Hello WTT,
Happy new year.
I beleive my PC might have been infected, after my young son tried downloading Minecraft without my permission. He knows daddy's PC is not for games, thats what his Wii-U and Xbox are for (the temptation must have got to him).
Anyways, I ran my Malware Bytes and I think it cleaned it out. But I would like the experts at WTT to take a look. Besides, I like coming on the site to get my "Tech" on - even though it's amature next to you guys =)
Please see the attached logs from aswMBR and FRST64.
As always - I recognize the time and value of the great volunteers, so......., Donations are coming!!!!!!
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-18 13:38:58
-----------------------------
13:38:58.519 OS Version: Windows x64 6.1.7601 Service Pack 1
13:38:58.520 Number of processors: 2 586 0x2302
13:38:58.521 ComputerName: GALO-PC UserName:
13:39:00.174 Initialize success
13:39:00.404 VM: initialized successfully
13:39:00.406 VM: Amd CPU virtualization not supported
13:41:02.666 AVAST engine defs: 15011800
13:41:43.206 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
13:41:43.208 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
13:41:43.212 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000067
13:41:43.216 Disk 1 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 8
13:41:43.330 Disk 0 MBR read successfully
13:41:43.337 Disk 0 MBR scan
13:41:43.378 Disk 0 Windows 7 default MBR code
13:41:43.388 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:41:43.415 Disk 0 Boot: NTFS code=1
13:41:43.444 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305144 MB offset 206848
13:41:43.474 Disk 0 scanning C:\Windows\system32\drivers
13:41:59.081 Service scanning
13:42:25.205 Modules scanning
13:42:25.211 Disk 0 trace - called modules:
13:42:25.236 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt61.sys PCTCore64.sys storport.sys hal.dll vsmraid.sys
13:42:25.242 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003a81790]
13:42:25.248 3 CLASSPNP.SYS[fffff880010f743f] -> nt!IofCallDriver -> [0xfffffa8003a6d880]
13:42:25.255 5 vsflt61.sys[fffff88000e520fd] -> nt!IofCallDriver -> [0xfffffa8003a72b30]
13:42:25.261 7 PCTCore64.sys[fffff88001095094] -> nt!IofCallDriver -> \Device\00000066[0xfffffa800327b260]
13:42:26.501 AVAST engine scan C:\Windows
13:42:30.712 AVAST engine scan C:\Windows\system32
13:47:30.153 AVAST engine scan C:\Windows\system32\drivers
13:48:09.132 AVAST engine scan C:\Users\Laurent Effen Rocks
13:55:31.455 AVAST engine scan C:\ProgramData
14:03:52.613 Disk 0 statistics 3756444/0/0 @ 1.81 MB/s
14:03:52.624 Scan finished successfully
14:06:12.352 Disk 0 MBR has been saved successfully to "C:\Users\Laurent Effen Rocks\Desktop\MBR.dat"
14:06:12.359 The log file has been saved successfully to "C:\Users\Laurent Effen Rocks\Desktop\aswMBR.txt"
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks (administrator) on GALO-PC on 18-01-2015 14:18:28
Running from C:\Users\Laurent Effen Rocks\Desktop
Loaded Profiles: Laurent Effen Rocks (Available profiles: Laurent Effen Rocks & LogMeInRemoteUser & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsGui.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\HTC Home\Clock.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ISTray] => C:\Program Files (x86)\PC Tools Security\pctsGui.exe [1589208 2010-12-01] (PC Tools)
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [Clock Widget (HTC Home)] => C:\Program Files (x86)\HTC Home\Clock.exe [2036736 2011-11-28] ()
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
BootExecute: autocheck autochk * bootdelete
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM-x32 -> DefaultScope {27A228E7-6BC2-4C4B-9F55-26382491968E} URL =
SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKLM-x32 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5}
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://simulcast.ma...v/LiveSound.dll
DPF: HKLM-x32 {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} http://adus1.liveblo...ory/laiexec.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab
DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://imageupload9....geUploader6.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default
FF SearchEngineOrder.3: Bing
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @talk.google.com/O1DPlugin -> C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Laurent Effen Rocks\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Laurent Effen Rocks\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Laurent Effen Rocks\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default\searchplugins\bingp.xml
FF Extension: WOT - C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]
Chrome:
=======
CHR Profile: C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-30]
CHR Extension: (Google Drive) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29]
CHR Extension: (YouTube) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-30]
CHR Extension: (Google Search) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-30]
CHR Extension: (Google Wallet) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Gmail) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-30]
CHR HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Chrome\Extension: [jhbbmmgbnjalccamlaefhepnajfmgopb] - C:\Users\Laurent Effen Rocks\AppData\Local\CRE\jhbbmmgbnjalccamlaefhepnajfmgopb.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jhbbmmgbnjalccamlaefhepnajfmgopb] - C:\Users\Laurent Effen Rocks\AppData\Local\CRE\jhbbmmgbnjalccamlaefhepnajfmgopb.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 astcc; C:\Windows\SysWOW64\astsrv.exe [57344 2008-11-26] (Nalpeiron Ltd.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-14] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-14] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
R2 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
S4 VRAID Log Service; C:\Program Files (x86)\VIA\RAID\vialogsv.exe [52888 2008-09-24] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-18] (Realtek Semiconductor Corp.)
S3 cleanhlp; C:\EEK\BIN\cleanhlp64.sys [57024 2014-09-13] (Emsisoft GmbH)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-06-05] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [175648 2009-06-30] (NVIDIA Corporation)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-11-25] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools)
R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [32848 2011-06-13] ()
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-01-24] (Acronis)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\LAUREN~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\LAUREN~1\AppData\Local\Temp\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 14:18 - 2015-01-18 14:19 - 00028278 _____ () C:\Users\Laurent Effen Rocks\Desktop\FRST.txt
2015-01-18 14:12 - 2015-01-18 14:18 - 00000000 ____D () C:\FRST
2015-01-18 14:06 - 2015-01-18 14:06 - 00002391 _____ () C:\Users\Laurent Effen Rocks\Desktop\aswMBR.txt
2015-01-18 14:06 - 2015-01-18 14:06 - 00000512 _____ () C:\Users\Laurent Effen Rocks\Desktop\MBR.dat
2015-01-18 13:33 - 2015-01-18 13:33 - 02126848 _____ (Farbar) C:\Users\Laurent Effen Rocks\Desktop\FRST64.exe
2015-01-18 13:30 - 2015-01-18 13:30 - 05198336 _____ (AVAST Software) C:\Users\Laurent Effen Rocks\Desktop\aswMBR.exe
2015-01-18 03:06 - 2015-01-18 03:06 - 00003262 _____ () C:\Windows\System32\Tasks\{299F1F97-D564-4A06-B15E-C8C0BB14E34B}
2015-01-18 03:06 - 2015-01-18 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackballWorks
2015-01-17 15:59 - 2015-01-17 15:59 - 00000704 _____ () C:\EamClean.log
2015-01-17 12:51 - 2015-01-17 12:51 - 00037644 _____ () C:\ComboFix.txt
2015-01-17 09:39 - 2015-01-17 09:39 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\IsolatedStorage
2015-01-17 09:37 - 2015-01-17 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-01-17 09:36 - 2015-01-18 02:34 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\DigitalSites
2015-01-17 09:36 - 2015-01-17 10:16 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-01-17 09:36 - 2015-01-17 09:36 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-17 09:34 - 2015-01-17 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-15 20:47 - 2015-01-15 20:47 - 00262144 ____N () C:\Windows\Minidump\011515-34187-01.dmp
2015-01-14 10:52 - 2015-01-14 10:52 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-13 15:17 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 15:17 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 15:17 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 15:17 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 15:17 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 15:17 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 15:16 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 15:16 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 15:16 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 15:16 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 15:16 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 15:16 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 15:16 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-09 00:40 - 2015-01-09 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-02 16:01 - 2015-01-18 14:06 - 00000964 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA.job
2015-01-02 16:01 - 2015-01-17 16:06 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core.job
2015-01-02 16:01 - 2015-01-02 16:01 - 00003966 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA
2015-01-02 16:01 - 2015-01-02 16:01 - 00003570 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core
2014-12-27 20:00 - 2014-12-27 20:00 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrackballWorks
2014-12-27 19:58 - 2014-12-27 19:58 - 00000844 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
2014-12-27 19:56 - 2015-01-03 01:03 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\uTorrent
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 14:17 - 2011-02-20 20:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 13:52 - 2012-12-18 20:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 13:36 - 2011-02-13 03:30 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-18 12:08 - 2011-02-13 03:27 - 00000832 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-18 05:22 - 2011-02-07 12:52 - 01430264 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 05:05 - 2011-02-16 22:57 - 00000334 _____ () C:\Windows\Tasks\AVSRegistryCleaner.job
2015-01-18 04:23 - 2009-07-13 23:45 - 00017472 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 04:23 - 2009-07-13 23:45 - 00017472 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 04:18 - 2014-01-22 12:51 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-01-18 04:18 - 2014-01-22 12:51 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-18 04:18 - 2012-12-27 21:19 - 00000000 ____D () C:\Program Files (x86)\HTC Home
2015-01-18 04:18 - 2011-02-20 20:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 04:18 - 2011-02-13 03:30 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security
2015-01-18 04:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 02:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-01-18 02:10 - 2014-07-07 23:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 02:01 - 2011-02-13 16:26 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-17 16:11 - 2014-09-14 16:09 - 00000000 ____D () C:\Program Files (x86)\RKill
2015-01-17 13:45 - 2014-09-14 18:40 - 00000000 ____D () C:\EEK
2015-01-17 12:51 - 2012-12-23 12:23 - 00000000 ____D () C:\Qoobox
2015-01-17 12:46 - 2014-10-27 01:27 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\CrashDumps
2015-01-17 12:46 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-17 12:29 - 2012-06-20 14:13 - 00000000 ____D () C:\Program Files (x86)\RogueKiller
2015-01-17 11:54 - 2014-09-14 16:57 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-17 11:02 - 2012-12-23 13:48 - 00000000 ____D () C:\Program Files (x86)\ComboFix
2015-01-17 10:36 - 2014-07-06 01:31 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-17 10:23 - 2009-07-13 21:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-17 09:44 - 2011-09-10 12:53 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\.minecraft
2015-01-15 20:47 - 2011-02-13 12:20 - 00000000 ____D () C:\Windows\Minidump
2015-01-14 22:41 - 2014-03-28 09:47 - 00701788 _____ () C:\Windows\system32\perfh007.dat
2015-01-14 22:41 - 2014-03-28 09:47 - 00150686 _____ () C:\Windows\system32\perfc007.dat
2015-01-14 22:41 - 2011-02-13 00:34 - 00764030 _____ () C:\Windows\system32\perfh00A.dat
2015-01-14 22:41 - 2011-02-13 00:34 - 00164832 _____ () C:\Windows\system32\perfc00A.dat
2015-01-14 22:41 - 2011-02-07 13:28 - 02539324 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 22:41 - 2009-07-14 00:13 - 02539324 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 15:05 - 2011-02-13 16:26 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2015-01-14 10:52 - 2012-12-18 20:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 10:52 - 2012-09-09 00:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 10:52 - 2012-09-09 00:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 03:23 - 2013-07-31 19:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:01 - 2011-02-07 17:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:17 - 2011-02-13 03:31 - 04151810 _____ () C:\Windows\system32\Drivers\Cat.DB
2015-01-13 08:33 - 2011-06-30 21:21 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\HpUpdate
2015-01-09 20:12 - 2012-09-09 00:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-03 01:33 - 2011-02-13 03:30 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\Google
2015-01-02 16:01 - 2012-09-09 00:29 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla
2014-12-31 06:14 - 2011-02-07 13:32 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 16:29 - 2014-07-07 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 16:29 - 2014-07-07 23:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 20:20 - 2011-02-13 23:51 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\Adobe
2014-12-27 19:54 - 2011-07-15 16:03 - 00000000 ____D () C:\Program Files (x86)\tixati
==================== Files in the root of some directories =======
2014-05-08 00:03 - 2014-05-08 00:03 - 0002241 _____ () C:\Program Files (x86)\TdssKiller.lnk
2012-10-22 21:49 - 2012-10-24 20:22 - 0000177 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\hpmirrordriver.log
2011-02-07 18:58 - 2012-12-15 00:09 - 0007859 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.cat
2011-02-07 18:58 - 2012-12-15 00:09 - 0001167 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.inf
2011-02-07 18:59 - 2012-12-15 00:09 - 0000033 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.log
2011-02-07 18:58 - 2012-12-15 00:09 - 0082816 _____ (VSO Software) C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.sys
2013-07-26 23:36 - 2013-09-09 23:36 - 0000098 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\WB.CFG
2013-06-13 23:36 - 2013-06-22 23:36 - 0000005 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\WBPU-TTL.DAT
2011-02-19 00:22 - 2014-09-20 08:09 - 0044032 _____ () C:\Users\Laurent Effen Rocks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-19 07:50 - 2011-04-30 12:08 - 0007600 _____ () C:\Users\Laurent Effen Rocks\AppData\Local\Resmon.ResmonCfg
2012-06-19 17:37 - 2012-06-19 17:57 - 0000000 _____ () C:\ProgramData\-NfezIMrIkkW76n
2012-06-19 17:37 - 2012-06-19 17:57 - 0000160 _____ () C:\ProgramData\-NfezIMrIkkW76nr
2013-08-15 10:37 - 2013-08-15 10:37 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-04-26 22:02 - 2013-08-09 17:55 - 0059502 _____ () C:\ProgramData\hpzinstall.log
2012-06-19 17:37 - 2012-06-19 17:57 - 0000256 _____ () C:\ProgramData\NfezIMrIkkW76n
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 01:34
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks at 2015-01-18 14:20:30
Running from C:\Users\Laurent Effen Rocks\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Spyware Doctor with AntiVirus (Enabled - Up to date) {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spyware Doctor (Disabled - Up to date) {94076BB2-F3DA-227F-9A1E-F060FF73600F}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\uTorrent) (Version: 3.4.2.37594 - BitTorrent Inc.)
3DVIA player 5.0.0.20 (HKLM-x32\...\{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}) (Version: 5.0.20 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Able2Extract Professional 7.0 (HKLM-x32\...\{C894CC24-0DEC-4340-BCC9-DD4310DF3BEC}_is1) (Version: 7.0 - Investintech.com Inc.)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11 - Innovative Solutions)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)
AVS Audio Recorder 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version: 4.0.2.22 - Online Media Technologies Ltd.)
AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version: 2.0.1.3 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.1.529 - Online Media Technologies Ltd.)
AVS Document Converter 2.3.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.3.1.232 - Online Media Technologies Ltd.)
AVS DVD Copy 4.1.2.283 (HKLM-x32\...\AVS DVD Copy_is1) (Version: 4.1.2.283 - Online Media Technologies Ltd.)
AVS Image Converter 3.1.1.275 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.1.1.275 - Online Media Technologies Ltd.)
AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)
AVS Photo Editor 2.2.1.140 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.2.1.140 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.3.258 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.3.258 - Online Media Technologies Ltd.)
AVS Ringtone Maker version 1.6 (HKLM-x32\...\AVS Ringtone Maker 1.6_is1) (Version: 1.6.1.140 - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: 1.0.5.158 - Online Media Technologies Ltd.)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.1.161 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.161 - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.5 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: 1.5.1.27 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CardRecovery 6.00 (HKLM-x32\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software)
CM Installer (HKLM-x32\...\{681544C2-FFA2-4CFD-A9AD-2A3D25DF8D22}) (Version: 1.0.0.0 - Cyanogen Inc.)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Partition Master 9.1.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version: - EaseUS)
Genuine Fractals 6.0 Professional Edition (HKLM-x32\...\{FCADA4FF-142C-42A8-B73C-0A54A7F83345}) (Version: 6.0 - onOne Software)
Google Apps Migration For Microsoft Outlook® 3.1.21.46 (HKLM-x32\...\{09538C28-E130-4210-A8F3-1D175EE2DDF1}) (Version: 3.1.21.46 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToMeeting 4.8.0.723 (HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
HTC Home Apis (HKLM-x32\...\HTC Home Apis) (Version: 3.0.620.0 - Stealth)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
Lyrics Plugin for Windows Media Player (HKLM-x32\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MGTEK dopisp (HKLM-x32\...\{C25D3128-3136-4B33-9D32-8F0F5E81F349}) (Version: 6.0.3128 - MGTEK)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.65 (HKLM-x32\...\Mp3tag) (Version: v2.65 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.14200.48.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{7D0A13FA-56BC-4755-8BAF-45A69BA6A5C8}) (Version: 10.0.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Update (HKLM-x32\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.37 - Realtek Semiconductor Corp.)
Roblox (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Spyware Doctor with AntiVirus 8.0 (HKLM-x32\...\Spyware Doctor) (Version: 8.0 - PC Tools)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SYLTEditor (HKLM-x32\...\SYLTEditor) (Version: - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrackballWorks (HKLM-x32\...\{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}) (Version: 1.1.18 - Kensington Computer Products Group)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
ViewSonic Windows 7 x64 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.2500 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player 64-bit Plug-in Fix (HKLM\...\{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb) (Version: - )
Windows Media Player Plus! 2.6 (HKLM-x32\...\{67E4EF06-E0D6-42E0-A2BA-67199B0143FB}_is1) (Version: 2.6 - BM-productions)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
==================== Restore Points =========================
17-01-2015 01:25:17 Scheduled Checkpoint
17-01-2015 09:36:37 PerforMax Cleaner
17-01-2015 10:34:59 PerforMax Cleaner
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:34 - 2015-01-17 12:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {013C4B54-932F-4442-841A-1BE52AA2DC38} - System32\Tasks\{EBA151F1-24E4-460C-B254-25AA24337936} => C:\Program Files (x86)\AVS4YOU\AVSAudioEditor\AVSAudioEditor.exe [2013-12-18] (Online Media Technologies Ltd.)
Task: {1890952D-21D4-41C9-B866-CAE72F8C737A} - System32\Tasks\AVSRegistryCleaner => C:\Program Files (x86)\AVS4YOU\AVSRegistryCleaner\AVSRegistryCleaner.exe [2014-03-03] (Online Media Technologies Ltd.)
Task: {1E7D5FB0-F3F0-4430-BB9D-E6BD738E74B4} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {3321EF01-B7A7-4C7C-8549-226BFCBF255E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {357FE73B-B397-4298-9769-63C29C7EDDE7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {4D6D41D4-D36B-4BFA-85DD-15C13E2B31DE} - \Digital Sites No Task File <==== ATTENTION
Task: {53FFFBDB-3E5B-43C8-BCF4-E4C6B5AEE200} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {624E7849-AFDB-4718-B521-AC97FC77AEE5} - System32\Tasks\{6C51A34F-0C1D-450D-B7F9-9AE1DD8D08FF} => pcalua.exe -a "G:\My Documents\BitTorrent Downloads\Winrar 3.70 and Key.exe" -d "G:\My Documents\BitTorrent Downloads"
Task: {7186BD4A-AAE1-43EF-AD81-97377770E06C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {7ACC5097-E2DE-4100-8B3F-1C2A7A4E265F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {7E470414-E4B8-4CCA-997B-9D55C28D6E1D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9C8071CD-056C-48F4-9789-4288519B4CDE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A44BEA2C-93ED-455E-8B15-7BA559F23DE0} - System32\Tasks\{542E628D-10C4-41DD-9758-10C60F56980A} => pcalua.exe -a "C:\Program Files (x86)\Kensington\TrackballWorks\Uninstall.exe" -c "C:\Program Files (x86)\Kensington\TrackballWorks\install.log"
Task: {A699CAD1-DD5E-48AF-BB00-85A8619BB447} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-08-09] (Google)
Task: {B3183ED9-8185-485E-B9EC-4B8E2E358416} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {D23CBB86-3502-409B-ADA6-7BCF08574BCB} - System32\Tasks\{299F1F97-D564-4A06-B15E-C8C0BB14E34B} => pcalua.exe -a "C:\Users\Laurent Effen Rocks\Desktop\6d2b2af8-68f0-478a-ba1d-2684f0462b50.exe" -d "C:\Users\Laurent Effen Rocks\Desktop"
Task: {DC1B2321-787A-4673-A4B1-6478420305E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E4E41824-6759-4AC5-84AA-AFF3B61F38B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {E7CAF7B4-E984-49A2-97E9-1867CCCEEAE9} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EFAC2E60-09B2-4F20-9104-5F0D8C032B5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {F1E39E49-76D8-48B0-AE71-5573E9C67562} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVSRegistryCleaner.job => C:\Program Files (x86)\AVS4YOU\AVSRegistryCleaner\AVSRegistryCleaner.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core.job => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA.job => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-04-07 22:19 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-13 17:10 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-06-21 01:07 - 2011-11-28 07:54 - 02036736 _____ () C:\Program Files (x86)\HTC Home\Clock.exe
2011-06-21 01:06 - 2011-06-21 01:06 - 00249344 _____ () C:\Program Files (x86)\HTC Home\Home.Base.dll
2011-06-20 08:12 - 2011-06-20 08:12 - 00011776 _____ () C:\Program Files (x86)\HTC Home\Home.Packaging.dll
2011-06-21 01:06 - 2011-06-22 03:15 - 00016896 _____ () C:\Program Files (x86)\HTC Home\Weather.Base.dll
2011-06-20 08:12 - 2014-12-13 08:38 - 00018432 _____ () C:\Program Files (x86)\HTC Home\Extras\Weather\MSN.dll
2011-06-20 03:49 - 2011-06-20 03:49 - 04660736 _____ () C:\Program Files (x86)\HTC Home\UIFramework.Weather.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-05-17 15:20 - 2014-04-21 17:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2011-03-13 18:55 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-13 03:31 - 2010-08-10 17:59 - 01263576 _____ () C:\Program Files (x86)\PC Tools Security\UserModeFileCache.dll
2011-02-13 03:31 - 2010-08-10 17:58 - 00091608 _____ () C:\Program Files (x86)\PC Tools Security\avengine\sdkBSCtrl.dll
2011-02-13 03:31 - 2010-08-30 16:05 - 00157656 _____ () C:\Program Files (x86)\PC Tools Security\NetworkLayer\PCTCFHook.dll
2011-03-13 18:55 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-07-23 22:59 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2014-07-23 22:59 - 2009-02-27 16:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2011-03-13 21:02 - 2007-12-24 00:08 - 00391680 _____ () C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\ProgramData\TEMP:A4A25FD3
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: VRAID Log Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-2704817108-4072845770-1665254088-500 - Administrator - Disabled)
Galo (S-1-5-21-2704817108-4072845770-1665254088-1005 - Administrator - Disabled)
Guest (S-1-5-21-2704817108-4072845770-1665254088-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2704817108-4072845770-1665254088-1002 - Limited - Enabled)
Laurent Effen Rocks (S-1-5-21-2704817108-4072845770-1665254088-1000 - Administrator - Enabled) => C:\Users\Laurent Effen Rocks
LogMeInRemoteUser (S-1-5-21-2704817108-4072845770-1665254088-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
UpdatusUser (S-1-5-21-2704817108-4072845770-1665254088-1004 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: RAID Controller
Description: RAID Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/18/2015 01:21:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: bfc
Start Time: 01d0334b9001993f
Termination Time: 9
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Report Id:
Error: (01/18/2015 06:07:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/17/2015 04:03:47 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
Error: (01/17/2015 00:34:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Faulting module name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Exception code: 0x40000015
Fault offset: 0x0008d1c0
Faulting process id: 0xa04
Faulting application start time: 0xPEV.exe0
Faulting application path: PEV.exe1
Faulting module path: PEV.exe2
Report Id: PEV.exe3
Error: (01/17/2015 11:08:56 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
Error: (01/17/2015 10:25:53 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path
Error: (01/17/2015 09:38:22 AM) (Source: MsiInstaller) (EventID: 11316) (User: Galo-PC)
Description: Product: Consumer Input Update Helper -- Error 1316. The specified account already exists.
Error: (01/17/2015 01:18:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/16/2015 02:35:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/15/2015 09:28:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AVSAudioRecorder.exe, version: 4.0.2.22, time stamp: 0x521b3ab6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1b29e229
Faulting process id: 0xc94
Faulting application start time: 0xAVSAudioRecorder.exe0
Faulting application path: AVSAudioRecorder.exe1
Faulting module path: AVSAudioRecorder.exe2
Report Id: AVSAudioRecorder.exe3
System errors:
=============
Error: (01/18/2015 04:21:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069
Error: (01/18/2015 04:21:10 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (01/18/2015 04:17:58 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
Error: (01/18/2015 03:13:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069
Error: (01/18/2015 03:13:07 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (01/18/2015 03:09:49 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.
Error: (01/18/2015 03:08:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UpdateCenterService service.
Error: (01/18/2015 03:07:03 AM) (Source: mouclass) (EventID: 10) (User: )
Description: Could not disable interrupts on connected port device \Device\PointerClass1.
Error: (01/18/2015 02:42:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069
Error: (01/18/2015 02:42:02 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
Error: (08/08/2012 07:13:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2015-01-17 12:45:03.770
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-17 12:45:03.590
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-17 12:45:03.410
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-01-17 12:45:03.231
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-29 13:51:28.369
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-29 13:51:28.208
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-29 13:51:28.047
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-29 13:51:27.886
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-27 00:41:34.071
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2012-12-27 00:41:33.900
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: AMD Athlon 64 X2 Dual Core Processor 4800+
Percentage of memory in use: 58%
Total physical RAM: 3327.3 MB
Available physical RAM: 1380.59 MB
Total Pagefile: 6652.79 MB
Available Pagefile: 4257.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:297.99 GB) (Free:212.9 GB) NTFS
Drive f: (Elements) (Fixed) (Total:596.17 GB) (Free:434.57 GB) NTFS
Drive g: (Data) (Fixed) (Total:465.76 GB) (Free:308.94 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A6650269)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 800C2CD1)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: 0028F2EE)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================