Nope its still there, it has to be saved as a batch file, give it another shot
Driver:: pcwatch File:: C:\Windows\system32\Drivers\pcwatch.sys C:\Windows\system32\MyOSProtect.dll
Posted 02 October 2014 - 01:26 PM
Nope its still there, it has to be saved as a batch file, give it another shot
Driver:: pcwatch File:: C:\Windows\system32\Drivers\pcwatch.sys C:\Windows\system32\MyOSProtect.dll
Register to Remove
Posted 02 October 2014 - 02:16 PM
Posted 02 October 2014 - 09:21 PM
Good, go ahead and run a new scan with FRST shoot me a new log please
Posted 03 October 2014 - 08:19 AM
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by CARL (administrator) on CARL-PC on 03-10-2014 08:53:01
Running from C:\Users\CARL\Desktop
Loaded Profile: CARL (Available profiles: CARL & Liza)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
(Sony Electronics, Inc.) C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\downloader.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VWLASU] => C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe [24576 2008-05-20] (Sony Electronics, Inc.)
HKLM\...\Run: [VAIOSurvey] => C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe [385024 2008-07-25] ()
HKLM\...\Run: [VAIOMyMemCenter] => C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe [679936 2008-02-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [SmartWiHelper] => C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe [77824 2008-06-27] (Sony Electronics Corporation)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6295552 2008-07-02] (Realtek Semiconductor)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-03] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1837336 2014-08-13] (Bitdefender)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [65024 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Liza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AOLOverlayIcon] -> {AB0C8BE3-041C-47d6-8195-E089D32B38DD} => C:\DDI\overicon.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x16A6F450C046CB01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 02 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 03 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 04 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Winsock: Catalog9 15 C:\Windows\system32\MyOSProtect.dll [304776] (MyOSCompany)
Tcpip\Parameters: [DhcpNameServer] 216.177.160.61 216.177.160.60
FireFox:
========
FF ProfilePath: C:\Users\CARL\AppData\Roaming\Mozilla\Firefox\Profiles\f8su429z.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\CARL\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-24]
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman [2014-03-26]
FF HKLM\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files\Mozilla Firefox\extensions\termtutor@termtutor.com
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-26]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\CARL\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\CARL\AppData\Roaming\Move Networks [2009-05-07]
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7280_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Users\CARL\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-24]
CHR Extension: (Bitdefender Wallet) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-03-26]
CHR Extension: (Skype Click to Call) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-05-04]
CHR Extension: (Poppit!) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-17]
CHR Extension: (Google Wallet) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM\...\Chrome\Extension: [aaaajhhckaajldjhmbpgleomemmpopjp] - C:\Windows\system32\config\systemprofile\AppData\Local\bandoomusictoolbar\GC\toolbar.crx [2013-06-07]
CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2014-03-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2014-08-13] (Bitdefender)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2007-11-12] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [480368 2014-09-17] (Bitdefender)
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2014-08-13] (Bitdefender)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-19] (Sony Corporation)
R2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-11] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1251808 2014-08-13] (Bitdefender)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1060312 2014-08-13] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [528248 2014-08-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-05-26] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-04] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [385096 2014-08-13] (BitDefender S.R.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\CARL\AppData\Local\Temp\catchme.sys [X]
S1 ttnfd; system32\drivers\ttnfd.sys [X]
U3 mbr; \??\C:\Users\CARL\AppData\Local\Temp\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 08:52 - 2014-10-03 08:52 - 00000000 ____D () C:\Users\CARL\Desktop\FRST-OlderVersion
2014-10-02 15:17 - 2014-10-02 15:17 - 00022084 _____ () C:\Users\CARL\Desktop\combofix.txt
2014-10-02 15:14 - 2014-10-02 15:14 - 00022084 _____ () C:\ComboFix.txt
2014-10-02 13:50 - 2014-10-02 14:38 - 00000266 _____ () C:\Users\CARL\Desktop\fixes.bat
2014-10-01 19:18 - 2014-10-02 07:20 - 00000000 ____D () C:\Users\Liza\AppData\Local\{37C9B37E-8D21-4944-8858-B247C201E940}
2014-10-01 12:28 - 2014-10-01 12:34 - 00003088 _____ () C:\Users\CARL\Desktop\Rkill.txt
2014-10-01 12:27 - 2014-10-01 12:27 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\CARL\Desktop\rkill.exe
2014-10-01 08:17 - 2014-10-01 08:17 - 00146960 _____ () C:\Windows\Minidump\100114-22120-01.dmp
2014-10-01 06:54 - 2014-10-01 14:38 - 00051250 _____ () C:\Users\CARL\Desktop\Addition.txt
2014-10-01 06:52 - 2014-10-03 08:53 - 00024898 _____ () C:\Users\CARL\Desktop\FRST.txt
2014-09-30 23:26 - 2014-09-30 23:26 - 00000000 ____D () C:\Users\Liza\AppData\Local\{709843D9-5A76-4B14-BE48-BD68AC33B06D}
2014-09-30 22:21 - 2014-09-30 22:21 - 00186880 _____ (CEXX.ORG) C:\Users\CARL\Desktop\LSPFix.exe
2014-09-30 13:33 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 19:09 - 2014-10-03 08:52 - 00000000 ____D () C:\Users\CARL\Documents\Katie
2014-09-28 19:47 - 2014-09-28 19:48 - 00146952 _____ () C:\Windows\Minidump\092814-23743-01.dmp
2014-09-28 14:10 - 2014-09-28 14:10 - 00146960 _____ () C:\Windows\Minidump\092814-23556-01.dmp
2014-09-28 14:00 - 2014-10-02 15:14 - 00000000 ____D () C:\Qoobox
2014-09-28 14:00 - 2014-10-02 15:03 - 00000000 ____D () C:\Windows\erdnt
2014-09-28 14:00 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-28 14:00 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-28 14:00 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-28 13:52 - 2014-10-02 14:41 - 05582981 ____R (Swearware) C:\Users\CARL\Desktop\ComboFix.exe
2014-09-27 17:14 - 2014-10-01 13:45 - 00000000 ____D () C:\Users\CARL\Malware fixes
2014-09-27 13:38 - 2014-09-27 13:38 - 00000000 ____D () C:\Users\Liza\AppData\Local\{BC296350-9826-4461-89ED-ACC5B53B0351}
2014-09-27 10:20 - 2014-10-03 08:52 - 01100800 _____ (Farbar) C:\Users\CARL\Desktop\FRST.exe
2014-09-27 06:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-27 06:04 - 2014-09-27 06:20 - 00000530 _____ () C:\Users\CARL\Downloads\Result.txt
2014-09-27 05:26 - 2014-10-03 07:17 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-27 05:25 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-27 05:25 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-27 05:25 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-27 05:00 - 2014-09-27 05:00 - 00000000 ____D () C:\Windows\ERUNT
2014-09-27 04:53 - 2014-09-27 04:53 - 01699276 _____ (Thisisu) C:\Users\CARL\Downloads\JRT.exe
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____D () C:\Users\CARL\AppData\Local\Macromedia
2014-09-26 21:20 - 2014-09-26 21:20 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-26 21:20 - 2014-09-26 21:20 - 00000000 ____D () C:\Users\CARL\AppData\Roaming\Mozilla
2014-09-26 21:20 - 2014-09-26 21:20 - 00000000 ____D () C:\Users\CARL\AppData\Local\Mozilla
2014-09-26 21:19 - 2014-09-26 21:19 - 00244136 _____ () C:\Users\CARL\Downloads\Firefox Setup Stub 32.0.3.exe
2014-09-26 20:33 - 2014-10-03 08:53 - 00000000 ____D () C:\FRST
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\Users\Liza\AppData\Local\{D1075A40-3AD6-48F8-8D80-DB28A94191A8}
2014-09-25 13:02 - 2014-09-25 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-09-24 21:53 - 2014-09-26 07:50 - 00000065 _____ () C:\Users\CARL\AppData\Roaming\WB.CFG
2014-09-24 20:53 - 2014-09-24 20:53 - 00000000 ____D () C:\Users\CARL\AppData\Local\IsolatedStorage
2014-09-24 20:11 - 2014-09-24 20:11 - 00000000 ____D () C:\Users\Liza\AppData\Local\{E1B82B34-94F7-4795-A227-A07AC026C3C1}
2014-09-24 15:21 - 2014-09-24 21:58 - 01454922 _____ () C:\Users\CARL\Documents\Kanto.pptx
2014-09-24 14:20 - 2014-09-24 14:59 - 02382044 _____ () C:\Users\CARL\Downloads\David_Mythology (1).pptx
2014-09-24 10:02 - 2014-09-24 10:02 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-23 19:26 - 2014-09-23 19:26 - 00147016 _____ () C:\Windows\Minidump\092314-80558-01.dmp
2014-09-23 17:50 - 2014-09-23 17:50 - 00000000 ____D () C:\Users\Liza\AppData\Local\{E36305E3-28E3-4440-9CEA-6993EEE77436}
2014-09-23 17:44 - 2014-09-24 15:02 - 02382035 _____ () C:\Users\CARL\Documents\David_Mythology.pptx
2014-09-23 17:05 - 2014-09-01 11:29 - 00020480 _____ (MyOSCompany) C:\Windows\system32\Drivers\pcwatch.sys
2014-09-23 17:03 - 2014-09-23 17:03 - 18581088 _____ () C:\Users\CARL\Downloads\YGOPro DevPro.zip.thxo3ui.partial
2014-09-23 17:03 - 2014-09-01 11:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-09-23 14:50 - 2014-09-24 15:21 - 01208942 _____ () C:\Users\CARL\Downloads\New_Microsoft_PowerPoint_Presentation.pptx
2014-09-23 13:51 - 2014-09-23 14:37 - 02486374 _____ () C:\Users\CARL\Downloads\David_Mythology.pptx
2014-09-23 12:39 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-22 16:10 - 2014-09-22 16:10 - 00918440 _____ (Oracle Corporation) C:\Users\CARL\Downloads\JavaSetup7u67.com
2014-09-22 16:02 - 2014-09-22 16:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-19 06:27 - 2014-09-19 06:27 - 00000000 ____D () C:\Users\Liza\AppData\Local\{20373E10-274A-4A68-A976-51CB8838D089}
2014-09-18 15:01 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-18 15:01 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-18 15:01 - 2014-08-18 14:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-18 15:01 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-18 15:01 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-18 15:01 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-18 15:01 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-18 15:01 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-18 15:01 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-18 15:01 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-18 15:01 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-18 15:01 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-18 15:01 - 2014-08-18 14:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-18 15:01 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-18 15:01 - 2014-08-18 14:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-18 15:01 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-18 15:01 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-18 15:01 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-18 15:01 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-18 15:01 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-18 15:01 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-18 15:01 - 2014-08-18 14:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-18 15:01 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-18 15:01 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-18 15:00 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-18 15:00 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-18 15:00 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-18 15:00 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-18 15:00 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-18 15:00 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-18 15:00 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-17 08:56 - 2014-07-06 18:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-17 08:56 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-17 08:55 - 2014-09-04 18:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-17 08:55 - 2014-09-04 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-17 08:55 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-17 08:55 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-16 22:47 - 2014-09-18 14:27 - 00000000 ____D () C:\Users\Liza\AppData\Local\{5EB1F283-A6CA-4AF7-9D54-CA3B9F6782B4}
2014-09-16 19:49 - 2014-09-16 19:49 - 00000000 ____D () C:\found.000
2014-09-13 01:51 - 2014-09-13 01:51 - 00000000 ____D () C:\Users\Liza\AppData\Local\{F5899911-E6E6-4F67-82C6-BD68481CA883}
2014-09-12 21:19 - 2014-09-12 21:19 - 00000000 ____D () C:\Users\Liza\AppData\Local\{3A5CF58D-05AD-4421-8942-EA191F6D89C7}
2014-09-12 21:15 - 2014-09-12 21:15 - 01510144 _____ () C:\Windows\Minidump\091214-45583-01.dmp
2014-09-06 03:51 - 2014-09-06 03:51 - 00000000 ____D () C:\Users\Liza\AppData\Local\{7825CC49-70F8-493E-88C9-B07B93EB1007}
2014-09-05 10:15 - 2014-09-05 10:15 - 00000000 ____D () C:\Users\Liza\AppData\Local\{7771BBE8-4AA6-4FE3-9C86-A5E64EC94CA1}
2014-09-04 05:01 - 2014-09-04 22:14 - 00000000 ____D () C:\Users\Liza\AppData\Local\{EAF1BEA1-C915-4AB8-9435-5AC345EB9F88}
2014-09-04 03:58 - 2014-08-22 18:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-04 03:58 - 2014-08-22 17:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-04 03:51 - 2014-05-14 09:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-04 03:51 - 2014-05-14 09:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-04 03:51 - 2014-05-14 09:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-04 03:51 - 2014-05-14 09:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-04 03:50 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-04 03:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 08:45 - 2011-12-01 19:51 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001UA.job
2014-10-03 08:19 - 2012-02-14 17:28 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cceb78bf10241d.job
2014-10-03 08:07 - 2010-03-14 13:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 08:02 - 2012-08-31 15:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-02 21:06 - 2011-05-04 15:42 - 01661238 _____ () C:\Windows\WindowsUpdate.log
2014-10-02 17:45 - 2011-12-01 19:51 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001Core.job
2014-10-02 17:07 - 2010-03-14 13:07 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-02 15:14 - 2011-05-04 15:49 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 15:14 - 2011-05-04 15:05 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-02 15:14 - 2011-05-04 15:05 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-02 15:07 - 2012-02-14 17:28 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cceb78bbbe067a.job
2014-10-02 15:07 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-02 15:06 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-02 15:06 - 2009-07-13 21:39 - 01514039 _____ () C:\Windows\setupact.log
2014-10-02 15:04 - 2011-05-04 15:28 - 00286760 _____ () C:\Windows\PFRO.log
2014-10-02 15:04 - 2009-07-13 19:03 - 63520768 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-02 15:04 - 2009-07-13 19:03 - 19660800 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-02 15:04 - 2009-07-13 19:03 - 00978944 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-02 15:04 - 2009-07-13 19:03 - 00090112 _____ () C:\Windows\system32\config\SAM.bak
2014-10-02 15:04 - 2009-07-13 19:03 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-02 14:31 - 2014-02-03 09:23 - 00000000 ____D () C:\Users\CARL\AppData\Roaming\Canon
2014-10-01 19:18 - 2010-09-11 07:57 - 00000000 ____D () C:\Users\Liza\Tracing
2014-10-01 15:15 - 2012-02-26 09:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-01 15:15 - 2011-04-11 21:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-01 08:17 - 2011-07-30 11:43 - 384205671 _____ () C:\Windows\MEMORY.DMP
2014-10-01 08:17 - 2011-07-30 11:43 - 00000000 ____D () C:\Windows\Minidump
2014-09-30 23:03 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2014-09-27 18:04 - 2011-05-04 15:06 - 00000000 ____D () C:\Users\CARL
2014-09-27 11:16 - 2011-04-11 21:52 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-27 09:54 - 2013-09-30 20:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-27 06:47 - 2009-01-09 22:21 - 00000000 ____D () C:\TEMP
2014-09-27 06:44 - 2012-06-27 12:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-27 05:39 - 2011-02-02 01:33 - 00000000 ____D () C:\ProgramData\Temp
2014-09-26 21:20 - 2012-06-27 12:00 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-25 19:50 - 2010-09-10 16:01 - 00000000 ____D () C:\Users\Liza\Documents\Katie
2014-09-24 20:56 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-24 20:53 - 2009-06-06 06:26 - 00000907 _____ () C:\Users\CARL\Desktop\Launch Internet Explorer Browser.lnk
2014-09-24 13:07 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 12:29 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-09-24 10:02 - 2012-03-30 16:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 10:02 - 2011-05-19 14:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 06:47 - 2014-07-31 11:57 - 00203574 _____ () C:\Users\CARL\Desktop\1checking.xlsx
2014-09-18 15:03 - 2008-08-21 00:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-18 15:00 - 2013-08-15 11:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-18 14:37 - 2014-05-07 06:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-18 14:37 - 2011-05-17 10:41 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-17 14:36 - 2014-02-04 01:45 - 00000000 ____D () C:\Users\Liza\Documents\Retirement
2014-09-06 03:49 - 2009-07-13 21:33 - 00371536 _____ () C:\Windows\system32\FNTCACHE.DAT
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-27 17:54
==================== End Of Log ============================
Posted 03 October 2014 - 11:05 AM
Did you ever run LSP-Fix as i posted earlier, you need to keep me in the loop, even if you ran it run it again and let me know how it went
Driver:: ttnfd File:: c:\windows\system32\drivers\ttnfd.sys c:\windows\system32\MyOSProtect.dll
Posted 03 October 2014 - 11:34 AM
LSP successful. moving on.
Posted 03 October 2014 - 12:06 PM
Posted 03 October 2014 - 12:09 PM
Go ahead and run FRST and post the log please
Posted 03 October 2014 - 12:30 PM
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-10-2014
Ran by CARL (administrator) on CARL-PC on 03-10-2014 13:26:26
Running from C:\Users\CARL\Desktop
Loaded Profile: CARL (Available profiles: CARL & Liza)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Realtek Semiconductor) C:\Windows\RTKAUDIOSERVICE.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
(Sony Electronics, Inc.) C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
(Sony Corporation) C:\Program Files\Sony\ISB Utility\ISBMgr.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
(Sony Electronics, Inc.) C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
() C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VWLASU] => C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe [24576 2008-05-20] (Sony Electronics, Inc.)
HKLM\...\Run: [VAIOSurvey] => C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe [385024 2008-07-25] ()
HKLM\...\Run: [VAIOMyMemCenter] => C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe [679936 2008-02-29] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [835584 2007-03-09] (Synaptics, Inc.)
HKLM\...\Run: [SmartWiHelper] => C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe [77824 2008-06-27] (Sony Electronics Corporation)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1826816 2008-07-02] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6295552 2008-07-02] (Realtek Semiconductor)
HKLM\...\Run: [MDS_Menu] => C:\Program Files\Olympus\ib\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [ISBMgr.exe] => C:\Program Files\Sony\ISB Utility\ISBMgr.exe [317280 2008-04-03] (Sony Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-03] (CANON INC.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1837336 2014-08-13] (Bitdefender)
Winlogon\Notify\VESWinlogon: C:\Windows\system32\VESWinlogon.dll (Sony Corporation)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [65024 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)
HKU\S-1-5-21-201924879-2192290182-1421096681-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files\Garmin\Express Tray\ExpressTray.exe [688984 2014-07-23] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Liza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AOLOverlayIcon] -> {AB0C8BE3-041C-47d6-8195-E089D32B38DD} => C:\DDI\overicon.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x16A6F450C046CB01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {74F4F118-91E6-4AFC-B8D2-04066781F239} https://www.member-d...dc/EZTwainX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 216.177.160.61 216.177.160.60
FireFox:
========
FF ProfilePath: C:\Users\CARL\AppData\Roaming\Mozilla\Firefox\Profiles\f8su429z.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.7.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\10\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player -> C:\Users\CARL\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-24]
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman [2014-03-26]
FF HKLM\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files\Mozilla Firefox\extensions\termtutor@termtutor.com
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2014-03-26]
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\CARL\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\CARL\AppData\Roaming\Move Networks [2009-05-07]
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7280_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Users\CARL\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR CustomProfile: C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Entanglement Web App) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-05-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-24]
CHR Extension: (Bitdefender Wallet) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-03-26]
CHR Extension: (Skype Click to Call) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-05-04]
CHR Extension: (Poppit!) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-05-17]
CHR Extension: (Google Wallet) - C:\Users\CARL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR HKLM\...\Chrome\Extension: [aaaajhhckaajldjhmbpgleomemmpopjp] - C:\Windows\system32\config\systemprofile\AppData\Local\bandoomusictoolbar\GC\toolbar.crx [2013-06-07]
CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2014-03-26]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2014-08-13] (Bitdefender)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [53248 2008-05-20] (Sony Corporation) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2007-11-12] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed]
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [81704 2013-07-08] (Bitdefender)
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [480368 2014-09-17] (Bitdefender)
S3 SOHCImp; C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe [103712 2008-05-20] (Sony Corporation)
S3 SOHDms; C:\Program Files\Sony\VAIO Media plus\SOHDms.exe [353568 2008-05-20] (Sony Corporation)
S3 SOHDs; C:\Program Files\Sony\VAIO Media plus\SOHDs.exe [62752 2008-05-20] (Sony Corporation)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [77824 2008-05-20] (Sony Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2014-08-13] (Bitdefender)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [73728 2008-05-22] (Sony Corporation) [File not signed]
R2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-15] (Sony Corporation)
R2 VAIO Power Management; C:\Program Files\Sony\VAIO Power Management\SPMService.exe [411488 2008-06-19] (Sony Corporation)
R2 VCFw; C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [415744 2008-06-20] (Sony Corporation) [File not signed]
S3 VcmIAlzMgr; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [337184 2008-06-11] (Sony Corporation)
R3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [279848 2008-06-19] (Sony Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1251808 2014-08-13] (Bitdefender)
R2 VzCdbSvc; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [192512 2008-05-22] (Sony Corporation) [File not signed]
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1060312 2014-08-13] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [528248 2014-08-13] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-05-26] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-04] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [72704 2012-04-17] (BitDefender)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [15720 2012-04-18] (GARMIN Corp.)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 OlyCamComm; C:\Windows\System32\DRIVERS\OlyCamComm.sys [21648 2009-09-10] (OLYMPUS IMAGING CORP.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [385096 2014-08-13] (BitDefender S.R.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\CARL\AppData\Local\Temp\catchme.sys [X]
U3 mbr; \??\C:\Users\CARL\AppData\Local\Temp\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 13:04 - 2014-10-03 13:04 - 00021970 _____ () C:\ComboFix.txt
2014-10-03 08:52 - 2014-10-03 08:52 - 00000000 ____D () C:\Users\CARL\Desktop\FRST-OlderVersion
2014-10-02 15:17 - 2014-10-02 15:17 - 00022084 _____ () C:\Users\CARL\Desktop\combofix.txt
2014-10-02 13:50 - 2014-10-02 14:38 - 00000266 _____ () C:\Users\CARL\Desktop\fixes.bat
2014-10-01 19:18 - 2014-10-02 07:20 - 00000000 ____D () C:\Users\Liza\AppData\Local\{37C9B37E-8D21-4944-8858-B247C201E940}
2014-10-01 12:28 - 2014-10-01 12:34 - 00003088 _____ () C:\Users\CARL\Desktop\Rkill.txt
2014-10-01 12:27 - 2014-10-01 12:27 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\CARL\Desktop\rkill.exe
2014-10-01 08:17 - 2014-10-01 08:17 - 00146960 _____ () C:\Windows\Minidump\100114-22120-01.dmp
2014-10-01 06:54 - 2014-10-01 14:38 - 00051250 _____ () C:\Users\CARL\Desktop\Addition.txt
2014-10-01 06:52 - 2014-10-03 13:26 - 00024453 _____ () C:\Users\CARL\Desktop\FRST.txt
2014-09-30 23:26 - 2014-09-30 23:26 - 00000000 ____D () C:\Users\Liza\AppData\Local\{709843D9-5A76-4B14-BE48-BD68AC33B06D}
2014-09-30 22:21 - 2014-09-30 22:21 - 00186880 _____ (CEXX.ORG) C:\Users\CARL\Desktop\LSPFix.exe
2014-09-30 13:33 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-29 19:09 - 2014-10-03 08:52 - 00000000 ____D () C:\Users\CARL\Documents\Katie
2014-09-28 19:47 - 2014-09-28 19:48 - 00146952 _____ () C:\Windows\Minidump\092814-23743-01.dmp
2014-09-28 14:10 - 2014-09-28 14:10 - 00146960 _____ () C:\Windows\Minidump\092814-23556-01.dmp
2014-09-28 14:00 - 2014-10-03 13:04 - 00000000 ____D () C:\Qoobox
2014-09-28 14:00 - 2014-10-03 12:52 - 00000000 ____D () C:\Windows\erdnt
2014-09-28 14:00 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-28 14:00 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-28 14:00 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-28 14:00 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-28 13:52 - 2014-10-02 14:41 - 05582981 ____R (Swearware) C:\Users\CARL\Desktop\ComboFix.exe
2014-09-27 17:14 - 2014-10-01 13:45 - 00000000 ____D () C:\Users\CARL\Malware fixes
2014-09-27 13:38 - 2014-09-27 13:38 - 00000000 ____D () C:\Users\Liza\AppData\Local\{BC296350-9826-4461-89ED-ACC5B53B0351}
2014-09-27 10:20 - 2014-10-03 08:52 - 01100800 _____ (Farbar) C:\Users\CARL\Desktop\FRST.exe
2014-09-27 06:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-27 06:04 - 2014-09-27 06:20 - 00000530 _____ () C:\Users\CARL\Downloads\Result.txt
2014-09-27 05:26 - 2014-10-03 12:56 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-27 05:25 - 2014-09-27 05:25 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-27 05:25 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-27 05:25 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-27 05:25 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-27 05:00 - 2014-09-27 05:00 - 00000000 ____D () C:\Windows\ERUNT
2014-09-27 04:53 - 2014-09-27 04:53 - 01699276 _____ (Thisisu) C:\Users\CARL\Downloads\JRT.exe
2014-09-26 21:21 - 2014-09-26 21:21 - 00000000 ____D () C:\Users\CARL\AppData\Local\Macromedia
2014-09-26 21:20 - 2014-09-26 21:20 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-26 21:20 - 2014-09-26 21:20 - 00000000 ____D () C:\Users\CARL\AppData\Roaming\Mozilla
2014-09-26 21:20 - 2014-09-26 21:20 - 00000000 ____D () C:\Users\CARL\AppData\Local\Mozilla
2014-09-26 21:19 - 2014-09-26 21:19 - 00244136 _____ () C:\Users\CARL\Downloads\Firefox Setup Stub 32.0.3.exe
2014-09-26 20:33 - 2014-10-03 13:26 - 00000000 ____D () C:\FRST
2014-09-26 17:31 - 2014-09-26 17:31 - 00000000 ____D () C:\Users\Liza\AppData\Local\{D1075A40-3AD6-48F8-8D80-DB28A94191A8}
2014-09-25 13:02 - 2014-09-25 13:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
2014-09-24 21:53 - 2014-09-26 07:50 - 00000065 _____ () C:\Users\CARL\AppData\Roaming\WB.CFG
2014-09-24 20:53 - 2014-09-24 20:53 - 00000000 ____D () C:\Users\CARL\AppData\Local\IsolatedStorage
2014-09-24 20:11 - 2014-09-24 20:11 - 00000000 ____D () C:\Users\Liza\AppData\Local\{E1B82B34-94F7-4795-A227-A07AC026C3C1}
2014-09-24 15:21 - 2014-09-24 21:58 - 01454922 _____ () C:\Users\CARL\Documents\Kanto.pptx
2014-09-24 14:20 - 2014-09-24 14:59 - 02382044 _____ () C:\Users\CARL\Downloads\David_Mythology (1).pptx
2014-09-24 10:02 - 2014-09-24 10:02 - 03675824 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-09-23 19:26 - 2014-09-23 19:26 - 00147016 _____ () C:\Windows\Minidump\092314-80558-01.dmp
2014-09-23 17:50 - 2014-09-23 17:50 - 00000000 ____D () C:\Users\Liza\AppData\Local\{E36305E3-28E3-4440-9CEA-6993EEE77436}
2014-09-23 17:44 - 2014-09-24 15:02 - 02382035 _____ () C:\Users\CARL\Documents\David_Mythology.pptx
2014-09-23 17:05 - 2014-09-01 11:29 - 00020480 _____ (MyOSCompany) C:\Windows\system32\Drivers\pcwatch.sys
2014-09-23 17:03 - 2014-09-23 17:03 - 18581088 _____ () C:\Users\CARL\Downloads\YGOPro DevPro.zip.thxo3ui.partial
2014-09-23 17:03 - 2014-09-01 11:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
2014-09-23 14:50 - 2014-09-24 15:21 - 01208942 _____ () C:\Users\CARL\Downloads\New_Microsoft_PowerPoint_Presentation.pptx
2014-09-23 13:51 - 2014-09-23 14:37 - 02486374 _____ () C:\Users\CARL\Downloads\David_Mythology.pptx
2014-09-23 12:39 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-22 16:10 - 2014-09-22 16:10 - 00918440 _____ (Oracle Corporation) C:\Users\CARL\Downloads\JavaSetup7u67.com
2014-09-22 16:02 - 2014-09-22 16:02 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-19 06:27 - 2014-09-19 06:27 - 00000000 ____D () C:\Users\Liza\AppData\Local\{20373E10-274A-4A68-A976-51CB8838D089}
2014-09-18 15:01 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-18 15:01 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-18 15:01 - 2014-08-18 14:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-18 15:01 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-18 15:01 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-18 15:01 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-18 15:01 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-18 15:01 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-18 15:01 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-18 15:01 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-18 15:01 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-18 15:01 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-18 15:01 - 2014-08-18 14:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-18 15:01 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-18 15:01 - 2014-08-18 14:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-18 15:01 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-18 15:01 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-18 15:01 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-18 15:01 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-18 15:01 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-18 15:01 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-18 15:01 - 2014-08-18 14:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-18 15:01 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-18 15:01 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-18 15:00 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-18 15:00 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-18 15:00 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-18 15:00 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-18 15:00 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-18 15:00 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-18 15:00 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-17 08:56 - 2014-07-06 18:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-17 08:56 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-17 08:55 - 2014-09-04 18:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-17 08:55 - 2014-09-04 18:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-17 08:55 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-17 08:55 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-16 22:47 - 2014-09-18 14:27 - 00000000 ____D () C:\Users\Liza\AppData\Local\{5EB1F283-A6CA-4AF7-9D54-CA3B9F6782B4}
2014-09-16 19:49 - 2014-09-16 19:49 - 00000000 ____D () C:\found.000
2014-09-13 01:51 - 2014-09-13 01:51 - 00000000 ____D () C:\Users\Liza\AppData\Local\{F5899911-E6E6-4F67-82C6-BD68481CA883}
2014-09-12 21:19 - 2014-09-12 21:19 - 00000000 ____D () C:\Users\Liza\AppData\Local\{3A5CF58D-05AD-4421-8942-EA191F6D89C7}
2014-09-12 21:15 - 2014-09-12 21:15 - 01510144 _____ () C:\Windows\Minidump\091214-45583-01.dmp
2014-09-06 03:51 - 2014-09-06 03:51 - 00000000 ____D () C:\Users\Liza\AppData\Local\{7825CC49-70F8-493E-88C9-B07B93EB1007}
2014-09-05 10:15 - 2014-09-05 10:15 - 00000000 ____D () C:\Users\Liza\AppData\Local\{7771BBE8-4AA6-4FE3-9C86-A5E64EC94CA1}
2014-09-04 05:01 - 2014-09-04 22:14 - 00000000 ____D () C:\Users\Liza\AppData\Local\{EAF1BEA1-C915-4AB8-9435-5AC345EB9F88}
2014-09-04 03:58 - 2014-08-22 18:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-04 03:58 - 2014-08-22 17:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-04 03:51 - 2014-05-14 09:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-04 03:51 - 2014-05-14 09:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-04 03:51 - 2014-05-14 09:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-04 03:51 - 2014-05-14 09:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-04 03:50 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-04 03:50 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-04 03:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-03 13:19 - 2012-02-14 17:28 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cceb78bf10241d.job
2014-10-03 13:07 - 2010-03-14 13:07 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-03 13:03 - 2012-08-31 15:11 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-03 13:03 - 2011-05-04 15:05 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-03 13:03 - 2011-05-04 15:05 - 00018544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 12:57 - 2009-07-13 19:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-03 12:55 - 2012-02-14 17:28 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cceb78bbbe067a.job
2014-10-03 12:55 - 2010-03-14 13:07 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-03 12:55 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 12:55 - 2009-07-13 21:39 - 01515391 _____ () C:\Windows\setupact.log
2014-10-03 12:53 - 2011-05-04 15:28 - 00287312 _____ () C:\Windows\PFRO.log
2014-10-03 12:52 - 2009-07-13 19:03 - 63520768 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-10-03 12:52 - 2009-07-13 19:03 - 19660800 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-10-03 12:52 - 2009-07-13 19:03 - 00978944 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-10-03 12:52 - 2009-07-13 19:03 - 00090112 _____ () C:\Windows\system32\config\SAM.bak
2014-10-03 12:52 - 2009-07-13 19:03 - 00028672 _____ () C:\Windows\system32\config\SECURITY.bak
2014-10-03 12:39 - 2011-05-04 15:42 - 01695415 _____ () C:\Windows\WindowsUpdate.log
2014-10-03 11:45 - 2011-12-01 19:51 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001UA.job
2014-10-02 17:45 - 2011-12-01 19:51 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-201924879-2192290182-1421096681-1001Core.job
2014-10-02 15:14 - 2011-05-04 15:49 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-02 14:31 - 2014-02-03 09:23 - 00000000 ____D () C:\Users\CARL\AppData\Roaming\Canon
2014-10-01 19:18 - 2010-09-11 07:57 - 00000000 ____D () C:\Users\Liza\Tracing
2014-10-01 15:15 - 2012-02-26 09:23 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-01 15:15 - 2011-04-11 21:39 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-10-01 08:17 - 2011-07-30 11:43 - 384205671 _____ () C:\Windows\MEMORY.DMP
2014-10-01 08:17 - 2011-07-30 11:43 - 00000000 ____D () C:\Windows\Minidump
2014-09-30 23:03 - 2009-07-13 19:37 - 00000000 ___RD () C:\Users\Public
2014-09-27 18:04 - 2011-05-04 15:06 - 00000000 ____D () C:\Users\CARL
2014-09-27 11:16 - 2011-04-11 21:52 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-27 09:54 - 2013-09-30 20:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-27 06:47 - 2009-01-09 22:21 - 00000000 ____D () C:\TEMP
2014-09-27 06:44 - 2012-06-27 12:00 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-27 05:39 - 2011-02-02 01:33 - 00000000 ____D () C:\ProgramData\Temp
2014-09-26 21:20 - 2012-06-27 12:00 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-25 19:50 - 2010-09-10 16:01 - 00000000 ____D () C:\Users\Liza\Documents\Katie
2014-09-24 20:56 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-24 20:53 - 2009-06-06 06:26 - 00000907 _____ () C:\Users\CARL\Desktop\Launch Internet Explorer Browser.lnk
2014-09-24 13:07 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-24 12:29 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache
2014-09-24 10:02 - 2012-03-30 16:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-24 10:02 - 2011-05-19 14:16 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-19 06:47 - 2014-07-31 11:57 - 00203574 _____ () C:\Users\CARL\Desktop\1checking.xlsx
2014-09-18 15:03 - 2008-08-21 00:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-18 15:00 - 2013-08-15 11:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-18 14:37 - 2014-05-07 06:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-18 14:37 - 2011-05-17 10:41 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-17 14:36 - 2014-02-04 01:45 - 00000000 ____D () C:\Users\Liza\Documents\Retirement
2014-09-06 03:49 - 2009-07-13 21:33 - 00371536 _____ () C:\Windows\system32\FNTCACHE.DAT
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-27 17:54
==================== End Of Log ============================
Posted 03 October 2014 - 01:19 PM
Success, running LSP-Fix removed the bad file from winsock
These should be deleted now
Run the fix and post the fixlog and then run a new scan with FRST and post that log also
Start CloseProcesses: 2014-09-23 17:05 - 2014-09-01 11:29 - 00020480 _____ (MyOSCompany) C:\Windows\system32\Drivers\pcwatch.sys 2014-09-23 17:03 - 2014-09-01 11:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll Hosts: EmptyTemp: End
Register to Remove
Posted 03 October 2014 - 02:26 PM
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-10-2014
Ran by CARL at 2014-10-03 15:18:33 Run:4
Running from C:\Users\CARL\Desktop
Loaded Profile: CARL (Available profiles: CARL & Liza)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
2014-09-23 17:05 - 2014-09-01 11:29 - 00020480 _____ (MyOSCompany) C:\Windows\system32\Drivers\pcwatch.sys
2014-09-23 17:03 - 2014-09-01 11:28 - 00304776 _____ (MyOSCompany) C:\Windows\system32\MyOSProtect.dll
Hosts:
EmptyTemp:
End
*****************
Processes closed successfully.
"C:\Windows\system32\Drivers\pcwatch.sys" => File/Directory not found.
"C:\Windows\system32\MyOSProtect.dll" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 239.8 MB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Posted 03 October 2014 - 02:29 PM
Posted 03 October 2014 - 03:40 PM
Been a long hard ride but we got there in the end, how is your system behaving now ??
Posted 03 October 2014 - 03:51 PM
seems to be running okay. Definitely no popups. appreciated all your hard work and patience.
Posted 03 October 2014 - 04:14 PM
Wonderfull, hope this has been a learning experience for you, watch out what you download and the sites you go in. You installed Malwarebytes Free Version, if you upgrade to the Pro Version it has a protection module that blocks known bad sites from loading, the cost is minimal but this of course is up to you.
0 members, 0 guests, 0 anonymous users