EA5C4B8D5A13} => pcalua.exe -a E:\Welcome.exe -d E:\
Task: {53E2D87C-7E45-4DC0-B32B-535C7DB72AB8} - System32\Tasks\ErrorEND => C:\Program Files\ErrorEND\ErrorEND.exe <==== ATTENTION
Task: {55CF8964-0939-43DE-8A36-801D9296DCE4} - System32\Tasks\{D497AACE-C809-4A66-86D7-AE3FE8BF0E03} => Iexplore.exe http://ui.skype.com/ui/0/6.21.80.104/en/abandoninstall?page=tsProgressBar
Task: {7BD3AAEF-2E99-4372-AEEA-D67A74EC83DB} - System32\Tasks\{A6BBD43B-4F0E-4FDD-A77A-B8CDD9FC914E} => pcalua.exe -a E:\Setup.EXE -d E:\
Task: {7C54A895-B8F7-4A5B-8A02-CA0549D0EC39} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001UA => C:\Users\Jennifer Trudel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {8A9668C2-C221-4EA1-9218-C579E739CF49} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {9DFA8C4D-2E93-4569-84AA-93E2B32C6BDE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001Core => C:\Users\Jennifer Trudel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {B6014DDA-939E-447C-A536-7509E70C30F7} - System32\Tasks\McQcTask => c:\PROGRA~1\mcafee\mqc\QcConsol.exe
Task: {B9DB04D9-CC86-47D5-B20A-7091A8635999} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {C68D9D88-4BF6-47D7-8DB6-F31CEE848131} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000Core => C:\Users\Roger Trudel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-08] (Google Inc.)
Task: {DC54BA12-2E50-422A-A8AA-CA5A19B76531} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Jennifer Trudel => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)
Task: {DF6AD0B4-089B-4493-8306-023FC73459D0} - System32\Tasks\{21000D50-C805-4921-B512-2E03FFA617F9} => pcalua.exe -a E:\DIR615.exe -d E:\
Task: {EE2494E3-A43C-4077-A2D9-5A87CE33752E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ErrorEND.job => C:\Program Files\ErrorEND\ErrorEND.exe-t C:\Program Files\ErrorEND\ErrorEND.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000Core.job => C:\Users\Roger Trudel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000UA.job => C:\Users\Roger Trudel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001Core.job => C:\Users\Jennifer Trudel\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001UA.job => C:\Users\Jennifer Trudel\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2011-10-12 11:58 - 2009-11-05 08:39 - 00087552 _____ () C:\Windows\System32\cpwmon2k.dll
2008-03-21 12:48 - 2007-11-27 21:54 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2008-03-21 12:48 - 2007-11-27 18:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-11-16 21:06 - 2007-02-13 07:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
2008-11-16 21:06 - 2007-02-13 07:26 - 00016384 _____ () C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
2008-03-21 12:35 - 2007-12-19 21:09 - 00024576 _____ () C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
2008-03-21 12:35 - 2007-12-19 21:09 - 00118784 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.Computer.dll
2008-03-21 12:35 - 2007-12-19 21:08 - 00032768 _____ () C:\Acer\Empowering Technology\eSettings\Service\eSettings.Model.ComputerInterfaces.dll
2008-12-01 22:57 - 2005-10-07 16:05 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll
2015-03-20 20:49 - 2015-03-14 06:12 - 09278792 _____ () C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-20 20:49 - 2015-03-14 06:12 - 14974280 _____ () C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Roger Trudel\Desktop\JM_30DAY_SHRED.avi:TOC.WMV
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Roger Trudel\Pictures\cup-slide-2_std.jpg
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\img24.jpg
DNS Servers: Media is not connected to internet.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: CLSched => 2
MSCONFIG\Services: LexBceS => 2
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Malwarebytes' Anti-Malware (reboot) => "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2394636743-4037641282-260643174-500 - Administrator - Disabled)
Guest (S-1-5-21-2394636743-4037641282-260643174-501 - Limited - Disabled)
Jennifer Trudel (S-1-5-21-2394636743-4037641282-260643174-1001 - Limited - Enabled) => C:\Users\Jennifer Trudel
Roger Trudel (S-1-5-21-2394636743-4037641282-260643174-1000 - Administrator - Enabled) => C:\Users\Roger Trudel
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Microsoft ISATAP Adapter #4
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/25/2015 04:24:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/25/2015 07:37:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/24/2015 06:12:39 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp47480070002
 
Error: (03/24/2015 00:11:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/24/2015 11:47:02 AM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{CD44C2B0-371D-4E8A-A6A5-A89B9608E7C6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (03/24/2015 07:23:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/23/2015 03:25:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/23/2015 07:34:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/22/2015 10:31:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp47480070002
 
Error: (03/22/2015 10:31:19 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{4E52055A-12AB-4FF0-8101-43E601DF85C1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
 
System errors:
=============
Error: (03/25/2015 09:14:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
 
Error: (03/25/2015 04:26:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (03/25/2015 08:02:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureCommand%%5
 
Error: (03/25/2015 07:47:16 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
 
Error: (03/25/2015 07:38:35 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (03/24/2015 00:13:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (03/24/2015 07:42:51 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureCommand%%5
 
Error: (03/24/2015 07:33:49 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWStart%%5
 
Error: (03/24/2015 07:25:26 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: HP CUE DeviceDiscovery Service
 
Error: (03/23/2015 03:41:56 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: ScRegSetValueExWFailureCommand%%5
 
 
Microsoft Office Sessions:
=========================
Error: (03/25/2015 04:24:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/25/2015 07:37:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/24/2015 06:12:39 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp47480070002
 
Error: (03/24/2015 00:11:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/24/2015 11:47:02 AM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{CD44C2B0-371D-4E8A-A6A5-A89B9608E7C6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
Error: (03/24/2015 07:23:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/23/2015 03:25:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/23/2015 07:34:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/22/2015 10:31:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier2\eventsystem2.cpp47480070002
 
Error: (03/22/2015 10:31:19 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{4E52055A-12AB-4FF0-8101-43E601DF85C1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-24 15:14:01.684
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-24 15:14:00.919
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-24 15:14:00.108
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-24 15:13:59.297
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-24 15:13:58.143
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-24 15:13:57.394
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-24 15:13:56.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-24 15:13:55.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-11 17:50:53.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-03-11 17:50:53.074
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 560 @ 2.13GHz
Percentage of memory in use: 57%
Total physical RAM: 2037.25 MB
Available physical RAM: 858.51 MB
Total Pagefile: 4315.75 MB
Available Pagefile: 2893.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.07 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:68.77 GB) (Free:29.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:68.56 GB) (Free:18.54 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 02C68EDC)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=68.8 GB) - (Type=06)
Partition 3: (Not Active) - (Size=68.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:54 PM

Posted 26 March 2015 - 12:47 PM

Hey my friend. :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
  • Note: The log can also be found in here: C:\AdwCleaner\

    Step 2: Malwarebytes

    Iconic_normal.png Please download Malwarebytes Anti-Malware to your desktop
    • Double-click mbam-setup-version.exe and follow the prompts to install the program.
    • At the end, be sure a check-mark is placed next to the following:
      • Enable free trial of Malwarebytes Anti-Malware Premium
      • Launch Malwarebytes Anti-Malware
    • Then click Finish.
    • If an update is found, you will be prompted to download and install the latest version.
    • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
    • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
    • Reboot your computer if prompted.
    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

    The log is available throughout History ->Application logs. Please post it contents in your next reply.

    Step 3: Junkware Removal Tool

    thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Step 4: FRST Scan
    • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
    • Click Scan to start FRST.
    • When FRST finishes scanning, a log, FRST.txt, will open.
    • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 26 March 2015 - 05:36 PM

# AdwCleaner v4.113 - Logfile created 26/03/2015 at 17:22:47
# Updated 22/03/2015 by Xplode
# Database : 2015-03-26.1 [Server]
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (x86)
# Username : Roger Trudel - ROGERTRUDEL-PC
# Running from : C:\Users\Roger Trudel\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Convesoft
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Deleted : C:\Program Files\Coupons
Folder Deleted : C:\Users\Jennifer Trudel\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Jennifer Trudel\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Roger Trudel\AppData\LocalLow\HPAppData
Folder Deleted : C:\Users\Roger Trudel\AppData\LocalLow\gamingwonderlandei
File Deleted : C:\Users\Jennifer Trudel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Jennifer Trudel\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
Task Deleted : ErrorEND
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Trymedia Systems
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.0.1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.0.1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16633
 
 
-\\ Google Chrome v
 
[C:\Users\Jennifer Trudel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3222 bytes] - [26/03/2015 17:17:33]
AdwCleaner[S0].txt - [3089 bytes] - [26/03/2015 17:22:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3148  bytes] ##########
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.6 (03.22.2015:1)
OS: Windows Vista ™ Home Basic x86
Ran by Roger Trudel on 26/03/2015 at 18:29:26.33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
Successfully deleted: [File] "C:\Windows\wininit.ini"
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Roger Trudel\appdata\local\{59223306-FFA7-4EF3-B0CC-B062B3A93F39}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/03/2015 at 18:32:05.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Couldn't get the malwarebytes log to export.. but no worries I had nothing wrong.. no infected objects to fix
 
 

 



#6 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 26 March 2015 - 05:39 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Roger Trudel (administrator) on ROGERTRUDEL-PC on 26-03-2015 18:36:50
Running from C:\Users\Roger Trudel\Desktop
Loaded Profiles: Roger Trudel (Available profiles: Roger Trudel & Jennifer Trudel)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor Corp.) C:\Users\Roger Trudel\AppData\Local\temp\RtkBtMnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5296128 2008-03-11] (Realtek Semiconductor)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [Google Update] => C:\Users\Roger Trudel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-08] (Google Inc.)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PHOTOS~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
GroupPolicyUsers\S-1-5-21-2394636743-4037641282-260643174-1001\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03] (HiTRUST)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05] (Egis Incorporated.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File []
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll [2014-11-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2008-11-23] (BitTorrent, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\Roger Trudel\Program Files\DNA\plugins\npbtdna.dll [2008-11-23] (BitTorrent, Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Roger Trudel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-31]
FF HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Roger Trudel\Program Files\DNA
FF Extension: DNA - C:\Users\Roger Trudel\Program Files\DNA [2008-11-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Linkclump) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2013-01-11]
CHR Extension: (Google Wallet) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Profile: C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-21]
CHR Extension: (Google Search) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-21]
CHR Extension: (Google Wallet) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12]
CHR Extension: (Gmail) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Jennifer Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [497712 2008-03-05] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [163840 2007-05-16] (acer) [File not signed]
S4 LexBceS; C:\Windows\System32\LEXBCES.EXE [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)
S4 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63448 2009-12-30] (Lexar Media, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-21] (NewTech Infosystems, Inc.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-31] () [File not signed]
S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [38656 2007-11-20] (Service & Quality Technology.) [File not signed]
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [242139 2006-11-15] (Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-06-27] (Syntek America Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslf1674c66; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68C3044A-4587-4920-B915-B8EBBACB8E76}\MpKslf1674c66.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 18:32 - 2015-03-26 18:32 - 00000872 _____ () C:\Users\Roger Trudel\Desktop\JRT.txt
2015-03-26 17:37 - 2015-03-26 17:37 - 01388782 _____ (Thisisu) C:\Users\Roger Trudel\Desktop\JRT.exe
2015-03-26 17:36 - 2015-03-26 17:37 - 01388782 _____ (Thisisu) C:\Users\Roger Trudel\Downloads\JRT.exe
2015-03-26 17:17 - 2015-03-26 17:23 - 00000000 ____D () C:\AdwCleaner
2015-03-26 17:16 - 2015-03-26 17:16 - 02168320 _____ () C:\Users\Roger Trudel\Downloads\AdwCleaner.exe
2015-03-26 17:16 - 2015-03-26 17:16 - 02168320 _____ () C:\Users\Roger Trudel\Desktop\AdwCleaner.exe
2015-03-25 21:15 - 2015-03-25 21:16 - 00041208 _____ () C:\Users\Roger Trudel\Desktop\Addition.txt
2015-03-25 21:14 - 2015-03-26 18:36 - 00015747 _____ () C:\Users\Roger Trudel\Desktop\FRST.txt
2015-03-25 21:14 - 2015-03-26 18:36 - 00000000 ____D () C:\FRST
2015-03-25 21:12 - 2015-03-25 21:12 - 01135104 _____ (Farbar) C:\Users\Roger Trudel\Desktop\FRST.exe
2015-03-25 21:11 - 2015-03-25 21:12 - 01135104 _____ (Farbar) C:\Users\Roger Trudel\Downloads\FRST.exe
2015-03-25 07:36 - 2015-03-26 17:25 - 00002976 _____ () C:\Windows\PFRO.log
2015-03-24 14:52 - 2015-03-24 14:58 - 00004885 _____ () C:\Users\Roger Trudel\Downloads\hijackthis.log
2015-03-24 14:50 - 2015-03-24 14:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Roger Trudel\Downloads\HijackThis.exe
2015-03-22 00:05 - 2015-03-22 00:05 - 00001339 _____ () C:\Users\Roger Trudel\Documents\raptors roster for fantasy basketball.txt
2015-03-21 21:00 - 2015-03-24 20:57 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\Cori's 9th Bday
2015-03-12 16:18 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 16:17 - 2015-02-25 20:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 16:17 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 16:03 - 2015-02-25 22:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 16:03 - 2015-02-25 22:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 16:03 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 16:03 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 16:03 - 2015-01-08 22:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 16:03 - 2015-01-08 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 16:02 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 16:01 - 2015-03-06 00:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 16:01 - 2014-10-12 21:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 16:00 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 15:58 - 2015-02-21 13:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 15:58 - 2015-02-21 13:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 15:58 - 2015-02-21 13:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-12 15:58 - 2015-02-21 13:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-12 15:57 - 2015-02-21 13:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 15:57 - 2015-02-21 13:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 15:57 - 2015-02-21 13:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 15:57 - 2015-02-21 13:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 15:57 - 2015-02-21 13:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 15:57 - 2015-02-21 13:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 15:57 - 2015-02-21 13:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-12 15:57 - 2015-02-21 13:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 15:57 - 2015-02-21 13:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 15:57 - 2015-02-21 13:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-12 15:57 - 2015-02-21 13:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 23:54 - 2015-03-26 07:48 - 00642048 _____ () C:\Users\Jennifer Trudel\Desktop\March 2015.xls
2015-02-28 01:11 - 2015-02-28 13:17 - 00000000 ____D () C:\Users\Roger Trudel\Desktop\NorthBay Battalion
2015-02-24 19:28 - 2015-02-28 15:57 - 00000503 _____ () C:\Users\Roger Trudel\Documents\Cori Book Report Shoebox.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-26 18:28 - 2008-11-17 11:32 - 01856280 _____ () C:\Windows\WindowsUpdate.log
2015-03-26 18:24 - 2014-09-30 20:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-26 18:24 - 2012-07-05 17:26 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001UA.job
2015-03-26 17:51 - 2012-06-16 08:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-26 17:43 - 2012-08-08 09:57 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000UA.job
2015-03-26 17:31 - 2006-11-02 06:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-26 17:25 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-26 17:25 - 2006-11-02 08:45 - 00003344 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-26 17:25 - 2006-11-02 08:45 - 00003344 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-26 17:23 - 2006-11-02 08:58 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-25 19:43 - 2012-08-08 09:57 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000Core.job
2015-03-25 17:04 - 2015-01-22 22:25 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\Moms 65th
2015-03-24 10:24 - 2012-07-05 17:25 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001Core.job
2015-03-20 18:25 - 2008-11-16 23:52 - 00144384 _____ () C:\Users\Roger Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 18:18 - 2008-11-23 14:49 - 00033792 _____ () C:\Users\Jennifer Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 10:38 - 2012-01-10 19:58 - 00068096 _____ () C:\Users\Jennifer Trudel\Desktop\Books.xls
2015-03-17 14:49 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2015-03-12 16:40 - 2006-11-02 08:44 - 00298752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 16:17 - 2013-07-11 08:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 16:04 - 2006-11-02 06:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-10 10:57 - 2009-03-29 10:33 - 00000032 _____ () C:\Windows\actval.ini
2015-03-03 09:16 - 2009-10-09 18:52 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-03 08:15 - 2015-02-02 21:52 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\DietBet
 
==================== Files in the root of some directories =======
 
2010-04-01 21:19 - 2010-04-01 21:19 - 0000000 _____ () C:\Users\Roger Trudel\AppData\Roaming\wklnhst.dat
2011-06-07 19:31 - 2011-06-07 19:31 - 0000680 _____ () C:\Users\Roger Trudel\AppData\Local\d3d9caps.dat
2008-11-16 23:52 - 2015-03-20 18:25 - 0144384 _____ () C:\Users\Roger Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-12-20 16:31 - 2008-12-20 16:33 - 0015800 _____ () C:\Users\Roger Trudel\AppData\Local\imageCache.db
2009-12-30 19:49 - 2010-09-30 21:39 - 0011021 _____ () C:\ProgramData\hpzinstall.log
2008-11-18 16:24 - 2013-11-27 13:51 - 0000020 ____H () C:\ProgramData\PKP_DLea.DAT
 
Some content of TEMP:
====================
C:\Users\Jennifer Trudel\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Jennifer Trudel\AppData\Local\temp\SkypeSetup.exe
C:\Users\Roger Trudel\AppData\Local\temp\Quarantine.exe
C:\Users\Roger Trudel\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Roger Trudel\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-26 17:33
 
==================== End Of Log ============================


#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:54 PM

Posted 27 March 2015 - 08:13 AM

Hey,
well done. :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    GroupPolicyUsers\S-1-5-21-2394636743-4037641282-260643174-1001\User: Group Policy restriction detected <======= ATTENTION
    HKU\S-1-5-21-2394636743-4037641282-260643174-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File []
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File []
    Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 27 March 2015 - 06:47 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Roger Trudel (administrator) on ROGERTRUDEL-PC on 27-03-2015 17:38:24
Running from C:\Users\Roger Trudel\Desktop
Loaded Profiles: Roger Trudel (Available profiles: Roger Trudel & Jennifer Trudel)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Realtek Semiconductor Corp.) C:\Users\Roger Trudel\AppData\Local\temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5296128 2008-03-11] (Realtek Semiconductor)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [Google Update] => C:\Users\Roger Trudel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-08] (Google Inc.)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PHOTOS~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
GroupPolicyUsers\S-1-5-21-2394636743-4037641282-260643174-1001\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03] (HiTRUST)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05] (Egis Incorporated.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File []
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll [2014-11-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2008-11-23] (BitTorrent, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\Roger Trudel\Program Files\DNA\plugins\npbtdna.dll [2008-11-23] (BitTorrent, Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Roger Trudel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-31]
FF HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Roger Trudel\Program Files\DNA
FF Extension: DNA - C:\Users\Roger Trudel\Program Files\DNA [2008-11-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Linkclump) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2013-01-11]
CHR Extension: (Google Wallet) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Profile: C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-21]
CHR Extension: (Google Search) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-21]
CHR Extension: (Google Wallet) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12]
CHR Extension: (Gmail) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Jennifer Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [497712 2008-03-05] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [163840 2007-05-16] (acer) [File not signed]
S4 LexBceS; C:\Windows\System32\LEXBCES.EXE [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)
S4 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63448 2009-12-30] (Lexar Media, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-21] (NewTech Infosystems, Inc.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-31] () [File not signed]
S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [38656 2007-11-20] (Service & Quality Technology.) [File not signed]
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [242139 2006-11-15] (Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-06-27] (Syntek America Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslf1674c66; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68C3044A-4587-4920-B915-B8EBBACB8E76}\MpKslf1674c66.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 17:06 - 2015-03-27 17:06 - 00000846 _____ () C:\Users\Roger Trudel\Desktop\Fixlist.txt
2015-03-26 18:32 - 2015-03-26 18:32 - 00000872 _____ () C:\Users\Roger Trudel\Desktop\JRT.txt
2015-03-26 17:37 - 2015-03-26 17:37 - 01388782 _____ (Thisisu) C:\Users\Roger Trudel\Desktop\JRT.exe
2015-03-26 17:36 - 2015-03-26 17:37 - 01388782 _____ (Thisisu) C:\Users\Roger Trudel\Downloads\JRT.exe
2015-03-26 17:17 - 2015-03-26 17:23 - 00000000 ____D () C:\AdwCleaner
2015-03-26 17:16 - 2015-03-26 17:16 - 02168320 _____ () C:\Users\Roger Trudel\Downloads\AdwCleaner.exe
2015-03-26 17:16 - 2015-03-26 17:16 - 02168320 _____ () C:\Users\Roger Trudel\Desktop\AdwCleaner.exe
2015-03-25 21:15 - 2015-03-25 21:16 - 00041208 _____ () C:\Users\Roger Trudel\Desktop\Addition.txt
2015-03-25 21:14 - 2015-03-27 17:38 - 00015628 _____ () C:\Users\Roger Trudel\Desktop\FRST.txt
2015-03-25 21:14 - 2015-03-27 17:38 - 00000000 ____D () C:\FRST
2015-03-25 21:12 - 2015-03-25 21:12 - 01135104 _____ (Farbar) C:\Users\Roger Trudel\Desktop\FRST.exe
2015-03-25 21:11 - 2015-03-25 21:12 - 01135104 _____ (Farbar) C:\Users\Roger Trudel\Downloads\FRST.exe
2015-03-25 07:36 - 2015-03-27 15:59 - 00004308 _____ () C:\Windows\PFRO.log
2015-03-24 14:52 - 2015-03-24 14:58 - 00004885 _____ () C:\Users\Roger Trudel\Downloads\hijackthis.log
2015-03-24 14:50 - 2015-03-24 14:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Roger Trudel\Downloads\HijackThis.exe
2015-03-22 00:05 - 2015-03-22 00:05 - 00001339 _____ () C:\Users\Roger Trudel\Documents\raptors roster for fantasy basketball.txt
2015-03-21 21:00 - 2015-03-24 20:57 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\Cori's 9th Bday
2015-03-12 16:18 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 16:17 - 2015-02-25 20:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 16:17 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 16:03 - 2015-02-25 22:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 16:03 - 2015-02-25 22:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 16:03 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 16:03 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 16:03 - 2015-01-08 22:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 16:03 - 2015-01-08 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 16:02 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 16:01 - 2015-03-06 00:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 16:01 - 2014-10-12 21:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 16:00 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 15:58 - 2015-02-21 13:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 15:58 - 2015-02-21 13:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 15:58 - 2015-02-21 13:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-12 15:58 - 2015-02-21 13:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-12 15:57 - 2015-02-21 13:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 15:57 - 2015-02-21 13:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 15:57 - 2015-02-21 13:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 15:57 - 2015-02-21 13:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 15:57 - 2015-02-21 13:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 15:57 - 2015-02-21 13:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 15:57 - 2015-02-21 13:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-12 15:57 - 2015-02-21 13:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 15:57 - 2015-02-21 13:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 15:57 - 2015-02-21 13:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-12 15:57 - 2015-02-21 13:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 23:54 - 2015-03-26 07:48 - 00642048 _____ () C:\Users\Jennifer Trudel\Desktop\March 2015.xls
2015-02-28 01:11 - 2015-02-28 13:17 - 00000000 ____D () C:\Users\Roger Trudel\Desktop\NorthBay Battalion
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 17:36 - 2008-11-17 11:32 - 02076112 _____ () C:\Windows\WindowsUpdate.log
2015-03-27 17:23 - 2012-07-05 17:26 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001UA.job
2015-03-27 16:51 - 2012-06-16 08:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-27 16:44 - 2012-08-08 09:57 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000UA.job
2015-03-27 16:06 - 2006-11-02 06:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-27 16:00 - 2006-11-02 08:45 - 00003344 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-27 15:59 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-27 15:59 - 2006-11-02 08:45 - 00003344 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-27 10:33 - 2006-11-02 08:58 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-26 19:43 - 2012-08-08 09:57 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000Core.job
2015-03-26 18:24 - 2014-09-30 20:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 17:04 - 2015-01-22 22:25 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\Moms 65th
2015-03-24 10:24 - 2012-07-05 17:25 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001Core.job
2015-03-20 18:25 - 2008-11-16 23:52 - 00144384 _____ () C:\Users\Roger Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 18:18 - 2008-11-23 14:49 - 00033792 _____ () C:\Users\Jennifer Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 10:38 - 2012-01-10 19:58 - 00068096 _____ () C:\Users\Jennifer Trudel\Desktop\Books.xls
2015-03-17 14:49 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2015-03-12 16:40 - 2006-11-02 08:44 - 00298752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 16:17 - 2013-07-11 08:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 16:04 - 2006-11-02 06:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-10 10:57 - 2009-03-29 10:33 - 00000032 _____ () C:\Windows\actval.ini
2015-03-03 09:16 - 2009-10-09 18:52 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-03 08:15 - 2015-02-02 21:52 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\DietBet
2015-02-28 15:57 - 2015-02-24 19:28 - 00000503 _____ () C:\Users\Roger Trudel\Documents\Cori Book Report Shoebox.txt
 
==================== Files in the root of some directories =======
 
2010-04-01 21:19 - 2010-04-01 21:19 - 0000000 _____ () C:\Users\Roger Trudel\AppData\Roaming\wklnhst.dat
2011-06-07 19:31 - 2011-06-07 19:31 - 0000680 _____ () C:\Users\Roger Trudel\AppData\Local\d3d9caps.dat
2008-11-16 23:52 - 2015-03-20 18:25 - 0144384 _____ () C:\Users\Roger Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-12-20 16:31 - 2008-12-20 16:33 - 0015800 _____ () C:\Users\Roger Trudel\AppData\Local\imageCache.db
2009-12-30 19:49 - 2010-09-30 21:39 - 0011021 _____ () C:\ProgramData\hpzinstall.log
2008-11-18 16:24 - 2013-11-27 13:51 - 0000020 ____H () C:\ProgramData\PKP_DLea.DAT
 
Some content of TEMP:
====================
C:\Users\Jennifer Trudel\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Jennifer Trudel\AppData\Local\temp\SkypeSetup.exe
C:\Users\Roger Trudel\AppData\Local\temp\Quarantine.exe
C:\Users\Roger Trudel\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Roger Trudel\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-27 16:08
 
==================== End Of Log ============================
 
 
 
ESETlog
 
C:\Program Files\Free mp3 Wma Converter\Helper.dll a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application deleted - quarantined
C:\Users\Roger Trudel\Downloads\FreeMp3WmaConverterSetup-r100-w.exe Win32/Toolbar.SearchSuite potentially unwanted application deleted - quarantined
 

Computer seems to be running better



#9 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:54 PM

Posted 28 March 2015 - 07:45 AM

You haven't done Step 1 I wonder.

Please redo Step 1 & 2.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#10 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 28 March 2015 - 10:46 AM

I did and just did it again....I'm wondering if maybe the notepad file has to be created in my downloads folder instead of desktop? because it (FRST) originally got saved in download folder then I dragged it to desktop and then ran everything.  anyhow check below and see if it took this time.  Tks Roger
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Roger Trudel (administrator) on ROGERTRUDEL-PC on 28-03-2015 11:40:20
Running from C:\Users\Roger Trudel\Desktop
Loaded Profiles: Roger Trudel & Jennifer Trudel (Available profiles: Roger Trudel & Jennifer Trudel)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Realtek Semiconductor Corp.) C:\Users\Roger Trudel\AppData\Local\temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Realtek Semiconductor Corp.) C:\Users\Jennifer Trudel\AppData\Local\temp\RtkBtMnt.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5296128 2008-03-11] (Realtek Semiconductor)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [Google Update] => C:\Users\Roger Trudel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-08] (Google Inc.)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PHOTOS~1.SCR
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\Run: [Google Update] => "C:\Users\Jennifer Trudel\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\MountPoints2: {6d368012-f26b-11de-8f99-a7ea48ecc468} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\launcher.exe
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\...\MountPoints2: {80bd30b5-ef4b-11df-9f85-ed2166718a28} - F:\DPFMate.exe
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [879616 2008-01-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
GroupPolicyUsers\S-1-5-21-2394636743-4037641282-260643174-1001\User: Group Policy restriction detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.ca/
HKU\S-1-5-21-2394636743-4037641282-260643174-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
URLSearchHook: HKU\S-1-5-21-2394636743-4037641282-260643174-1001 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03] (HiTRUST)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05] (Egis Incorporated.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File []
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File []
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll [2014-11-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2008-11-23] (BitTorrent, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\Roger Trudel\Program Files\DNA\plugins\npbtdna.dll [2008-11-23] (BitTorrent, Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Roger Trudel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jennifer Trudel\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-11-14] (Citrix Online)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jennifer Trudel\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-31]
FF HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Roger Trudel\Program Files\DNA
FF Extension: DNA - C:\Users\Roger Trudel\Program Files\DNA [2008-11-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Linkclump) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2013-01-11]
CHR Extension: (Google Wallet) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Profile: C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-21]
CHR Extension: (Google Search) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-21]
CHR Extension: (Google Wallet) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12]
CHR Extension: (Gmail) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Jennifer Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [497712 2008-03-05] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [163840 2007-05-16] (acer) [File not signed]
S4 LexBceS; C:\Windows\System32\LEXBCES.EXE [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)
S4 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63448 2009-12-30] (Lexar Media, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-21] (NewTech Infosystems, Inc.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-31] () [File not signed]
S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [38656 2007-11-20] (Service & Quality Technology.) [File not signed]
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [242139 2006-11-15] (Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-06-27] (Syntek America Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslf1674c66; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68C3044A-4587-4920-B915-B8EBBACB8E76}\MpKslf1674c66.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 17:46 - 2015-03-27 17:46 - 00000000 ____D () C:\Program Files\ESET
2015-03-27 17:06 - 2015-03-28 11:38 - 00000846 _____ () C:\Users\Roger Trudel\Desktop\Fixlist.txt
2015-03-26 18:32 - 2015-03-26 18:32 - 00000872 _____ () C:\Users\Roger Trudel\Desktop\JRT.txt
2015-03-26 17:37 - 2015-03-26 17:37 - 01388782 _____ (Thisisu) C:\Users\Roger Trudel\Desktop\JRT.exe
2015-03-26 17:36 - 2015-03-26 17:37 - 01388782 _____ (Thisisu) C:\Users\Roger Trudel\Downloads\JRT.exe
2015-03-26 17:17 - 2015-03-26 17:23 - 00000000 ____D () C:\AdwCleaner
2015-03-26 17:16 - 2015-03-26 17:16 - 02168320 _____ () C:\Users\Roger Trudel\Downloads\AdwCleaner.exe
2015-03-26 17:16 - 2015-03-26 17:16 - 02168320 _____ () C:\Users\Roger Trudel\Desktop\AdwCleaner.exe
2015-03-25 21:15 - 2015-03-25 21:16 - 00041208 _____ () C:\Users\Roger Trudel\Desktop\Addition.txt
2015-03-25 21:14 - 2015-03-28 11:40 - 00018573 _____ () C:\Users\Roger Trudel\Desktop\FRST.txt
2015-03-25 21:14 - 2015-03-28 11:40 - 00000000 ____D () C:\FRST
2015-03-25 21:12 - 2015-03-25 21:12 - 01135104 _____ (Farbar) C:\Users\Roger Trudel\Desktop\FRST.exe
2015-03-25 21:11 - 2015-03-25 21:12 - 01135104 _____ (Farbar) C:\Users\Roger Trudel\Downloads\FRST.exe
2015-03-25 07:36 - 2015-03-28 10:04 - 00005514 _____ () C:\Windows\PFRO.log
2015-03-24 14:52 - 2015-03-24 14:58 - 00004885 _____ () C:\Users\Roger Trudel\Downloads\hijackthis.log
2015-03-24 14:50 - 2015-03-24 14:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Roger Trudel\Downloads\HijackThis.exe
2015-03-22 00:05 - 2015-03-22 00:05 - 00001339 _____ () C:\Users\Roger Trudel\Documents\raptors roster for fantasy basketball.txt
2015-03-21 21:00 - 2015-03-24 20:57 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\Cori's 9th Bday
2015-03-12 16:18 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 16:17 - 2015-02-25 20:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 16:17 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 16:03 - 2015-02-25 22:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 16:03 - 2015-02-25 22:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 16:03 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 16:03 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 16:03 - 2015-01-08 22:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 16:03 - 2015-01-08 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 16:02 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 16:01 - 2015-03-06 00:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 16:01 - 2014-10-12 21:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 16:00 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 15:58 - 2015-02-21 13:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 15:58 - 2015-02-21 13:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 15:58 - 2015-02-21 13:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-12 15:58 - 2015-02-21 13:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-12 15:57 - 2015-02-21 13:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 15:57 - 2015-02-21 13:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 15:57 - 2015-02-21 13:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 15:57 - 2015-02-21 13:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 15:57 - 2015-02-21 13:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 15:57 - 2015-02-21 13:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 15:57 - 2015-02-21 13:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-12 15:57 - 2015-02-21 13:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 15:57 - 2015-02-21 13:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 15:57 - 2015-02-21 13:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-12 15:57 - 2015-02-21 13:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 23:54 - 2015-03-26 07:48 - 00642048 _____ () C:\Users\Jennifer Trudel\Desktop\March 2015.xls
2015-02-28 01:11 - 2015-02-28 13:17 - 00000000 ____D () C:\Users\Roger Trudel\Desktop\NorthBay Battalion
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-28 11:24 - 2012-07-05 17:26 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001UA.job
2015-03-28 10:52 - 2008-11-17 11:32 - 01073451 _____ () C:\Windows\WindowsUpdate.log
2015-03-28 10:51 - 2012-06-16 08:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-28 10:43 - 2012-08-08 09:57 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000UA.job
2015-03-28 10:24 - 2012-07-05 17:25 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001Core.job
2015-03-28 10:09 - 2006-11-02 06:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-28 10:05 - 2006-11-02 08:45 - 00003344 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-28 10:05 - 2006-11-02 08:45 - 00003344 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-28 10:04 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-28 08:36 - 2006-11-02 08:58 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-27 19:43 - 2012-08-08 09:57 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000Core.job
2015-03-27 19:34 - 2013-03-29 09:00 - 00000000 ____D () C:\Program Files\Free mp3 Wma Converter
2015-03-26 18:24 - 2014-09-30 20:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 17:04 - 2015-01-22 22:25 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\Moms 65th
2015-03-20 18:25 - 2008-11-16 23:52 - 00144384 _____ () C:\Users\Roger Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 18:18 - 2008-11-23 14:49 - 00033792 _____ () C:\Users\Jennifer Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 10:38 - 2012-01-10 19:58 - 00068096 _____ () C:\Users\Jennifer Trudel\Desktop\Books.xls
2015-03-17 14:49 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2015-03-12 16:40 - 2006-11-02 08:44 - 00298752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 16:17 - 2013-07-11 08:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 16:04 - 2006-11-02 06:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-10 10:57 - 2009-03-29 10:33 - 00000032 _____ () C:\Windows\actval.ini
2015-03-03 09:16 - 2009-10-09 18:52 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-03 08:15 - 2015-02-02 21:52 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\DietBet
2015-02-28 15:57 - 2015-02-24 19:28 - 00000503 _____ () C:\Users\Roger Trudel\Documents\Cori Book Report Shoebox.txt
 
==================== Files in the root of some directories =======
 
2010-04-01 21:19 - 2010-04-01 21:19 - 0000000 _____ () C:\Users\Roger Trudel\AppData\Roaming\wklnhst.dat
2011-06-07 19:31 - 2011-06-07 19:31 - 0000680 _____ () C:\Users\Roger Trudel\AppData\Local\d3d9caps.dat
2008-11-16 23:52 - 2015-03-20 18:25 - 0144384 _____ () C:\Users\Roger Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-12-20 16:31 - 2008-12-20 16:33 - 0015800 _____ () C:\Users\Roger Trudel\AppData\Local\imageCache.db
2009-12-30 19:49 - 2010-09-30 21:39 - 0011021 _____ () C:\ProgramData\hpzinstall.log
2008-11-18 16:24 - 2013-11-27 13:51 - 0000020 ____H () C:\ProgramData\PKP_DLea.DAT
 
Some content of TEMP:
====================
C:\Users\Jennifer Trudel\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Jennifer Trudel\AppData\Local\temp\SkypeSetup.exe
C:\Users\Roger Trudel\AppData\Local\temp\Quarantine.exe
C:\Users\Roger Trudel\AppData\Local\temp\RtkBtMnt.exe
C:\Users\Roger Trudel\AppData\Local\temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-28 10:20
 
==================== End Of Log ============================


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:54 PM

Posted 28 March 2015 - 08:09 PM

Then please drag the Fixlist from the downloads folder to your Desktop. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 29 March 2015 - 10:55 AM

Hi Mach    dummy me didn't see the (HIT FIX )  so that's why the fixlist text file didn't do anything..all good now..
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Roger Trudel at 2015-03-29 11:44:00 Run:1
Running from C:\Users\Roger Trudel\Desktop
Loaded Profiles: Roger Trudel (Available profiles: Roger Trudel & Jennifer Trudel)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
GroupPolicyUsers\S-1-5-21-2394636743-4037641282-260643174-1001\User: Group Policy restriction detected <======= ATTENTION
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File []
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File []
Winsock: Catalog5 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
EmptyTemp:
*****************
 
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2394636743-4037641282-260643174-1001\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKU\S-1-5-21-2394636743-4037641282-260643174-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCR\PROTOCOLS\Handler\dssrequest" => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found. 
"HKCR\PROTOCOLS\Handler\sacore" => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found. 
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
EmptyTemp: => Removed 657.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 11:47:17 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Roger Trudel (administrator) on ROGERTRUDEL-PC on 29-03-2015 11:53:10
Running from C:\Users\Roger Trudel\Desktop
Loaded Profiles: Roger Trudel (Available profiles: Roger Trudel & Jennifer Trudel)
Platform: Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Egis Incorporated) C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Acer Inc.) C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
(Acer Inc.) C:\Acer\Empowering Technology\eNet\eNet Service.exe
() C:\Acer\Mobility Center\MobilityService.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
() C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
(acer) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Realtek Semiconductor Corp.) C:\Users\Roger Trudel\AppData\Local\temp\RtkBtMnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Roger Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5296128 2008-03-11] (Realtek Semiconductor)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [Google Update] => C:\Users\Roger Trudel\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-08] (Google Inc.)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PHOTOS~1.SCR
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Incorporated)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.ca.acer.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2394636743-4037641282-260643174-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2394636743-4037641282-260643174-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://ca.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-01-03] (HiTRUST)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05] (Egis Incorporated.)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll [2014-11-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin: @bittorrent.com/BitTorrentDNA -> C:\Program Files\DNA\plugins\npbtdna.dll [2008-11-23] (BitTorrent, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=8 -> C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @bittorrent.com/BitTorrentDNA -> C:\Users\Roger Trudel\Program Files\DNA\plugins\npbtdna.dll [2008-11-23] (BitTorrent, Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Roger Trudel\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-2394636743-4037641282-260643174-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Roger Trudel\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-02-20] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-01-31]
FF HKU\S-1-5-21-2394636743-4037641282-260643174-1000\...\Firefox\Extensions: [{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}] - C:\Users\Roger Trudel\Program Files\DNA
FF Extension: DNA - C:\Users\Roger Trudel\Program Files\DNA [2008-11-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-11]
CHR Extension: (Linkclump) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2013-01-11]
CHR Extension: (Google Wallet) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Profile: C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-12]
CHR Extension: (YouTube) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-21]
CHR Extension: (Google Search) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-21]
CHR Extension: (Google Wallet) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12]
CHR Extension: (Gmail) - C:\Users\Roger Trudel\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Jennifer Trudel\AppData\Local\Google\Chrome\Application\chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [497712 2008-03-05] (Egis Incorporated)
R2 eLockService; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [24576 2007-10-01] (Acer Inc.) [File not signed]
R2 eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [131072 2007-12-20] (Acer Inc.) [File not signed]
R2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.) [File not signed]
R2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] () [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S4 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S4 LxrSII1s; C:\Windows\system32\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.) [File not signed]
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-11-27] () [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2006-05-24] (Syntek America Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
R2 WMIService; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [163840 2007-05-16] (acer) [File not signed]
S4 LexBceS; C:\Windows\System32\LEXBCES.EXE [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
R2 int15; C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-03] (Acer, Inc.)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [21504 2011-12-19] (http://libusb-win32.sourceforge.net)
S4 LxrSII1d; C:\Windows\System32\Drivers\LxrSII1d.sys [63448 2009-12-30] (Lexar Media, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R3 NTIDrvr; C:\Windows\System32\DRIVERS\NTIDrvr.sys [6144 2008-03-21] (NewTech Infosystems, Inc.) [File not signed]
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-31] () [File not signed]
S3 SQTECH905C; C:\Windows\System32\Drivers\Capt905c.sys [38656 2007-11-20] (Service & Quality Technology.) [File not signed]
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [242139 2006-11-15] (Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2006-06-27] (Syntek America Inc.) [File not signed]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 MpKslf1674c66; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{68C3044A-4587-4920-B915-B8EBBACB8E76}\MpKslf1674c66.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-27 17:46 - 2015-03-27 17:46 - 00000000 ____D () C:\Program Files\ESET
2015-03-26 18:32 - 2015-03-26 18:32 - 00000872 _____ () C:\Users\Roger Trudel\Desktop\JRT.txt
2015-03-26 17:37 - 2015-03-26 17:37 - 01388782 _____ (Thisisu) C:\Users\Roger Trudel\Desktop\JRT.exe
2015-03-26 17:17 - 2015-03-26 17:23 - 00000000 ____D () C:\AdwCleaner
2015-03-26 17:16 - 2015-03-26 17:16 - 02168320 _____ () C:\Users\Roger Trudel\Desktop\AdwCleaner.exe
2015-03-25 21:15 - 2015-03-25 21:16 - 00041208 _____ () C:\Users\Roger Trudel\Desktop\Addition.txt
2015-03-25 21:14 - 2015-03-29 11:53 - 00015009 _____ () C:\Users\Roger Trudel\Desktop\FRST.txt
2015-03-25 21:14 - 2015-03-29 11:53 - 00000000 ____D () C:\FRST
2015-03-25 21:12 - 2015-03-25 21:12 - 01135104 _____ (Farbar) C:\Users\Roger Trudel\Desktop\FRST.exe
2015-03-25 07:36 - 2015-03-29 11:48 - 00006840 _____ () C:\Windows\PFRO.log
2015-03-24 14:52 - 2015-03-24 14:58 - 00004885 _____ () C:\Users\Roger Trudel\Downloads\hijackthis.log
2015-03-24 14:50 - 2015-03-24 14:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Roger Trudel\Downloads\HijackThis.exe
2015-03-22 00:05 - 2015-03-22 00:05 - 00001339 _____ () C:\Users\Roger Trudel\Documents\raptors roster for fantasy basketball.txt
2015-03-21 21:00 - 2015-03-24 20:57 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\Cori's 9th Bday
2015-03-12 16:18 - 2015-01-28 21:35 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 16:17 - 2015-02-25 20:18 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 16:17 - 2015-01-28 21:35 - 00975360 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 16:03 - 2015-02-25 22:01 - 03604408 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 16:03 - 2015-02-25 22:01 - 03552184 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 16:03 - 2015-02-19 22:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 16:03 - 2015-02-19 20:28 - 00296960 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 16:03 - 2015-01-08 22:04 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 16:03 - 2015-01-08 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 16:02 - 2015-01-20 22:02 - 00807936 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 16:01 - 2015-03-06 00:01 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 16:01 - 2014-10-12 21:12 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-12 16:00 - 2015-02-17 22:02 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 15:58 - 2015-02-21 13:22 - 01139200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 15:58 - 2015-02-21 13:19 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 15:58 - 2015-02-21 13:18 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-03-12 15:58 - 2015-02-21 13:18 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-03-12 15:57 - 2015-02-21 13:37 - 12375040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 15:57 - 2015-02-21 13:34 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-12 15:57 - 2015-02-21 13:29 - 09747968 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 15:57 - 2015-02-21 13:28 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 15:57 - 2015-02-21 13:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 15:57 - 2015-02-21 13:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 15:57 - 2015-02-21 13:20 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-03-12 15:57 - 2015-02-21 13:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 01803264 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 15:57 - 2015-02-21 13:19 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 15:57 - 2015-02-21 13:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 15:57 - 2015-02-21 13:18 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 15:57 - 2015-02-21 13:18 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-03-12 15:57 - 2015-02-21 13:17 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 23:54 - 2015-03-26 07:48 - 00642048 _____ () C:\Users\Jennifer Trudel\Desktop\March 2015.xls
2015-02-28 01:11 - 2015-02-28 13:17 - 00000000 ____D () C:\Users\Roger Trudel\Desktop\NorthBay Battalion
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-29 11:51 - 2012-06-16 08:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-29 11:49 - 2014-10-22 19:50 - 00000008 __RSH () C:\Users\Roger Trudel\ntuser.pol
2015-03-29 11:49 - 2008-11-16 08:46 - 00000000 ____D () C:\Users\Roger Trudel
2015-03-29 11:48 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-29 11:48 - 2006-11-02 08:45 - 00003344 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-29 11:48 - 2006-11-02 08:45 - 00003344 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-29 11:47 - 2008-11-17 11:32 - 01123465 _____ () C:\Windows\WindowsUpdate.log
2015-03-29 11:47 - 2006-11-02 08:58 - 00032540 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-29 11:44 - 2006-11-02 07:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-29 11:43 - 2012-08-08 09:57 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000UA.job
2015-03-29 11:39 - 2006-11-02 06:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-29 10:24 - 2012-07-05 17:26 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001UA.job
2015-03-29 10:24 - 2012-07-05 17:25 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1001Core.job
2015-03-27 19:43 - 2012-08-08 09:57 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2394636743-4037641282-260643174-1000Core.job
2015-03-27 19:34 - 2013-03-29 09:00 - 00000000 ____D () C:\Program Files\Free mp3 Wma Converter
2015-03-26 18:24 - 2014-09-30 20:35 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 17:04 - 2015-01-22 22:25 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\Moms 65th
2015-03-20 18:25 - 2008-11-16 23:52 - 00144384 _____ () C:\Users\Roger Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 18:18 - 2008-11-23 14:49 - 00033792 _____ () C:\Users\Jennifer Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-20 10:38 - 2012-01-10 19:58 - 00068096 _____ () C:\Users\Jennifer Trudel\Desktop\Books.xls
2015-03-17 14:49 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2015-03-12 16:40 - 2006-11-02 08:44 - 00298752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 16:17 - 2013-07-11 08:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 16:04 - 2006-11-02 06:24 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-03-10 10:57 - 2009-03-29 10:33 - 00000032 _____ () C:\Windows\actval.ini
2015-03-03 09:16 - 2009-10-09 18:52 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-03 08:15 - 2015-02-02 21:52 - 00000000 ____D () C:\Users\Jennifer Trudel\Desktop\DietBet
2015-02-28 15:57 - 2015-02-24 19:28 - 00000503 _____ () C:\Users\Roger Trudel\Documents\Cori Book Report Shoebox.txt
 
==================== Files in the root of some directories =======
 
2010-04-01 21:19 - 2010-04-01 21:19 - 0000000 _____ () C:\Users\Roger Trudel\AppData\Roaming\wklnhst.dat
2011-06-07 19:31 - 2011-06-07 19:31 - 0000680 _____ () C:\Users\Roger Trudel\AppData\Local\d3d9caps.dat
2008-11-16 23:52 - 2015-03-20 18:25 - 0144384 _____ () C:\Users\Roger Trudel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-12-20 16:31 - 2008-12-20 16:33 - 0015800 _____ () C:\Users\Roger Trudel\AppData\Local\imageCache.db
2009-12-30 19:49 - 2010-09-30 21:39 - 0011021 _____ () C:\ProgramData\hpzinstall.log
2008-11-18 16:24 - 2013-11-27 13:51 - 0000020 ____H () C:\ProgramData\PKP_DLea.DAT
 
Some content of TEMP:
====================
C:\Users\Roger Trudel\AppData\Local\temp\RtkBtMnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-29 11:42
 
==================== End Of Log ============================


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:54 PM

Posted 29 March 2015 - 06:07 PM

Hello,
in my opinion your PC is clean. :) If you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 luckyrabbit

luckyrabbit
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 29 March 2015 - 07:49 PM

# DelFix v10.9 - Logfile created 29/03/2015 at 20:47:39
# Updated 27/02/2015 by Xplode
# Username : Roger Trudel - ROGERTRUDEL-PC
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\32788R22FWJFW
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Roger Trudel\Desktop\Addition.txt
Deleted : C:\Users\Roger Trudel\Desktop\AdwCleaner.exe
Deleted : C:\Users\Roger Trudel\Desktop\Fixlog.txt
Deleted : C:\Users\Roger Trudel\Desktop\FRST.exe
Deleted : C:\Users\Roger Trudel\Desktop\FRST.txt
Deleted : C:\Users\Roger Trudel\Desktop\JRT.exe
Deleted : C:\Users\Roger Trudel\Desktop\JRT.txt
Deleted : C:\Users\Roger Trudel\Downloads\HijackThis.exe
Deleted : C:\Users\Roger Trudel\Downloads\hijackthis.log
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #2430 [Windows Update | 03/23/2015 21:09:32]
Deleted : RP #2431 [Scheduled Checkpoint | 03/25/2015 21:37:59]
Deleted : RP #2432 [Scheduled Checkpoint | 03/27/2015 01:15:34]
Deleted : RP #2433 [Windows Update | 03/27/2015 01:40:56]
Deleted : RP #2434 [Scheduled Checkpoint | 03/27/2015 21:32:49]
Deleted : RP #2435 [Scheduled Checkpoint | 03/29/2015 17:32:21]
 
New restore point created !
 
########## - EOF - ##########


#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:54 PM

Posted 30 March 2015 - 06:59 AM

Any further questions before I close this one as solved? :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users