Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

hicosmea shows up in malwarebytes twice


  • This topic is locked This topic is locked
2 replies to this topic

#1 careful

careful

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:44 AM

Posted 18 November 2015 - 06:34 AM

this is the FRST scan as stated in the sticky topic to do

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-11-2015
Ran by Petit (2015-11-18 06:31:34)
Running from C:\Users\Petit\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2012-05-07 17:25:47)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1307173437-486162635-2919381003-500 - Administrator - Disabled)
Guest (S-1-5-21-1307173437-486162635-2919381003-501 - Limited - Disabled)
Petit (S-1-5-21-1307173437-486162635-2919381003-1000 - Administrator - Enabled) => C:\Users\Petit
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2540 - Adobe Systems Incorporated)
Adobe Connect 9 Add-in (HKU\S-1-5-21-1307173437-486162635-2919381003-1000\...\Adobe Connect 9 Add-in) (Version: 11.2.385.0 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 2.61 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 (HKLM-x32\...\PremElem70) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 7.0 Templates (HKLM-x32\...\PremElem70Templates) (Version: 7.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1307173437-486162635-2919381003-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 3.6 - Auslogics Software Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Awakening Kingdoms (HKLM-x32\...\BFG-Awakening Kingdoms) (Version:  - )
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{138B4FA4-B9C1-422E-BDB9-75E516B2522B}) (Version: 0.8.51 - Kovid Goyal)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.5.14 - Canon Inc.)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version:  - )
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version:  - ‭Canon Inc.)
Canon MP Navigator 2.2 (HKLM-x32\...\MP Navigator 2.2) (Version:  - )
Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version:  - )
Canon MX520 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX520_series) (Version: 1.00 - Canon Inc.)
Canon MX520 series On-screen Manual (HKLM-x32\...\Canon MX520 series On-screen Manual) (Version: 7.6.0 - Canon Inc.)
Canon MX520 series User Registration (HKLM-x32\...\Canon MX520 series User Registration) (Version:  - ‭Canon Inc.)
Canon MX530 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX530_series) (Version: 1.00 - Canon Inc.)
Canon MX530 series On-screen Manual (HKLM-x32\...\Canon MX530 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MX530 series User Registration (HKLM-x32\...\Canon MX530 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
Canon SELPHY CP780 (HKLM\...\Canon SELPHY CP780) (Version:  - )
Canon Speed Dial Utility (HKLM-x32\...\Speed Dial Utility) (Version: 1.4.0 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.0.1.32 - Canon Inc.)
Canon Utilities SELPHY Photo Print (HKLM-x32\...\SELPHY Photo Print) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities SELPHY Print Contents 1.1.0 (HKLM-x32\...\SELPHY Print Contents 110) (Version: 1.1.0.16 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.26 - Piriform)
Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
Cricut ™ Driver v2.01 (HKLM-x32\...\Cricut ™ Driver v2.01) (Version: 2.01 - Provo Craft & Novelty, Inc.)
Dark Manor: A Hidden Object Mystery (HKLM-x32\...\BFG-Dark Manor - A Hidden Object Mystery) (Version:  - )
Dropbox (HKU\S-1-5-21-1307173437-486162635-2919381003-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
DVDFab 8.2.2.8 (26/02/2013) Qt (HKLM-x32\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.0.6.3 (09/09/2013) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Dynamic Web TWAIN Plug-in (HKLM-x32\...\{D91AA8CA-8704-4BDB-B56D-B78BBEEF8D0D}) (Version: 9.2.0 - Dynamsoft)
Elevated Installer (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 5.02 - )
Fast Duplicate File Finder 3.2.0.1 (HKLM-x32\...\{AFECFED6-0A43-488F-8511-1DC6B52F31C3}_is1) (Version: 3.2.0.1 - MindGems, Inc.)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{6c14a7ec-7ed6-47f1-bb64-afc001a60a24}) (Version: 2.1.12 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.1.12 - Garmin Ltd or its subsidiaries) Hidden
GFI BackUp Freeware (HKLM-x32\...\GFI BackUp Freeware) (Version: 4.0 - GFI Software Ltd.)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.1.8.5 - Siber Systems)
Google Chrome (HKU\S-1-5-21-1307173437-486162635-2919381003-1000\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
GoToMeeting 7.4.1.3770 (HKU\S-1-5-21-1307173437-486162635-2919381003-1000\...\GoToMeeting) (Version: 7.4.1.3770 - CitrixOnline)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{80A620C1-B22C-4781-A351-B14B8A37BFE3}) (Version: 2.1 - Brice Lambson)
Intel® Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
JMicron JMB36X Driver (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.17.58.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Karen's Clipboard Viewer (HKLM-x32\...\Karen's Clipboard Viewer) (Version: 2.2.0.0 - Karen Kenworthy)
Karen's 'Net Monitor (HKLM-x32\...\Karen's 'Net Monitor) (Version: 3.6.0.0 - Karen Kenworthy)
Karen's Replicator (HKLM-x32\...\Karen's Replicator) (Version: 3.6.0.9 - Karen Kenworthy)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Macrium Reflect Free Edition (HKLM\...\{0B8CA9F3-488F-44B8-A7BE-C9B0743250A3}) (Version: 5.0.4522 - Paramount Software (UK) Ltd.)
Magic Ball (HKLM-x32\...\Magic Ball) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Digital Image Suite 2006 (HKLM-x32\...\PictureItSuite_v11) (Version: 11.0.0422 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.4276.0) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{64C12304-7010-43F3-A25B-BDC38DE41E46}) (Version: 4.0.4276.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0080-0409-0000-0000000FF1CE}) (Version: 14.0.6106.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Moffsoft FreeCalc (HKLM-x32\...\MoffFreeCalc_is1) (Version: 1.1 - Moffsoft)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NaturalReaderFree (HKLM-x32\...\{B99690D5-0BD4-403B-98D9-D0E997239454}) (Version: 1.00.0000 - Naturalsoft)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11300.14.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.11200.16.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.11400.18.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.12300.23.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.11400.15.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.14800.28.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{7D0A13FA-56BC-4755-8BAF-45A69BA6A5C8}) (Version: 10.0.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.12600.30.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.2 - )
NVIDIA 3D Vision Driver 267.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 267.42 - NVIDIA Corporation)
NVIDIA Graphics Driver 267.42 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.42 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.18.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.5.3023 - ooVoo LLC.)
Opera 11.64 (HKLM-x32\...\Opera 11.64.1403) (Version: 11.64.1403 - Opera Software ASA)
PhotoshopdotcomInspirationBrowser (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
PlayMemories Home (HKLM-x32\...\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211}) (Version: 6.3.00.04221 - Sony Corporation)
Quicken 2007 (HKLM-x32\...\{0D2E80C8-0875-43EB-9623-47118E2DFBCA}) (Version: 16.1.1.27 - Intuit)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
RoboForm 7-9-16-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-16-7 - Siber Systems)
Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)
Sea Battle (HKLM-x32\...\Sea Battle) (Version:  - )
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.0.3402.0 - Seagate)
SeaMonkey 2.30 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.30 (x86 en-US)) (Version: 2.30 - Mozilla)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SmartSound Quicktracks for Premiere Elements (HKLM-x32\...\InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}) (Version: 3.11.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements (x32 Version: 3.11.3090 - SmartSound Software Inc) Hidden
SoftPerfect WiFi Guard version 1.0.1 (HKLM\...\{38AFD787-4D2E-4442-92D2-7739F5F92CF4}_is1) (Version: 1.0.1 - SoftPerfect Research)
Speccy (HKLM\...\Speccy) (Version: 1.18 - Piriform)
Stora Desktop Applications (HKLM-x32\...\{D323C27E-5DB7-4EE6-B75D-35C0F4D3FABD}) (Version: 1.3.3.1073 - Axentra Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Syncios version 2.0.2 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 2.0.2 - Anvsoft, Inc.)
TheSage (HKLM-x32\...\TheSage) (Version: 4.5.1784 - Sequence Publishing)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
UK's Kalender 2.3.2 (HKLM-x32\...\UK's Kalender_is1) (Version:  - Ulrich Krebs)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Automated Installation Kit (HKLM\...\{31E8F586-4EF7-4500-844D-BA8756474FF1}) (Version: 2.0.0.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.5.2015.12 - Ruiware)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F4505C4-9468-D082-9295-34EE85889A47} => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Petit\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Petit\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {43934E4A-9468-D082-1CDE-E2B285889A47} => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Petit\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petit\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petit\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petit\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petit\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petit\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petit\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petit\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Petit\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Petit\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
 
==================== Restore Points =========================
 
10-11-2015 08:24:52 Windows Update
17-11-2015 07:18:05 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2013-01-11 15:54 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0336EABE-D6BF-473E-9835-FB78F6EB62B4} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1307173437-486162635-2919381003-1000UA => C:\Users\Petit\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {215E7721-634C-45F4-B6E3-93431FF317DC} - System32\Tasks\Petit DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2012-06-07] (Seagate Technology LLC)
Task: {3939C2A4-898A-4598-9D2E-C6DB1BEC9512} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1307173437-486162635-2919381003-1000UA => C:\Users\Petit\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3F28A06B-0D12-4A9F-BE70-FC2D4F3323E5} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-09-21] (Siber Systems)
Task: {415267F9-8468-45F5-A97D-037EF8D22542} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJNJOMMMNJGMPMMMCNNJOJMMKMCNLMGMNJKJCNHMMJPMGMCNPMMJNJGMMJJMJMIMNMKMMJMJJNJICMIMCNGMCNOMJMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMOMNMMMPMJNHICMMJBJKJLIMJJNBJCMLLGJOJBJBJKJPNPKKJLIKJLIJNKJCMCJGIOIKIKJLMPLIJCJOJGJDJBNMJAJCJJNNICMJNDJCMKJBJJNMJCMKMFMNMLMJMLMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {448CC4C0-F3DD-4DF7-BDB7-5E7C9B3A54EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-14] (Adobe Systems Incorporated)
Task: {5D667664-9D7C-4C7E-9567-5E7815FB7DD1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-12-19] (Piriform Ltd)
Task: {632DB95F-E905-44C4-9190-3AE2B386975C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1307173437-486162635-2919381003-1000Core => C:\Users\Petit\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {6EC64D91-CC79-4B19-B1C9-515A50C39CA3} - System32\Tasks\G2MUploadTask-S-1-5-21-1307173437-486162635-2919381003-1000 => C:\Users\Petit\AppData\Local\Citrix\GoToMeeting\3770\g2mupload.exe [2015-10-28] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {70002549-D7C2-4EAA-895E-E49AC910187B} - System32\Tasks\G2MUpdateTask-S-1-5-21-1307173437-486162635-2919381003-1000 => C:\Users\Petit\AppData\Local\Citrix\GoToMeeting\3770\g2mupdate.exe [2015-10-28] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {777DE026-BED2-4C69-977A-3FE9CBD6C68F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {93E8D530-C0B2-403B-B422-231C04D3AE2E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-22] (AVAST Software)
Task: {A9E8B68C-21A0-4C6B-B100-D92411D96881} - System32\Tasks\Petit => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-06-07] (Seagate Technology LLC)
Task: {BF72B7FD-AD4B-4A48-A368-43C661B36DF3} - System32\Tasks\{5ACD291F-2879-4696-B0E2-4621B4DDA793} => pcalua.exe -a C:\Users\Petit\Downloads\ffmpeg-setup.exe -d C:\Users\Petit\Downloads
Task: {DA5F269D-62A0-41E7-8C4A-0016C87F173A} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {DC263251-B667-4325-B215-0F9E35836539} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1307173437-486162635-2919381003-1000Core => C:\Users\Petit\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {E486FB20-981C-4974-8BF8-A5208E8A4718} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {FAFDC705-0C31-4B9C-8599-4C7DC1D69BB8} - System32\Tasks\Petit Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2012-06-07] (Seagate Technology LLC)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1307173437-486162635-2919381003-1000Core.job => C:\Users\Petit\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1307173437-486162635-2919381003-1000UA.job => C:\Users\Petit\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1307173437-486162635-2919381003-1000.job => C:\Users\Petit\AppData\Local\Citrix\GoToMeeting\3770\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1307173437-486162635-2919381003-1000.job => C:\Users\Petit\AppData\Local\Citrix\GoToMeeting\3770\g2mupload.exe
Task: C:\Windows\Tasks\GoodSync - Cbackup.job => C:\Program Files\Siber Systems\GoodSync\gsync.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1307173437-486162635-2919381003-1000Core.job => C:\Users\Petit\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1307173437-486162635-2919381003-1000UA.job => C:\Users\Petit\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-15 15:26 - 2015-05-15 15:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-18 16:04 - 2011-07-18 16:04 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2012-05-08 16:49 - 2012-05-08 16:49 - 05345968 _____ () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
2012-09-25 09:32 - 2012-09-25 08:56 - 00301760 _____ () C:\Program Files\Macrium\Reflect\ReflectService.exe
2015-09-22 17:05 - 2015-09-22 17:05 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-22 17:05 - 2015-09-22 17:05 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-16 05:25 - 2015-11-16 05:25 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111600\algo.dll
2015-11-18 05:39 - 2015-11-18 05:39 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111800\algo.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-11-16 07:41 - 2015-11-16 07:41 - 00071168 _____ () c:\users\petit\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4beszf.dll
2015-03-04 16:45 - 2015-09-02 19:11 - 00012800 _____ () C:\Users\Petit\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 16:45 - 2015-09-02 19:11 - 00779776 _____ () C:\Users\Petit\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 18:57 - 2015-09-02 19:11 - 00056320 _____ () C:\Users\Petit\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 16:45 - 2015-09-02 19:11 - 00012288 _____ () C:\Users\Petit\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-09-22 17:05 - 2015-09-22 17:05 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00783360 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00098816 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00098816 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00064000 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00099840 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00068608 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00076800 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00168448 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00316928 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00045568 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gsttypefindfunctions.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00046592 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00078336 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2012-05-08 17:02 - 2012-05-11 06:43 - 00276480 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
2015-11-14 07:35 - 2015-11-14 07:35 - 17604296 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll
2015-11-12 14:39 - 2015-11-06 23:36 - 01532744 _____ () C:\Users\Petit\AppData\Local\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-12 14:39 - 2015-11-06 23:36 - 00081224 _____ () C:\Users\Petit\AppData\Local\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-12 14:39 - 2015-11-06 23:36 - 16496456 _____ () C:\Users\Petit\AppData\Local\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1307173437-486162635-2919381003-1000\Software\Classes\.exe:  =>  <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1307173437-486162635-2919381003-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Petit\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{BBC4028C-D91B-411D-9801-E62C96647BB9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{87AF36E1-6444-4B60-BBAF-DE74CD491962}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{91E5E58E-1417-4281-AEB9-9A6351C9A06F}] => (Allow) svchost.exe
FirewallRules: [{A718F77D-0914-40A2-93E0-59D4DC9461EE}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{D05E8D75-1DE9-46A7-A634-679397D7A4F8}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{DAAAA11B-1F53-4980-A338-643DF6C2ED5B}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{674F1668-17B0-496F-9686-332104C202EC}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{AC72583D-0215-4117-8CE8-1E88A882382C}] => (Allow) C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [TCP Query User{3BBFF797-0AB4-4AD9-9879-070596986E9A}C:\program files (x86)\opera\opera.exe] => (Block) C:\program files (x86)\opera\opera.exe
FirewallRules: [UDP Query User{64E07F4A-9EAB-4698-9BA2-392ED2ED2275}C:\program files (x86)\opera\opera.exe] => (Block) C:\program files (x86)\opera\opera.exe
FirewallRules: [{A19D97BB-A59D-4B69-93C1-FD3DB07D2DE2}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{5214E197-0D49-4B36-BC4D-F6AECC99BA1E}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{ACC9B1EF-8C4B-4FB4-AEBA-6DB53F918E7D}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{7C7663A4-FBBF-455F-A782-0C8A784D0D75}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{83069F0D-8FC0-4128-BEC0-95CF74025023}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{48C6B3E9-E73E-4063-BFEF-5CFCE4241FED}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{70BE757B-E2E1-4B79-A155-B34E1D0DB24D}] => (Allow) LPort=33333
FirewallRules: [{5857939B-9B95-4F7D-918F-C88F498127E6}] => (Allow) LPort=33338
FirewallRules: [{458ECF31-FADF-447C-8574-3E276D4A16E4}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{1AC98963-657F-4F22-8074-DF9E1DC0CAD6}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [TCP Query User{8EBCC07F-3FBF-4F91-969C-8BE90D1096FA}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe
FirewallRules: [UDP Query User{6AB94DB2-E2A3-405B-B811-C7BF19777ABB}C:\program files (x86)\cricut-craft room\ccrbridge.exe] => (Allow) C:\program files (x86)\cricut-craft room\ccrbridge.exe
FirewallRules: [TCP Query User{3CB4BB34-CE75-413B-B6FB-39EBA0C9A987}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [UDP Query User{3A2D22F1-91F5-4255-89EA-A4DCC2A7C520}C:\program files (x86)\oovoo\oovoo.exe] => (Allow) C:\program files (x86)\oovoo\oovoo.exe
FirewallRules: [{ECA8C243-E4D2-49C0-A7A6-A7A4857A8311}] => (Allow) LPort=37676
FirewallRules: [{DBEEBCF1-724B-45AB-A493-A196CFAC5AA3}] => (Allow) LPort=37676
FirewallRules: [{2C117084-4AC8-410C-B4E3-B65B0EEC5B1C}] => (Allow) LPort=37677
FirewallRules: [{0F367881-734B-4DE0-A295-E197FD0ABD4C}] => (Allow) C:\Users\Petit\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{5BE243E6-1D9C-4F16-AECA-3B886B23B86E}] => (Allow) C:\Users\Petit\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{8560B377-21CC-4788-B8CE-6299E26A2394}C:\users\petit\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\petit\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{A8D08815-012A-4AEA-99DC-C68330219C82}C:\users\petit\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\petit\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{62BABA79-3AA7-4E43-86D0-EDA857F42129}] => (Allow) C:\Program Files\Windows Home Server\Discovery.exe
FirewallRules: [{DE181AF3-088B-4874-AE98-1C8F126796E7}] => (Allow) C:\Program Files\Windows Home Server\Discovery.exe
FirewallRules: [{AC4AC544-7B71-4524-A898-54D7C302FAE5}] => (Allow) C:\Program Files (x86)\NETGEAR\Stora Desktop Applications\DesktopMirror\rsync.exe
FirewallRules: [{AE30025F-A47A-40E3-8081-25883FC83EBC}] => (Allow) C:\Program Files (x86)\NETGEAR\Stora Desktop Applications\DesktopMirror\rsync.exe
FirewallRules: [{63CD30B7-1F85-4BCA-8EBE-9F1F1CC38E9C}] => (Allow) C:\Program Files (x86)\NETGEAR\Stora Desktop Applications\DesktopMirror\ssh.exe
FirewallRules: [{55ADEE0C-411C-49CB-AB09-74B12B2F0C6A}] => (Allow) C:\Program Files (x86)\NETGEAR\Stora Desktop Applications\DesktopMirror\ssh.exe
FirewallRules: [{585B4B81-E041-43DC-8987-72FD92861D9F}] => (Allow) C:\Program Files (x86)\NETGEAR\Stora Desktop Applications\QuickConnect\AxentraPicturesWizard.exe
FirewallRules: [{0C2D00AD-8E2B-45B7-AB82-2AD36608A668}] => (Allow) C:\Program Files (x86)\NETGEAR\Stora Desktop Applications\QuickConnect\AxentraPicturesWizard.exe
FirewallRules: [{6033CFEC-4EAA-47F4-94A7-284D72994F43}] => (Allow) C:\Program Files (x86)\NETGEAR\Stora Desktop Applications\QuickConnect\AxentraSmartShortcut.exe
FirewallRules: [{92F949F8-F2D0-47A2-B500-D20CFEE789D2}] => (Allow) C:\Program Files (x86)\NETGEAR\Stora Desktop Applications\QuickConnect\AxentraSmartShortcut.exe
FirewallRules: [{C33FE9EC-AD29-4E84-8B94-336A4130F2C3}] => (Allow) C:\Program Files (x86)\NETGEAR\Stora Desktop Applications\HipServAgent\HipServAgent.exe
FirewallRules: [{98FD43EC-E4FA-4FD7-8103-F22A594AD72B}] => (Allow) C:\Program Files (x86)\NETGEAR\Stora Desktop Applications\HipServAgent\HipServAgent.exe
FirewallRules: [{8AC9607F-9C95-48AB-AE92-1C046487F8B1}] => (Allow) D:\Setup\StoraSetup.exe
FirewallRules: [{68229083-78A1-4C89-9C5C-37DB0FC87010}] => (Allow) D:\Setup\StoraSetup.exe
FirewallRules: [TCP Query User{AAA8F365-CFEF-48BB-8D44-63C465A9F8ED}C:\program files (x86)\netgear\stora desktop applications\hipservagent\hipservagent.exe] => (Block) C:\program files (x86)\netgear\stora desktop applications\hipservagent\hipservagent.exe
FirewallRules: [UDP Query User{18C4F02A-19CA-465F-BA81-03FD7D5AEAFD}C:\program files (x86)\netgear\stora desktop applications\hipservagent\hipservagent.exe] => (Block) C:\program files (x86)\netgear\stora desktop applications\hipservagent\hipservagent.exe
FirewallRules: [{94201851-E449-47E8-8403-4D6C9CF2A64B}] => (Allow) C:\Users\Petit\AppData\Local\Temp\nso977C.tmp\CnetInstaller-10862872.exe
FirewallRules: [{9E295857-A07D-481A-8751-8D4598F36DBE}] => (Allow) C:\Users\Petit\AppData\Local\Temp\nso977C.tmp\CnetInstaller-10862872.exe
FirewallRules: [TCP Query User{1A33683A-9ADA-4747-8059-646F81C6FAD6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{B2CE4538-7BF4-47EC-8A77-3B042F923337}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{37BA94F7-5976-4168-AEBC-76701F9C9207}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{81A5B5EF-A1E7-4C40-B7C9-D0E2E127ED14}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{25542BE0-C75B-4FB1-9F78-D99739DE1B9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E16024D9-E688-4C76-ABD1-DA5FBF374F0F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B4223EBC-6C52-4D0E-9EE8-BADB41A354F0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E0B6634B-197E-4436-8722-F8ACCC44C3BF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{36363636-359D-46DA-9361-968A80612800}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/17/2015 07:08:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13026
 
Error: (11/17/2015 07:08:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13026
 
Error: (11/17/2015 07:08:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/17/2015 07:07:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12012
 
Error: (11/17/2015 07:07:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12012
 
Error: (11/17/2015 07:07:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/17/2015 07:07:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11014
 
Error: (11/17/2015 07:07:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11014
 
Error: (11/17/2015 07:07:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (11/17/2015 07:07:57 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10015
 
 
System errors:
=============
Error: (11/10/2015 07:06:30 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 47.
 
Error: (11/02/2015 04:54:04 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.9 with the system
having network hardware address 18-0C-AC-08-63-69. Network operations on this system may
be disrupted as a result.
 
Error: (10/24/2015 04:09:29 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
 
Error: (10/12/2015 04:28:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
 
Error: (10/08/2015 05:21:13 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (10/08/2015 05:21:13 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (10/08/2015 05:21:13 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (10/08/2015 05:21:13 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (10/08/2015 05:21:13 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
Error: (10/08/2015 05:21:13 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2700K CPU @ 3.50GHz
Percentage of memory in use: 36%
Total physical RAM: 16351.14 MB
Available physical RAM: 10324.05 MB
Total Virtual: 32700.48 MB
Available Virtual: 24272.27 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:776.08 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:931.51 GB) (Free:754.92 GB) NTFS
Drive h: (mirror) (Fixed) (Total:931.51 GB) (Free:861.52 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 842F057D)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 840D5AF8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 840D5AFF)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:44 AM

Posted 20 November 2015 - 10:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Delete this program via the Control Panel > Programs and Features applet.

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)

I need to see the FRST log created by the Farbar tool.

Please post it.

After my review I will suggest at fix.

The information below comes from your Addition.txt file. I will use it later with my fix.

CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {1F4505C4-9468-D082-9295-34EE85889A47} => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Petit\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {43934E4A-9468-D082-1CDE-E2B285889A47} => No File
CustomCLSID: HKU\S-1-5-21-1307173437-486162635-2919381003-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Petit\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:9D0A16E4


Edited by nasdaq, 20 November 2015 - 10:15 AM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:44 AM

Posted 25 November 2015 - 11:40 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users