Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer goes to blue screen and found trojen


  • This topic is locked This topic is locked
18 replies to this topic

#1 badass1974

badass1974

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 07 July 2015 - 09:16 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/582141/get-blue-screen/ ~ OB

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015
Ran by Chris Stinnett (administrator) on CHRISSTINNET-PC on 07-07-2015 19:11:23
Running from C:\Users\Chris Stinnett\AppData\Local\Microsoft\Windows\INetCache\IE\02B21SMP
Loaded Profiles: Chris Stinnett & UpdatusUser (Available Profiles: Chris Stinnett & UpdatusUser)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\psksvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\TPSrvWow.exe
(Panda Security) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\WebProxy.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PsCtrlS.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PavFnSvr.exe
(Panda Security, S.L.) C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\pavsrvx86.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\AVENGINE.EXE
(Panda Security International) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\FIREWALL\PSHost.exe
(Panda Security S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PsImSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(IDT, Inc.) C:\Windows\System32\stacsv64.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Users\Chris Stinnett\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(© 2015 Microsoft Corporation) C:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Chicony) C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\ApVxdWin.exe
() C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\SrvLoad.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PavBckPT.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\SeaPort.EXE
() C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PAsCleaner.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\Iface.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1220392 2008-01-17] (Synaptics, Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [437760 2007-11-09] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [11992944 2015-06-08] (Zemana Ltd.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2357984 2014-02-20] (Microsoft Corp.)
HKLM-x32\...\Run: [Camera Assistant Software] => C:\Program Files\Camera Assistant Software for Gateway\traybar.exe [638976 2007-09-13] (Chicony)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [259624 2007-04-16] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PPort12reminder] => C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [APVXDWIN] => C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\APVXDWIN.EXE [1062880 2013-09-30] (Panda Security, S.L.)
HKLM-x32\...\Run: [SCANINICIO] => C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\Inicio.exe [71648 2013-09-30] (Panda Security, S.L.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\avldr: C:\WINDOWS\SYSTEM32\avldr64.dll (On-Access Anti-Malware Scanner Sync)
HKU\S-1-5-21-861749658-1718846392-3416921969-1000\...\Run: [Amazon Cloud Player] => C:\Users\Chris Stinnett\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3140608 2014-01-14] ()
HKU\S-1-5-21-861749658-1718846392-3416921969-1000\...\Run: [BingSvc] => C:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-861749658-1718846392-3416921969-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-861749658-1718846392-3416921969-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-861749658-1718846392-3416921969-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-861749658-1718846392-3416921969-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-861749658-1718846392-3416921969-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [130048 2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll [2014-03-20] ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
BootExecute: autocheck autochk * bootdeletePCloudBroom64.exe \systemroot\system32\BroomData.bit
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-861749658-1718846392-3416921969-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-861749658-1718846392-3416921969-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.hp13.us.msn.com/
URLSearchHook: [S-1-5-21-861749658-1718846392-3416921969-1005] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-861749658-1718846392-3416921969-1000 -> DefaultScope {35C09BCC-3151-4698-8560-BF39A02D95BE} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140519,20028,0,31,0
SearchScopes: HKU\S-1-5-21-861749658-1718846392-3416921969-1000 -> A1991B94B6014133A0B2539BD50D3B8C URL =
SearchScopes: HKU\S-1-5-21-861749658-1718846392-3416921969-1000 -> {35C09BCC-3151-4698-8560-BF39A02D95BE} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140519,20028,0,31,0
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll [2013-10-10] (Microsoft Corporation.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} ->  No File
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll [2013-10-10] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\amd64\BingExt.dll [2013-10-10] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.114.0\BingExt.dll [2013-10-10] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-861749658-1718846392-3416921969-1000 -> No Name - {AEFEDA6A-9A49-47E5-9307-ECBEC7D6D879} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7B673656-FE50-46D5-BE66-ABD86C553A55}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9FD95AC0-E4F5-473A-8620-622A6C447CCB}: [DhcpNameServer] 192.168.10.1 64.134.255.2 64.134.255.10

FireFox:
========
FF ProfilePath: C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default
FF SearchEngineOrder.1: Yahoo
FF SearchEngineOrder.2:
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF DefaultSearchEngine: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SK2GDF&PC=SK2G&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-03-21] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-03-21] (Adobe Systems)
FF Plugin HKU\S-1-5-21-861749658-1718846392-3416921969-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-07] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\user.js [2014-05-04]
FF SearchPlugin: C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\searchplugins\bingp.xml [2015-06-05]
FF Extension: Yahoo! Toolbar - C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-05-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM-x32\...\Firefox\Extensions: [{jid1-eFRcA0eiPxecTQ@jetpack}] - C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\{jid1-eFRcA0eiPxecTQ@jetpack}
FF Extension: No Name - C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\SaveDailyDeals@SaveDailyDeals.com [not found]
FF Extension: No Name - C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [not found]
FF Extension: No Name - C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\TidyNetwork@TidyNetwork [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-09-02] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\Chris Stinnett\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Chris Stinnett\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-18]
CHR HKLM-x32\...\Chrome\Extension: [eihhgekonheiliaidomffpplfhecmkag] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173280 2014-02-20] (Microsoft Corp.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
R2 Panda Software Controller; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PsCtrls.exe [177440 2012-11-19] (Panda Security, S.L.)
R2 PAVFNSVR; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PavFnSvr.exe [202016 2012-09-21] (Panda Security, S.L.)
R2 PavPrSrv; C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe [62768 2008-02-04] (Panda Security, S.L.)
R2 PAVSRV; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\pavsrvx86.exe [313664 2011-04-13] (Panda Security, S.L.)
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 PSHost; c:\program files (x86)\panda security\panda internet security 2014\firewall\PSHOST.EXE [226560 2009-11-26] (Panda Security International)
R2 PSIMSVC; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PsImSvc.exe [108288 2008-06-19] (Panda Security S.L.)
R2 PskSvcRetail; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\PskSvc.exe [28992 2010-08-16] (Panda Security, S.L.)
R2 STacSV; C:\WINDOWS\system32\STacSV64.exe [242688 2007-11-09] (IDT, Inc.)
R2 TPSrv; C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\TPSrvWow.exe [173816 2014-02-25] (Panda Security, S.L.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [11992944 2015-06-08] (Zemana Ltd.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [209424 2007-12-19] (AMD Technologies Inc.)
R2 AmFSM; C:\Windows\System32\DRIVERS\amm6460.sys [71432 2012-03-26] (Panda Security, S.L.)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\ElRawDsk.sys [23464 2009-11-11] (EldoS Corporation)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [32512 2014-03-19] ()
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-07-07] (Malwarebytes Corporation)
R3 NETIMFLT01060044; C:\Windows\system32\DRIVERS\n64i1644.sys [216648 2010-09-01] (Panda Security, S.L.)
S3 NETw4v64; C:\Windows\System32\DRIVERS\NETw4v64.sys [3154944 2007-08-07] (Intel Corporation) [File not signed]
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [164384 2007-12-08] (NVIDIA Corporation)
R0 pavboot; C:\Windows\System32\Drivers\pavboot64.sys [30792 2010-06-22] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R1 ShldFlt; C:\Windows\System32\DRIVERS\ShldFlt.sys [48136 2009-10-27] (Panda Security, S.L.)
R0 Si3531; C:\Windows\System32\drivers\Si3531.sys [333864 2009-02-09] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\drivers\SiWinAcc.sys [22568 2009-02-09] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\drivers\SiRemFil.sys [16936 2009-02-09] (Silicon Image, Inc.)
S3 ssmirrdr; C:\Windows\system32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [107872 2015-06-23] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [107872 2015-06-23] (Zemana Ltd.)
U3 idsvc; No ImagePath
R3 PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys [X]
U2 SBKUPNT; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 19:04 - 2015-07-07 19:11 - 00000000 ____D C:\FRST
2015-06-23 13:50 - 2015-06-23 13:50 - 00107872 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2015-06-23 13:49 - 2015-06-23 13:49 - 00001171 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2015-06-23 13:49 - 2015-06-23 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-06-23 13:49 - 2015-06-23 13:49 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2015-06-23 13:48 - 2015-06-23 13:48 - 00107872 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2015-06-23 13:48 - 2015-06-23 13:48 - 00000000 ____D C:\Users\Chris Stinnett\AppData\Local\Zemana
2015-06-22 20:00 - 2015-06-22 20:00 - 00291600 _____ C:\WINDOWS\Minidump\062215-28640-01.dmp
2015-06-22 19:48 - 2015-06-22 19:48 - 00296432 _____ C:\WINDOWS\Minidump\062215-35312-01.dmp
2015-06-22 19:17 - 2015-07-07 15:22 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 19:15 - 2015-06-22 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-22 19:15 - 2015-06-22 19:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-22 19:15 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-22 19:15 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-22 19:08 - 2015-06-22 19:08 - 00296056 _____ C:\WINDOWS\Minidump\062215-39125-01.dmp
2015-06-22 17:09 - 2015-06-22 17:09 - 00294120 _____ C:\WINDOWS\Minidump\062215-51031-01.dmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-07 19:08 - 2014-03-19 01:24 - 00000000 ____D C:\Users\Chris Stinnett\AppData\Local\CrashDumps
2015-07-07 19:00 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-07 18:54 - 2013-02-03 21:43 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-07 18:23 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-07 18:22 - 2014-03-03 10:14 - 01558216 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-07 18:19 - 2013-08-05 03:05 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-861749658-1718846392-3416921969-1000
2015-07-07 17:50 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-07 17:50 - 2013-02-03 21:43 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-07 17:32 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-07-07 16:10 - 2014-03-18 21:02 - 00008627 _____ C:\WINDOWS\SysWOW64\PAV_FOG.OPC
2015-07-07 15:16 - 2014-03-20 01:34 - 00001294 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-07-07 15:08 - 2014-04-29 01:12 - 00000000 __RDO C:\Users\Chris Stinnett\SkyDrive
2015-07-07 15:06 - 2013-10-24 00:54 - 00000000 ____D C:\Users\Chris Stinnett
2015-07-07 15:04 - 2013-10-26 14:32 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-07 15:04 - 2008-03-21 19:32 - 00145676 ____N C:\WINDOWS\Minidump\070715-55234-01.dmp
2015-07-07 14:39 - 2013-01-31 22:23 - 00000000 ____D C:\Users\Chris Stinnett\AppData\Local\Adobe
2015-07-07 14:39 - 2013-01-24 00:48 - 00003700 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D555E840-A11F-4524-A375-124DA1C64556}
2015-07-07 14:36 - 2015-06-05 15:29 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-07 14:36 - 2015-06-05 15:29 - 00000000 ____D C:\ProgramData\Skype
2015-07-07 14:35 - 2015-06-05 15:30 - 00000000 ____D C:\Users\Chris Stinnett\AppData\Roaming\Skype
2015-06-23 22:56 - 2013-10-24 01:16 - 00000258 __RSH C:\Users\Chris Stinnett\ntuser.pol
2015-06-23 20:16 - 2008-03-21 19:32 - 00147578 ____N C:\WINDOWS\Minidump\062315-34656-01.dmp
2015-06-23 15:54 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-23 15:07 - 2014-04-30 18:19 - 00000000 ___RD C:\Users\Chris Stinnett\OneDrive
2015-06-23 15:07 - 2014-04-30 17:17 - 00003128 _____ C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-861749658-1718846392-3416921969-1000
2015-06-23 12:55 - 2014-04-21 13:27 - 00101650 _____ C:\WINDOWS\PFRO.log
2015-06-22 21:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Registration
2015-06-22 21:04 - 2014-03-03 10:18 - 00000000 ____D C:\Users\Chris Stinnett\AppData\Roaming\CompuClever
2015-06-22 21:04 - 2008-07-05 16:16 - 00000000 ____D C:\temp
2015-06-22 19:59 - 2014-04-18 13:49 - 498089310 _____ C:\WINDOWS\MEMORY.DMP
2015-06-22 19:53 - 2014-03-18 16:24 - 00000000 ____D C:\Users\Chris Stinnett\AppData\Local\NSManager
2015-06-22 19:16 - 2013-01-24 18:18 - 00000000 ____D C:\Users\Chris Stinnett\AppData\Roaming\Malwarebytes
2015-06-22 19:15 - 2013-01-24 18:16 - 00001125 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-22 19:15 - 2013-01-24 18:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-22 16:42 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-19 20:02 - 2013-08-22 08:38 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 20:02 - 2013-08-22 08:38 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-06-05 14:35 - 2015-06-05 14:35 - 6420480 _____ () C:\Program Files (x86)\GUT29F0.tmp
2014-01-27 17:22 - 2014-01-27 17:22 - 0000132 _____ () C:\Users\Chris Stinnett\AppData\Roaming\Adobe AIFF Format CC Prefs
2014-01-27 16:25 - 2014-01-27 17:19 - 0000132 _____ () C:\Users\Chris Stinnett\AppData\Roaming\Adobe PNG Format CC Prefs
2013-01-23 21:43 - 2013-08-05 01:28 - 0028694 _____ () C:\Users\Chris Stinnett\AppData\Roaming\nvModes.001
2013-01-23 21:28 - 2013-05-02 18:22 - 0028694 _____ () C:\Users\Chris Stinnett\AppData\Roaming\nvModes.dat
2013-05-29 12:52 - 2014-04-08 16:22 - 0002922 _____ () C:\Users\Chris Stinnett\AppData\Roaming\wklnhst.dat
2014-03-19 01:00 - 2014-03-19 01:00 - 1039754 _____ (Thisisu) C:\Users\Chris Stinnett\AppData\Local\TempJRT.exe

Some files in TEMP:
====================
C:\Users\Chris Stinnett\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Chris Stinnett\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Chris Stinnett\AppData\Local\Temp\PCloudCleanerUpdater.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-07 18:20

==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015
Ran by Chris Stinnett at 2015-07-07 19:13:01
Running from C:\Users\Chris Stinnett\AppData\Local\Microsoft\Windows\INetCache\IE\02B21SMP
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-861749658-1718846392-3416921969-500 - Administrator - Disabled)
Chris Stinnett (S-1-5-21-861749658-1718846392-3416921969-1000 - Administrator - Enabled) => C:\Users\Chris Stinnett
Guest (S-1-5-21-861749658-1718846392-3416921969-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-861749658-1718846392-3416921969-1007 - Limited - Enabled)
UpdatusUser (S-1-5-21-861749658-1718846392-3416921969-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Internet Security 2014 (Enabled - Up to date) {5FD6C936-849B-5CE2-14BA-709E1D6FD1DA}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Internet Security 2014 (Enabled - Up to date) {E4B728D2-A2A1-536C-2E0A-4BEC66E89B67}
FW: Panda Personal Firewall 2014 (Enabled) {67ED4813-CEF4-5DBA-3FE5-D9ABE3BC96A1}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.5.0.367 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Amazon Cloud Player (HKU\S-1-5-21-861749658-1718846392-3416921969-1000\...\Amazon Amazon Cloud Player) (Version: 2.3.0.422 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3A681D82-5167-4418-BEBA-E8991486665B}) (Version: 7.3.114.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.395.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Camera Assistant Software for Gateway (HKLM-x32\...\{39098402-3F7A-4257-A4AE-FC1181D1B40B}) (Version: 1.7.050.1029 - Chicony Electronics Co.,Ltd.)
Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.)
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Gateway Recovery Center Installer (HKLM-x32\...\{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}) (Version: 1.01.044 - Gateway)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft OneDrive (HKU\S-1-5-21-861749658-1718846392-3416921969-1000\...\OneDriveSetup.exe) (Version: 17.3.5860.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 19.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 19.0 (x86 en-US)) (Version: 19.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 19.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Graphics Driver 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
Panda Internet Security 2014 (HKLM-x32\...\{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}) (Version: 19.01.03 - Panda Security)
Panda Internet Security 2014 (x32 Version: 19.01.03 - Panda Security) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Password Depot 7 - Panda Secure Vault Edition (HKLM-x32\...\{A6144BFB-45FB-4DDB-BC4F-AB10E9FF0395}_is1) (Version: 7.1.0 - AceBIT GmbH)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Scansoft PDF Professional (x32 Version:  - ) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
SnapRead (HKLM-x32\...\{266D0A63-4299-4666-A2F7-D93086BC180E}) (Version: 1.00.1000 - DonJohnston Incorporated)
SnapRead (HKLM-x32\...\{A0CD4E14-9FB1-481C-B946-E0F81521B283}) (Version: 1.00.1000 - DonJohnston Incorporated)
SnapRead_2 (C:\Program Files (x86)\DonJohnston_2) (HKLM-x32\...\{4959AFDC-E728-4804-BA18-EA130D2883BA}) (Version: 1.00.1000 - DonJohnston Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.2.4.0 - Synaptics)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.0 - Nuance Communications Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.15.721 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-861749658-1718846392-3416921969-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chris Stinnett\AppData\Local\Microsoft\OneDrive\17.3.5860.0512\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

27-07-2014 00:51:33 Windows Update
06-06-2015 00:31:31 Windows Update
22-06-2015 15:52:45 Windows Update
07-07-2015 14:34:19 Removed Skype™ 7.5

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:34 - 2006-09-18 14:37 - 00000761 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0499FBA1-D1BB-4C2B-B206-DC78BDDF82F0} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-iamizz2000@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {3F503196-B5F4-4BEA-8D7B-4EE3C73D97CA} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-861749658-1718846392-3416921969-1000 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {51B77DDD-F70A-49EA-9976-D7482A249256} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.)
Task: {674962D1-B118-4071-9ACF-D1FE7D3F2BFC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7E8278DD-C563-436D-9066-21F99816CAA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-03] (Google Inc.)
Task: {8F7B10D5-0395-4602-9543-CE498F9FAC56} - \NSManager No Task File <==== ATTENTION
Task: {DCF99222-AE8D-4272-BF6A-F2246C7F12A1} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {EB9A87DC-F8EB-495B-A8DA-0103E8A8D461} - System32\Tasks\{D0A6CEC7-867F-471A-9B10-9B080F853144} => pcalua.exe -a "C:\Users\Chris Stinnett\Desktop\paperport\PP12Installer.exe" -d "C:\Users\Chris Stinnett\Desktop\paperport"
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-03-20 11:24 - 2014-03-20 11:24 - 00667808 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
2015-06-23 13:49 - 2015-06-23 13:49 - 00118640 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2013-08-07 21:29 - 2014-01-14 12:46 - 03140608 _____ () C:\Users\Chris Stinnett\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2013-01-23 16:14 - 2007-09-27 16:27 - 04839936 _____ () C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
2014-03-20 11:24 - 2014-03-20 11:24 - 05288608 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-04-16 00:26 - 2014-07-11 13:21 - 04623096 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PAsCleaner.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-21 14:35 - 2007-02-14 12:55 - 00165424 _____ () C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\MiniCrypto.dll
2014-03-21 14:35 - 2004-05-19 10:33 - 00507904 _____ () C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\libxml2.dll
2014-03-21 14:35 - 2007-02-14 12:55 - 00099888 _____ () C:\Program Files (x86)\Panda Security\Panda Internet Security 2014\APIcr.dll
2014-03-18 23:22 - 2014-03-18 23:22 - 32733088 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2015-06-05 14:37 - 2014-09-05 11:55 - 00132808 _____ () C:\Users\Chris Stinnett\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
2014-03-20 01:34 - 2013-07-24 18:33 - 00930784 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\libxml2.dll
2014-03-20 01:34 - 2014-02-11 12:36 - 00221480 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PRSBLib.dll
2014-04-16 00:26 - 2010-03-30 22:29 - 00279955 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\libidn-11.dll
2014-04-16 00:26 - 2013-06-22 19:23 - 00113166 _____ () C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
AlternateDataStreams: C:\Users\Chris Stinnett\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Chris Stinnett\SkyDrive (2).old:ms-properties
AlternateDataStreams: C:\Users\Chris Stinnett\SkyDrive.old:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-861749658-1718846392-3416921969-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris Stinnett\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\44316.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PDF5 Registry Controller"
HKLM\...\StartupApproved\Run32: => "PDFHook"
HKLM\...\StartupApproved\Run32: => "TkBellExe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{8513E42E-F275-4DF6-8C91-735FC3F882D9}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{953D56EF-9345-4269-A447-E0767D9A5DCD}] => (Allow) C:\Windows\SysWOW64\ARFC\wrtc.exe
FirewallRules: [{3653ED47-B7E4-43CB-9416-63F2004F9B90}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{59EFA31E-10A6-4FB4-AE74-51F22277F18B}] => (Allow) C:\Windows\System32\dmwu.exe
FirewallRules: [{23A45BF5-2FBC-499E-BE54-872510B26F3C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{01A34619-0672-42E6-B321-72CA972A9793}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BEE1B1C8-DB98-46E0-8147-696FED52389F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59CF1D75-6C0E-4ACB-B10B-2B19839925FD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FD4BE309-1738-4BA2-B571-DD81B96C16C6}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{F0BD8E2A-14CC-42BA-A07D-6AAE87C3455D}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E3B1EDE2-239A-49B1-9E84-026625E61F8C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{8AC70796-0CAA-4C50-AED3-F113C9DF89F1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{296C24FF-69FA-4876-81B0-89EFAE4623A4}] => (Allow) C:\Users\Chris Stinnett\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{6A492E0B-4EEB-41C8-B9A0-2C3D7FE50446}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{ED323ADB-6D80-4737-B7F0-3A91F7DADDF7}C:\program files (x86)\panda security\panda internet security 2014\apvxdwin.exe] => (Allow) C:\program files (x86)\panda security\panda internet security 2014\apvxdwin.exe
FirewallRules: [UDP Query User{ACBBD63B-7C00-4E8F-BD71-0C4268C00BE4}C:\program files (x86)\panda security\panda internet security 2014\apvxdwin.exe] => (Allow) C:\program files (x86)\panda security\panda internet security 2014\apvxdwin.exe
FirewallRules: [TCP Query User{B46709BC-6E0D-479B-9C79-CD0F5C308AD2}C:\program files (x86)\panda security\panda internet security 2014\apvxdwin.exe] => (Allow) C:\program files (x86)\panda security\panda internet security 2014\apvxdwin.exe
FirewallRules: [UDP Query User{03FC5982-6782-4DDD-AB84-4976CD042CEF}C:\program files (x86)\panda security\panda internet security 2014\apvxdwin.exe] => (Allow) C:\program files (x86)\panda security\panda internet security 2014\apvxdwin.exe
FirewallRules: [{FBCAB233-E56D-42DA-9BFA-B38E71A07790}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{B475DE35-02E5-4FB7-A65E-1D905DB42CAE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{A435AAF0-D7F5-4C6B-AC90-7A45FE0B14E9}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A7124444-5EE5-46FD-A58D-53532B5636AE}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{01415323-C387-4D76-AC7B-C89FFE90E8A0}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{7E806BBE-0037-48A5-8FD5-9B54D3353799}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2015 07:08:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Faulting module name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Exception code: 0xc0000005
Fault offset: 0x00031fe6
Faulting process id: 0x1adc
Faulting application start time: 0xBSvcProcessor.exe0
Faulting application path: BSvcProcessor.exe1
Faulting module path: BSvcProcessor.exe2
Report Id: BSvcProcessor.exe3
Faulting package full name: BSvcProcessor.exe4
Faulting package-relative application ID: BSvcProcessor.exe5

Error: (07/07/2015 06:58:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Faulting module name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Exception code: 0xc0000005
Fault offset: 0x00031fe6
Faulting process id: 0x1bdc
Faulting application start time: 0xBSvcProcessor.exe0
Faulting application path: BSvcProcessor.exe1
Faulting module path: BSvcProcessor.exe2
Report Id: BSvcProcessor.exe3
Faulting package full name: BSvcProcessor.exe4
Faulting package-relative application ID: BSvcProcessor.exe5

Error: (07/07/2015 06:48:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Faulting module name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Exception code: 0xc0000005
Fault offset: 0x00031fe6
Faulting process id: 0x1864
Faulting application start time: 0xBSvcProcessor.exe0
Faulting application path: BSvcProcessor.exe1
Faulting module path: BSvcProcessor.exe2
Report Id: BSvcProcessor.exe3
Faulting package full name: BSvcProcessor.exe4
Faulting package-relative application ID: BSvcProcessor.exe5

Error: (07/07/2015 06:45:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_CryptSvc, version: 6.3.9600.16384, time stamp: 0x5215dfe3
Faulting module name: ntdll.dll, version: 6.3.9600.16502, time stamp: 0x52c359e8
Exception code: 0xc00000fd
Fault offset: 0x000000000004f85c
Faulting process id: 0x1f50
Faulting application start time: 0xsvchost.exe_CryptSvc0
Faulting application path: svchost.exe_CryptSvc1
Faulting module path: svchost.exe_CryptSvc2
Report Id: svchost.exe_CryptSvc3
Faulting package full name: svchost.exe_CryptSvc4
Faulting package-relative application ID: svchost.exe_CryptSvc5

Error: (07/07/2015 06:38:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Faulting module name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Exception code: 0xc0000005
Fault offset: 0x00031fe6
Faulting process id: 0x1f24
Faulting application start time: 0xBSvcProcessor.exe0
Faulting application path: BSvcProcessor.exe1
Faulting module path: BSvcProcessor.exe2
Report Id: BSvcProcessor.exe3
Faulting package full name: BSvcProcessor.exe4
Faulting package-relative application ID: BSvcProcessor.exe5

Error: (07/07/2015 06:28:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Faulting module name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Exception code: 0xc0000005
Fault offset: 0x00031fe6
Faulting process id: 0x1b28
Faulting application start time: 0xBSvcProcessor.exe0
Faulting application path: BSvcProcessor.exe1
Faulting module path: BSvcProcessor.exe2
Report Id: BSvcProcessor.exe3
Faulting package full name: BSvcProcessor.exe4
Faulting package-relative application ID: BSvcProcessor.exe5

Error: (07/07/2015 06:18:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Faulting module name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Exception code: 0xc0000005
Fault offset: 0x00031fe6
Faulting process id: 0x1064
Faulting application start time: 0xBSvcProcessor.exe0
Faulting application path: BSvcProcessor.exe1
Faulting module path: BSvcProcessor.exe2
Report Id: BSvcProcessor.exe3
Faulting package full name: BSvcProcessor.exe4
Faulting package-relative application ID: BSvcProcessor.exe5

Error: (07/07/2015 06:08:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Faulting module name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Exception code: 0xc0000005
Fault offset: 0x00031fe6
Faulting process id: 0x1e18
Faulting application start time: 0xBSvcProcessor.exe0
Faulting application path: BSvcProcessor.exe1
Faulting module path: BSvcProcessor.exe2
Report Id: BSvcProcessor.exe3
Faulting package full name: BSvcProcessor.exe4
Faulting package-relative application ID: BSvcProcessor.exe5

Error: (07/07/2015 05:58:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Faulting module name: BSvcProcessor.exe, version: 1.0.5.0, time stamp: 0x5524a506
Exception code: 0xc0000005
Fault offset: 0x00031fe6
Faulting process id: 0x1e40
Faulting application start time: 0xBSvcProcessor.exe0
Faulting application path: BSvcProcessor.exe1
Faulting module path: BSvcProcessor.exe2
Report Id: BSvcProcessor.exe3
Faulting package full name: BSvcProcessor.exe4
Faulting package-relative application ID: BSvcProcessor.exe5

Error: (07/07/2015 05:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_wlidsvc, version: 6.3.9600.16384, time stamp: 0x5215dfe3
Faulting module name: PavTrc64.dll, version: 9.2.3.1, time stamp: 0x524ab383
Exception code: 0xc0000005
Fault offset: 0x00000000000169ce
Faulting process id: 0x494
Faulting application start time: 0xsvchost.exe_wlidsvc0
Faulting application path: svchost.exe_wlidsvc1
Faulting module path: svchost.exe_wlidsvc2
Report Id: svchost.exe_wlidsvc3
Faulting package full name: svchost.exe_wlidsvc4
Faulting package-relative application ID: svchost.exe_wlidsvc5

System errors:
=============
Error: (07/07/2015 06:50:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Workstation service terminated unexpectedly.  It has done this 4 time(s).

Error: (07/07/2015 06:50:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The DNS Client service terminated unexpectedly.  It has done this 5 time(s).

Error: (07/07/2015 06:50:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Cryptographic Services service terminated unexpectedly.  It has done this 5 time(s).

Error: (07/07/2015 05:51:02 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Error: (07/07/2015 05:49:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/07/2015 05:49:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Account Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (07/07/2015 05:49:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (07/07/2015 05:49:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/07/2015 05:49:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/07/2015 05:49:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Microsoft Office:
=========================
Error: (07/07/2015 07:08:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BSvcProcessor.exe1.0.5.05524a506BSvcProcessor.exe1.0.5.05524a506c000000500031fe61adc01d0b922f21751efC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exeC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exe324ec00e-2516-11e5-bf6d-001d722a7a22

Error: (07/07/2015 06:58:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BSvcProcessor.exe1.0.5.05524a506BSvcProcessor.exe1.0.5.05524a506c000000500031fe61bdc01d0b9218c5423f6C:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exeC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.execbbc3b54-2514-11e5-bf6d-001d722a7a22

Error: (07/07/2015 06:48:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BSvcProcessor.exe1.0.5.05524a506BSvcProcessor.exe1.0.5.05524a506c000000500031fe6186401d0b920269216dcC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exeC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exe6648c604-2513-11e5-bf6d-001d722a7a22

Error: (07/07/2015 06:45:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_CryptSvc6.3.9600.163845215dfe3ntdll.dll6.3.9600.1650252c359e8c00000fd000000000004f85c1f5001d0b914dcba11a9C:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\ntdll.dllf35b238b-2512-11e5-bf6d-001d722a7a22

Error: (07/07/2015 06:38:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BSvcProcessor.exe1.0.5.05524a506BSvcProcessor.exe1.0.5.05524a506c000000500031fe61f2401d0b91ec0dab87bC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exeC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exe019465d6-2512-11e5-bf6d-001d722a7a22

Error: (07/07/2015 06:28:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BSvcProcessor.exe1.0.5.05524a506BSvcProcessor.exe1.0.5.05524a506c000000500031fe61b2801d0b91d5b19269dC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exeC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exe9aee5b78-2510-11e5-bf6d-001d722a7a22

Error: (07/07/2015 06:18:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BSvcProcessor.exe1.0.5.05524a506BSvcProcessor.exe1.0.5.05524a506c000000500031fe6106401d0b91bfdc2db03C:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exeC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exe3e8ea86d-250f-11e5-bf6d-001d722a7a22

Error: (07/07/2015 06:08:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BSvcProcessor.exe1.0.5.05524a506BSvcProcessor.exe1.0.5.05524a506c000000500031fe61e1801d0b91a97ea6fddC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exeC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exed94a5518-250d-11e5-bf6d-001d722a7a22

Error: (07/07/2015 05:58:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: BSvcProcessor.exe1.0.5.05524a506BSvcProcessor.exe1.0.5.05524a506c000000500031fe61e4001d0b91931fb4c7cC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exeC:\Users\Chris Stinnett\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exe722cae08-250c-11e5-bf6d-001d722a7a22

Error: (07/07/2015 05:48:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_wlidsvc6.3.9600.163845215dfe3PavTrc64.dll9.2.3.1524ab383c000000500000000000169ce49401d0b900e7bf0b84C:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\PavTrc64.dll0c38d43c-250b-11e5-bf6d-001d722a7a22

CodeIntegrity Errors:
===================================
  Date: 2015-06-06 01:24:18.568
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-06-06 01:24:18.256
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-06-06 01:24:17.969
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-06-06 01:24:17.656
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-06-06 01:24:17.547
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-06-06 01:24:17.390
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-06-06 01:24:09.046
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-06-06 01:24:07.919
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-06-06 01:17:28.411
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2015-06-06 01:17:27.004
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU T5550 @ 1.83GHz
Percentage of memory in use: 53%
Total physical RAM: 4094.43 MB
Available physical RAM: 1908.28 MB
Total Virtual: 5310.43 MB
Available Virtual: 2276.89 MB

==================== Drives ================================

Drive c: (Partition_1) (Fixed) (Total:283.34 GB) (Free:221.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:14.75 GB) (Free:7.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 5424A154)
Partition 1: (Not Active) - (Size=14.7 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=283.3 GB) - (Type=07 NTFS)

==================== End of log ============================


Edited by Orange Blossom, 12 July 2015 - 07:53 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:58 PM

Posted 12 July 2015 - 09:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/582166 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:58 PM

Posted 13 July 2015 - 09:08 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please do this.

Move FRST.exe onto your Desktop.

Running from C:\Users\Chris Stinnett\AppData\Local\Microsoft\Windows\INetCache\IE\02B21SMP


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-861749658-1718846392-3416921969-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.hp13.us.msn.com/
URLSearchHook: [S-1-5-21-861749658-1718846392-3416921969-1005] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-861749658-1718846392-3416921969-1000 -> A1991B94B6014133A0B2539BD50D3B8C URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} ->  No File
Toolbar: HKU\S-1-5-21-861749658-1718846392-3416921969-1000 -> No Name - {AEFEDA6A-9A49-47E5-9307-ECBEC7D6D879} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF user.js: detected! => C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\user.js [2014-05-04]
FF Extension: No Name - C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\SaveDailyDeals@SaveDailyDeals.com [not found]
FF Extension: No Name - C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [not found]
FF Extension: No Name - C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\TidyNetwork@TidyNetwork [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-09-02] <==== ATTENTION
U3 idsvc; No ImagePath
R3 PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys [X]
U2 SBKUPNT; No ImagePath
2015-06-05 14:35 - 2015-06-05 14:35 - 6420480 _____ () C:\Program Files (x86)\GUT29F0.tmp
C:\Users\Chris Stinnett\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Chris Stinnett\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Chris Stinnett\AppData\Local\Temp\PCloudCleanerUpdater.exe
Task: {8F7B10D5-0395-4602-9543-CE498F9FAC56} - \NSManager No Task File <==== ATTENTION
Task: {DCF99222-AE8D-4272-BF6A-F2246C7F12A1} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {EB9A87DC-F8EB-495B-A8DA-0103E8A8D461} - System32\Tasks\{D0A6CEC7-867F-471A-9B10-9B080F853144} => pcalua.exe -a "C:\Users\Chris Stinnett\Desktop\paperport\PP12Installer.exe" -d "C:\Users\Chris Stinnett\Desktop\paperport"
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner lot
  • Junkware log
  • System Summary Information
  • Update on system performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 badass1974

badass1974
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 14 July 2015 - 08:41 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by Chris Stinnett at 2015-07-14 17:54:10 Run:1
Running from C:\Users\Chris Stinnett\Desktop
Loaded Profiles: Chris Stinnett & UpdatusUser (Available Profiles: Chris Stinnett & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-861749658-1718846392-3416921969-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.hp13.us.msn.com/
URLSearchHook: [S-1-5-21-861749658-1718846392-3416921969-1005] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-861749658-1718846392-3416921969-1000 -> A1991B94B6014133A0B2539BD50D3B8C URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: No Name -> {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} ->  No File
Toolbar: HKU\S-1-5-21-861749658-1718846392-3416921969-1000 -> No Name - {AEFEDA6A-9A49-47E5-9307-ECBEC7D6D879} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF user.js: detected! => C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\user.js [2014-05-04]
FF Extension: No Name - C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\SaveDailyDeals@SaveDailyDeals.com [not found]
FF Extension: No Name - C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} [not found]
FF Extension: No Name - C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\TidyNetwork@TidyNetwork [not found]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2013-09-02] <==== ATTENTION
U3 idsvc; No ImagePath
R3 PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys [X]
U2 SBKUPNT; No ImagePath
2015-06-05 14:35 - 2015-06-05 14:35 - 6420480 _____ () C:\Program Files (x86)\GUT29F0.tmp
C:\Users\Chris Stinnett\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Chris Stinnett\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Chris Stinnett\AppData\Local\Temp\PCloudCleanerUpdater.exe
Task: {8F7B10D5-0395-4602-9543-CE498F9FAC56} - \NSManager No Task File <==== ATTENTION
Task: {DCF99222-AE8D-4272-BF6A-F2246C7F12A1} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {EB9A87DC-F8EB-495B-A8DA-0103E8A8D461} - System32\Tasks\{D0A6CEC7-867F-471A-9B10-9B080F853144} => pcalua.exe -a "C:\Users\Chris Stinnett\Desktop\paperport\PP12Installer.exe" -d "C:\Users\Chris Stinnett\Desktop\paperport"
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)" => key removed successfully
"HKCR\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)" => key removed successfully
"HKCR\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" => key removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)" => key removed successfully
"HKCR\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\S-1-5-21-861749658-1718846392-3416921969-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
Could not restore Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-861749658-1718846392-3416921969-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\A1991B94B6014133A0B2539BD50D3B8C" => key removed successfully
HKCR\CLSID\A1991B94B6014133A0B2539BD50D3B8C => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
"HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}" => key removed successfully
HKCR\Wow6432Node\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} => key not found.
HKU\S-1-5-21-861749658-1718846392-3416921969-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{AEFEDA6A-9A49-47E5-9307-ECBEC7D6D879} => value removed successfully
HKCR\CLSID\{AEFEDA6A-9A49-47E5-9307-ECBEC7D6D879} => key not found.
"HKCR\PROTOCOLS\Handler\osf" => key removed successfully
HKCR\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0" => key removed successfully
C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\user.js => moved successfully.
C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\SaveDailyDeals@SaveDailyDeals.com not found.
C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\{F32E7E42-9AFA-47CA-A0C4-D07EE651D404} not found.
C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\extensions\TidyNetwork@TidyNetwork not found.
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully.
idsvc => Service removed successfully
PavTPK.sys => Unable to stop service.
PavTPK.sys => Service removed successfully
SBKUPNT => Service removed successfully
C:\Program Files (x86)\GUT29F0.tmp => moved successfully.
C:\Users\Chris Stinnett\AppData\Local\Temp\BSvcProcessor.exe => moved successfully.
C:\Users\Chris Stinnett\AppData\Local\Temp\BSvcUpdater.exe => moved successfully.
C:\Users\Chris Stinnett\AppData\Local\Temp\PCloudCleanerUpdater.exe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8F7B10D5-0395-4602-9543-CE498F9FAC56}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F7B10D5-0395-4602-9543-CE498F9FAC56}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NSManager" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCF99222-AE8D-4272-BF6A-F2246C7F12A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF99222-AE8D-4272-BF6A-F2246C7F12A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB9A87DC-F8EB-495B-A8DA-0103E8A8D461}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB9A87DC-F8EB-495B-A8DA-0103E8A8D461}" => key removed successfully
C:\Windows\System32\Tasks\{D0A6CEC7-867F-471A-9B10-9B080F853144} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D0A6CEC7-867F-471A-9B10-9B080F853144}" => key removed successfully
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.

The system needed a reboot..

==== End of Fixlog 17:54:55 ====

# AdwCleaner v4.208 - Logfile created 14/07/2015 at 18:07:27
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows 8.1 Pro  (x64)
# Username : Chris Stinnett - CHRISSTINNET-PC
# Running from : C:\Users\Chris Stinnett\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Chris Stinnett\AppData\Roaming\Adobe AIFF Format CC Prefs
File Found : C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\searchplugins\bingp.xml
Folder Found : C:\ProgramData\Fighters
Folder Found : C:\Users\Chris Stinnett\AppData\LocalLow\YahooCouponAddOn
Folder Found : C:\Users\Chris Stinnett\AppData\Roaming\Mozilla\Firefox\Profiles\ykfpkbhz.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\CHRISS~1\AppData\Local\Temp\Yula

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\trovi.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Software\SaveDailyDeals
Key Found : HKCU\Software\SpeedMaxPC
Key Found : HKCU\Software\usyndication.com
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\ParetoLogic
Key Found : [x64] HKCU\Software\SaveDailyDeals
Key Found : [x64] HKCU\Software\SpeedMaxPC
Key Found : [x64] HKCU\Software\usyndication.com
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\SDP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Mozilla Firefox v19.0 (en-US)

-\\ Google Chrome v43.0.2357.132

*************************

AdwCleaner[R1].txt - [4554 bytes] - [14/07/2015 18:07:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4613 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.4.9 (07.14.2015:2)
OS: Windows 8.1 Pro x64
Ran by Chris Stinnett on Tue 07/14/2015 at 18:13:42.25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\compuclever
Successfully deleted: [Folder] C:\ProgramData\compuclever
Successfully deleted: [Folder] C:\Users\Chris Stinnett\AppData\Roaming\compuclever

 

~~~ FireFox

Successfully deleted the following from C:\Users\Chris Stinnett\AppData\Roaming\mozilla\firefox\profiles\ykfpkbhz.default\prefs.js

user_pref(valueApps.storage.mam_gk_userId, 36346534346261332D356436612D346339622D623335372D396134313739356562356435);

 

~~~ Chrome

[C:\Users\Chris Stinnett\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Chris Stinnett\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Chris Stinnett\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Chris Stinnett\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/14/2015 at 18:20:59.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:58 PM

Posted 14 July 2015 - 08:46 PM

Greetings,

 

Did you select Clean on the AdwCleaner window after running the program?

 

Update on system performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:58 PM

Posted 17 July 2015 - 06:23 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 badass1974

badass1974
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 17 July 2015 - 06:40 PM

Yes, I still need help with my computer....The instructions you have posted have been followed and I would like to comet that I did press the clean on the adware program!



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:58 PM

Posted 17 July 2015 - 07:26 PM

Thank you. How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 badass1974

badass1974
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 18 July 2015 - 10:37 AM

it still goes to blue screecn..and does a reboot



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:58 PM

Posted 18 July 2015 - 01:49 PM

OK, this is what I would like you to do next.

===================================================

Enabling or Disabling Automatic Restart on System Failure - Windows 8

-------------------
  • Click Start, type cmd, right click on cmd and select Run as Administrator
  • Type or copy and paste wmic recoveros set AutoReboot = True after the command prompt and press Enter
  • Type Exit, hit Enter then reboot your computer
  • When your system BSODs, write down the STOP error code, as well as any written out error message. The STOP error will always appear, but the message may not.

bsod_c.jpg

  • Please include this information in your reply.
  • Click Start, type cmd, right click on cmd and select Run as Administrator
  • Type or copy and paste wmic recoveros set AutoReboot = False after the command prompt and press Enter
===================================================

BlueScreenView

----------
  • Download BlueScreenView and save it to your desktop
  • Double click the BlueScreenView.exe file then click OK
  • Select Run, Next, then Next again
  • Click Install
  • When the scanning is complete, select Edit and Select All
  • Then click File and Save Selected Items
  • Save the report as BSOD.txt
  • Open BSOD.txt in Notepad, copy the entire content and paste it into your next reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Blue Screen information
  • BSOD.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 badass1974

badass1974
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 19 July 2015 - 02:39 PM

I am not clear on this one START what is that



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:58 PM

Posted 19 July 2015 - 02:54 PM

Sorry, you have Windows 8 and that is different. Hit the Windows Key + X at the same time and select Command Prompt (Admin).


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 badass1974

badass1974
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 19 July 2015 - 03:44 PM

when I entered the command and rebooted no blue screen came up it booted like normal



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,764 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:58 PM

Posted 19 July 2015 - 04:14 PM

Do you get the Blue Screen sporadically upon startup and do you every get it in the middle of doing something after startup?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 badass1974

badass1974
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 19 July 2015 - 06:15 PM

I get the blue screen after like an half hour of operation sometimes.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users