Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92789 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Virus diagnostic help, please (possible infection) [Solved]


  • This topic is locked This topic is locked
50 replies to this topic

#1 ggee

ggee

    Authentic Member

  • Authentic Member
  • PipPip
  • 78 posts

Posted 18 January 2015 - 01:46 PM

Hello WTT,

 

Happy new year.

I beleive my PC might have been infected, after my young son tried downloading Minecraft without my permission. He knows daddy's PC is not for games, thats what his Wii-U and Xbox are for (the temptation must have got to him).

 

Anyways, I ran my Malware Bytes and I think it cleaned it out. But I would like the experts at WTT to take a look. Besides, I like coming on the site to get my "Tech" on - even though it's amature next to you guys =)

 

Please see the attached logs from aswMBR and FRST64.

As always - I recognize the time and value of the great volunteers, so......., Donations are coming!!!!!!

 

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-18 13:38:58

-----------------------------
13:38:58.519    OS Version: Windows x64 6.1.7601 Service Pack 1
13:38:58.520    Number of processors: 2 586 0x2302
13:38:58.521    ComputerName: GALO-PC  UserName:
13:39:00.174    Initialize success
13:39:00.404    VM: initialized successfully
13:39:00.406    VM: Amd CPU virtualization not supported
13:41:02.666    AVAST engine defs: 15011800
13:41:43.206    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
13:41:43.208    Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
13:41:43.212    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000067
13:41:43.216    Disk 1 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 8
13:41:43.330    Disk 0 MBR read successfully
13:41:43.337    Disk 0 MBR scan
13:41:43.378    Disk 0 Windows 7 default MBR code
13:41:43.388    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:41:43.415    Disk 0 Boot: NTFS     code=1
13:41:43.444    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       305144 MB offset 206848
13:41:43.474    Disk 0 scanning C:\Windows\system32\drivers
13:41:59.081    Service scanning
13:42:25.205    Modules scanning
13:42:25.211    Disk 0 trace - called modules:
13:42:25.236    ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt61.sys PCTCore64.sys storport.sys hal.dll vsmraid.sys
13:42:25.242    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003a81790]
13:42:25.248    3 CLASSPNP.SYS[fffff880010f743f] -> nt!IofCallDriver -> [0xfffffa8003a6d880]
13:42:25.255    5 vsflt61.sys[fffff88000e520fd] -> nt!IofCallDriver -> [0xfffffa8003a72b30]
13:42:25.261    7 PCTCore64.sys[fffff88001095094] -> nt!IofCallDriver -> \Device\00000066[0xfffffa800327b260]
13:42:26.501    AVAST engine scan C:\Windows
13:42:30.712    AVAST engine scan C:\Windows\system32
13:47:30.153    AVAST engine scan C:\Windows\system32\drivers
13:48:09.132    AVAST engine scan C:\Users\Laurent Effen Rocks
13:55:31.455    AVAST engine scan C:\ProgramData
14:03:52.613    Disk 0 statistics 3756444/0/0 @ 1.81 MB/s
14:03:52.624    Scan finished successfully
14:06:12.352    Disk 0 MBR has been saved successfully to "C:\Users\Laurent Effen Rocks\Desktop\MBR.dat"
14:06:12.359    The log file has been saved successfully to "C:\Users\Laurent Effen Rocks\Desktop\aswMBR.txt"

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks (administrator) on GALO-PC on 18-01-2015 14:18:28

Running from C:\Users\Laurent Effen Rocks\Desktop
Loaded Profiles: Laurent Effen Rocks (Available profiles: Laurent Effen Rocks & LogMeInRemoteUser & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsGui.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\HTC Home\Clock.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ISTray] => C:\Program Files (x86)\PC Tools Security\pctsGui.exe [1589208 2010-12-01] (PC Tools)
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [Clock Widget (HTC Home)] => C:\Program Files (x86)\HTC Home\Clock.exe [2036736 2011-11-28] ()
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM-x32 -> DefaultScope {27A228E7-6BC2-4C4B-9F55-26382491968E} URL =
SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKLM-x32 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} ->  No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5}
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://simulcast.ma...v/LiveSound.dll
DPF: HKLM-x32 {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} http://adus1.liveblo...ory/laiexec.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab
DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://imageupload9....geUploader6.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks-x32:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default
FF SearchEngineOrder.3: Bing
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @talk.google.com/O1DPlugin -> C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Laurent Effen Rocks\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Laurent Effen Rocks\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Laurent Effen Rocks\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default\searchplugins\bingp.xml
FF Extension: WOT - C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]

Chrome:
=======
CHR Profile: C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-30]
CHR Extension: (Google Drive) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29]
CHR Extension: (YouTube) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-30]
CHR Extension: (Google Search) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-30]
CHR Extension: (Google Wallet) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Gmail) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-30]
CHR HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Chrome\Extension: [jhbbmmgbnjalccamlaefhepnajfmgopb] - C:\Users\Laurent Effen Rocks\AppData\Local\CRE\jhbbmmgbnjalccamlaefhepnajfmgopb.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jhbbmmgbnjalccamlaefhepnajfmgopb] - C:\Users\Laurent Effen Rocks\AppData\Local\CRE\jhbbmmgbnjalccamlaefhepnajfmgopb.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 astcc; C:\Windows\SysWOW64\astsrv.exe [57344 2008-11-26] (Nalpeiron Ltd.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-14] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-14] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
R2 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
S4 VRAID Log Service; C:\Program Files (x86)\VIA\RAID\vialogsv.exe [52888 2008-09-24] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-18] (Realtek Semiconductor Corp.)
S3 cleanhlp; C:\EEK\BIN\cleanhlp64.sys [57024 2014-09-13] (Emsisoft GmbH)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-06-05] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [175648 2009-06-30] (NVIDIA Corporation)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-11-25] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools)
R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [32848 2011-06-13] ()
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-01-24] (Acronis)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\LAUREN~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\LAUREN~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 14:18 - 2015-01-18 14:19 - 00028278 _____ () C:\Users\Laurent Effen Rocks\Desktop\FRST.txt
2015-01-18 14:12 - 2015-01-18 14:18 - 00000000 ____D () C:\FRST
2015-01-18 14:06 - 2015-01-18 14:06 - 00002391 _____ () C:\Users\Laurent Effen Rocks\Desktop\aswMBR.txt
2015-01-18 14:06 - 2015-01-18 14:06 - 00000512 _____ () C:\Users\Laurent Effen Rocks\Desktop\MBR.dat
2015-01-18 13:33 - 2015-01-18 13:33 - 02126848 _____ (Farbar) C:\Users\Laurent Effen Rocks\Desktop\FRST64.exe
2015-01-18 13:30 - 2015-01-18 13:30 - 05198336 _____ (AVAST Software) C:\Users\Laurent Effen Rocks\Desktop\aswMBR.exe
2015-01-18 03:06 - 2015-01-18 03:06 - 00003262 _____ () C:\Windows\System32\Tasks\{299F1F97-D564-4A06-B15E-C8C0BB14E34B}
2015-01-18 03:06 - 2015-01-18 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackballWorks
2015-01-17 15:59 - 2015-01-17 15:59 - 00000704 _____ () C:\EamClean.log
2015-01-17 12:51 - 2015-01-17 12:51 - 00037644 _____ () C:\ComboFix.txt
2015-01-17 09:39 - 2015-01-17 09:39 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\IsolatedStorage
2015-01-17 09:37 - 2015-01-17 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-01-17 09:36 - 2015-01-18 02:34 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\DigitalSites
2015-01-17 09:36 - 2015-01-17 10:16 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-01-17 09:36 - 2015-01-17 09:36 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-17 09:34 - 2015-01-17 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-15 20:47 - 2015-01-15 20:47 - 00262144 ____N () C:\Windows\Minidump\011515-34187-01.dmp
2015-01-14 10:52 - 2015-01-14 10:52 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-13 15:17 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 15:17 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 15:17 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 15:17 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 15:17 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 15:17 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 15:16 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 15:16 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 15:16 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 15:16 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 15:16 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 15:16 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 15:16 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-09 00:40 - 2015-01-09 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-02 16:01 - 2015-01-18 14:06 - 00000964 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA.job
2015-01-02 16:01 - 2015-01-17 16:06 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core.job
2015-01-02 16:01 - 2015-01-02 16:01 - 00003966 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA
2015-01-02 16:01 - 2015-01-02 16:01 - 00003570 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core
2014-12-27 20:00 - 2014-12-27 20:00 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrackballWorks
2014-12-27 19:58 - 2014-12-27 19:58 - 00000844 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
2014-12-27 19:56 - 2015-01-03 01:03 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\uTorrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 14:17 - 2011-02-20 20:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 13:52 - 2012-12-18 20:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 13:36 - 2011-02-13 03:30 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-18 12:08 - 2011-02-13 03:27 - 00000832 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-18 05:22 - 2011-02-07 12:52 - 01430264 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 05:05 - 2011-02-16 22:57 - 00000334 _____ () C:\Windows\Tasks\AVSRegistryCleaner.job
2015-01-18 04:23 - 2009-07-13 23:45 - 00017472 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 04:23 - 2009-07-13 23:45 - 00017472 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 04:18 - 2014-01-22 12:51 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-01-18 04:18 - 2014-01-22 12:51 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-18 04:18 - 2012-12-27 21:19 - 00000000 ____D () C:\Program Files (x86)\HTC Home
2015-01-18 04:18 - 2011-02-20 20:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 04:18 - 2011-02-13 03:30 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security
2015-01-18 04:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 02:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-01-18 02:10 - 2014-07-07 23:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 02:01 - 2011-02-13 16:26 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-17 16:11 - 2014-09-14 16:09 - 00000000 ____D () C:\Program Files (x86)\RKill
2015-01-17 13:45 - 2014-09-14 18:40 - 00000000 ____D () C:\EEK
2015-01-17 12:51 - 2012-12-23 12:23 - 00000000 ____D () C:\Qoobox
2015-01-17 12:46 - 2014-10-27 01:27 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\CrashDumps
2015-01-17 12:46 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-17 12:29 - 2012-06-20 14:13 - 00000000 ____D () C:\Program Files (x86)\RogueKiller
2015-01-17 11:54 - 2014-09-14 16:57 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-17 11:02 - 2012-12-23 13:48 - 00000000 ____D () C:\Program Files (x86)\ComboFix
2015-01-17 10:36 - 2014-07-06 01:31 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-17 10:23 - 2009-07-13 21:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-17 09:44 - 2011-09-10 12:53 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\.minecraft
2015-01-15 20:47 - 2011-02-13 12:20 - 00000000 ____D () C:\Windows\Minidump
2015-01-14 22:41 - 2014-03-28 09:47 - 00701788 _____ () C:\Windows\system32\perfh007.dat
2015-01-14 22:41 - 2014-03-28 09:47 - 00150686 _____ () C:\Windows\system32\perfc007.dat
2015-01-14 22:41 - 2011-02-13 00:34 - 00764030 _____ () C:\Windows\system32\perfh00A.dat
2015-01-14 22:41 - 2011-02-13 00:34 - 00164832 _____ () C:\Windows\system32\perfc00A.dat
2015-01-14 22:41 - 2011-02-07 13:28 - 02539324 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 22:41 - 2009-07-14 00:13 - 02539324 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 15:05 - 2011-02-13 16:26 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2015-01-14 10:52 - 2012-12-18 20:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 10:52 - 2012-09-09 00:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 10:52 - 2012-09-09 00:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 03:23 - 2013-07-31 19:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:01 - 2011-02-07 17:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:17 - 2011-02-13 03:31 - 04151810 _____ () C:\Windows\system32\Drivers\Cat.DB
2015-01-13 08:33 - 2011-06-30 21:21 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\HpUpdate
2015-01-09 20:12 - 2012-09-09 00:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-03 01:33 - 2011-02-13 03:30 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\Google
2015-01-02 16:01 - 2012-09-09 00:29 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla
2014-12-31 06:14 - 2011-02-07 13:32 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 16:29 - 2014-07-07 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 16:29 - 2014-07-07 23:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 20:20 - 2011-02-13 23:51 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\Adobe
2014-12-27 19:54 - 2011-07-15 16:03 - 00000000 ____D () C:\Program Files (x86)\tixati

==================== Files in the root of some directories =======
2014-05-08 00:03 - 2014-05-08 00:03 - 0002241 _____ () C:\Program Files (x86)\TdssKiller.lnk
2012-10-22 21:49 - 2012-10-24 20:22 - 0000177 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\hpmirrordriver.log
2011-02-07 18:58 - 2012-12-15 00:09 - 0007859 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.cat
2011-02-07 18:58 - 2012-12-15 00:09 - 0001167 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.inf
2011-02-07 18:59 - 2012-12-15 00:09 - 0000033 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.log
2011-02-07 18:58 - 2012-12-15 00:09 - 0082816 _____ (VSO Software) C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.sys
2013-07-26 23:36 - 2013-09-09 23:36 - 0000098 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\WB.CFG
2013-06-13 23:36 - 2013-06-22 23:36 - 0000005 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\WBPU-TTL.DAT
2011-02-19 00:22 - 2014-09-20 08:09 - 0044032 _____ () C:\Users\Laurent Effen Rocks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-19 07:50 - 2011-04-30 12:08 - 0007600 _____ () C:\Users\Laurent Effen Rocks\AppData\Local\Resmon.ResmonCfg
2012-06-19 17:37 - 2012-06-19 17:57 - 0000000 _____ () C:\ProgramData\-NfezIMrIkkW76n
2012-06-19 17:37 - 2012-06-19 17:57 - 0000160 _____ () C:\ProgramData\-NfezIMrIkkW76nr
2013-08-15 10:37 - 2013-08-15 10:37 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-04-26 22:02 - 2013-08-09 17:55 - 0059502 _____ () C:\ProgramData\hpzinstall.log
2012-06-19 17:37 - 2012-06-19 17:57 - 0000256 _____ () C:\ProgramData\NfezIMrIkkW76n

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 01:34

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks at 2015-01-18 14:20:30

Running from C:\Users\Laurent Effen Rocks\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Spyware Doctor with AntiVirus (Enabled - Up to date) {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spyware Doctor (Disabled - Up to date) {94076BB2-F3DA-227F-9A1E-F060FF73600F}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\uTorrent) (Version: 3.4.2.37594 - BitTorrent Inc.)
3DVIA player 5.0.0.20 (HKLM-x32\...\{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}) (Version: 5.0.20 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Able2Extract Professional 7.0 (HKLM-x32\...\{C894CC24-0DEC-4340-BCC9-DD4310DF3BEC}_is1) (Version: 7.0 - Investintech.com Inc.)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11 - Innovative Solutions)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)
AVS Audio Recorder 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version: 4.0.2.22 - Online Media Technologies Ltd.)
AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version: 2.0.1.3 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.1.529 - Online Media Technologies Ltd.)
AVS Document Converter 2.3.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.3.1.232 - Online Media Technologies Ltd.)
AVS DVD Copy 4.1.2.283 (HKLM-x32\...\AVS DVD Copy_is1) (Version: 4.1.2.283 - Online Media Technologies Ltd.)
AVS Image Converter 3.1.1.275 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.1.1.275 - Online Media Technologies Ltd.)
AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)
AVS Photo Editor 2.2.1.140 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.2.1.140 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.3.258 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.3.258 - Online Media Technologies Ltd.)
AVS Ringtone Maker version 1.6 (HKLM-x32\...\AVS Ringtone Maker 1.6_is1) (Version: 1.6.1.140 - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: 1.0.5.158 - Online Media Technologies Ltd.)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.1.161 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.161 - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.5 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: 1.5.1.27 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CardRecovery 6.00 (HKLM-x32\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version:  - WinRecovery Software)
CM Installer (HKLM-x32\...\{681544C2-FFA2-4CFD-A9AD-2A3D25DF8D22}) (Version: 1.0.0.0 - Cyanogen Inc.)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Partition Master 9.1.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version:  - EaseUS)
Genuine Fractals 6.0 Professional Edition (HKLM-x32\...\{FCADA4FF-142C-42A8-B73C-0A54A7F83345}) (Version: 6.0 - onOne Software)
Google Apps Migration For Microsoft Outlook® 3.1.21.46 (HKLM-x32\...\{09538C28-E130-4210-A8F3-1D175EE2DDF1}) (Version: 3.1.21.46 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToMeeting 4.8.0.723 (HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
HTC Home Apis (HKLM-x32\...\HTC Home Apis) (Version: 3.0.620.0 - Stealth)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
Lyrics Plugin for Windows Media Player (HKLM-x32\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MGTEK dopisp (HKLM-x32\...\{C25D3128-3136-4B33-9D32-8F0F5E81F349}) (Version: 6.0.3128 - MGTEK)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.65 (HKLM-x32\...\Mp3tag) (Version: v2.65 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.14200.48.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{7D0A13FA-56BC-4755-8BAF-45A69BA6A5C8}) (Version: 10.0.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Update (HKLM-x32\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.37 - Realtek Semiconductor Corp.)
Roblox (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Spyware Doctor with AntiVirus 8.0 (HKLM-x32\...\Spyware Doctor) (Version: 8.0 - PC Tools)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SYLTEditor (HKLM-x32\...\SYLTEditor) (Version:  - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrackballWorks (HKLM-x32\...\{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}) (Version: 1.1.18 - Kensington Computer Products Group)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
ViewSonic Windows 7 x64 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version:  - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.2500 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player 64-bit Plug-in Fix (HKLM\...\{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb) (Version:  - )
Windows Media Player Plus! 2.6 (HKLM-x32\...\{67E4EF06-E0D6-42E0-A2BA-67199B0143FB}_is1) (Version: 2.6 - BM-productions)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

17-01-2015 01:25:17 Scheduled Checkpoint
17-01-2015 09:36:37 PerforMax Cleaner
17-01-2015 10:34:59 PerforMax Cleaner

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-17 12:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {013C4B54-932F-4442-841A-1BE52AA2DC38} - System32\Tasks\{EBA151F1-24E4-460C-B254-25AA24337936} => C:\Program Files (x86)\AVS4YOU\AVSAudioEditor\AVSAudioEditor.exe [2013-12-18] (Online Media Technologies Ltd.)
Task: {1890952D-21D4-41C9-B866-CAE72F8C737A} - System32\Tasks\AVSRegistryCleaner => C:\Program Files (x86)\AVS4YOU\AVSRegistryCleaner\AVSRegistryCleaner.exe [2014-03-03] (Online Media Technologies Ltd.)
Task: {1E7D5FB0-F3F0-4430-BB9D-E6BD738E74B4} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {3321EF01-B7A7-4C7C-8549-226BFCBF255E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {357FE73B-B397-4298-9769-63C29C7EDDE7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {4D6D41D4-D36B-4BFA-85DD-15C13E2B31DE} - \Digital Sites No Task File <==== ATTENTION
Task: {53FFFBDB-3E5B-43C8-BCF4-E4C6B5AEE200} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {624E7849-AFDB-4718-B521-AC97FC77AEE5} - System32\Tasks\{6C51A34F-0C1D-450D-B7F9-9AE1DD8D08FF} => pcalua.exe -a "G:\My Documents\BitTorrent Downloads\Winrar 3.70 and Key.exe" -d "G:\My Documents\BitTorrent Downloads"
Task: {7186BD4A-AAE1-43EF-AD81-97377770E06C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {7ACC5097-E2DE-4100-8B3F-1C2A7A4E265F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {7E470414-E4B8-4CCA-997B-9D55C28D6E1D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9C8071CD-056C-48F4-9789-4288519B4CDE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A44BEA2C-93ED-455E-8B15-7BA559F23DE0} - System32\Tasks\{542E628D-10C4-41DD-9758-10C60F56980A} => pcalua.exe -a "C:\Program Files (x86)\Kensington\TrackballWorks\Uninstall.exe" -c "C:\Program Files (x86)\Kensington\TrackballWorks\install.log"
Task: {A699CAD1-DD5E-48AF-BB00-85A8619BB447} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-08-09] (Google)
Task: {B3183ED9-8185-485E-B9EC-4B8E2E358416} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {D23CBB86-3502-409B-ADA6-7BCF08574BCB} - System32\Tasks\{299F1F97-D564-4A06-B15E-C8C0BB14E34B} => pcalua.exe -a "C:\Users\Laurent Effen Rocks\Desktop\6d2b2af8-68f0-478a-ba1d-2684f0462b50.exe" -d "C:\Users\Laurent Effen Rocks\Desktop"
Task: {DC1B2321-787A-4673-A4B1-6478420305E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E4E41824-6759-4AC5-84AA-AFF3B61F38B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {E7CAF7B4-E984-49A2-97E9-1867CCCEEAE9} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EFAC2E60-09B2-4F20-9104-5F0D8C032B5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {F1E39E49-76D8-48B0-AE71-5573E9C67562} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVSRegistryCleaner.job => C:\Program Files (x86)\AVS4YOU\AVSRegistryCleaner\AVSRegistryCleaner.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core.job => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA.job => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-07 22:19 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-13 17:10 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-06-21 01:07 - 2011-11-28 07:54 - 02036736 _____ () C:\Program Files (x86)\HTC Home\Clock.exe
2011-06-21 01:06 - 2011-06-21 01:06 - 00249344 _____ () C:\Program Files (x86)\HTC Home\Home.Base.dll
2011-06-20 08:12 - 2011-06-20 08:12 - 00011776 _____ () C:\Program Files (x86)\HTC Home\Home.Packaging.dll
2011-06-21 01:06 - 2011-06-22 03:15 - 00016896 _____ () C:\Program Files (x86)\HTC Home\Weather.Base.dll
2011-06-20 08:12 - 2014-12-13 08:38 - 00018432 _____ () C:\Program Files (x86)\HTC Home\Extras\Weather\MSN.dll
2011-06-20 03:49 - 2011-06-20 03:49 - 04660736 _____ () C:\Program Files (x86)\HTC Home\UIFramework.Weather.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-05-17 15:20 - 2014-04-21 17:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2011-03-13 18:55 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-13 03:31 - 2010-08-10 17:59 - 01263576 _____ () C:\Program Files (x86)\PC Tools Security\UserModeFileCache.dll
2011-02-13 03:31 - 2010-08-10 17:58 - 00091608 _____ () C:\Program Files (x86)\PC Tools Security\avengine\sdkBSCtrl.dll
2011-02-13 03:31 - 2010-08-30 16:05 - 00157656 _____ () C:\Program Files (x86)\PC Tools Security\NetworkLayer\PCTCFHook.dll
2011-03-13 18:55 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-07-23 22:59 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2014-07-23 22:59 - 2009-02-27 16:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2011-03-13 21:02 - 2007-12-24 00:08 - 00391680 _____ () C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\ProgramData\TEMP:A4A25FD3
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: VRAID Log Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2704817108-4072845770-1665254088-500 - Administrator - Disabled)
Galo (S-1-5-21-2704817108-4072845770-1665254088-1005 - Administrator - Disabled)
Guest (S-1-5-21-2704817108-4072845770-1665254088-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2704817108-4072845770-1665254088-1002 - Limited - Enabled)
Laurent Effen Rocks (S-1-5-21-2704817108-4072845770-1665254088-1000 - Administrator - Enabled) => C:\Users\Laurent Effen Rocks
LogMeInRemoteUser (S-1-5-21-2704817108-4072845770-1665254088-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
UpdatusUser (S-1-5-21-2704817108-4072845770-1665254088-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: RAID Controller
Description: RAID Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 01:21:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bfc

Start Time: 01d0334b9001993f

Termination Time: 9

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/18/2015 06:07:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/17/2015 04:03:47 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (01/17/2015 00:34:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Faulting module name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Exception code: 0x40000015
Fault offset: 0x0008d1c0
Faulting process id: 0xa04
Faulting application start time: 0xPEV.exe0
Faulting application path: PEV.exe1
Faulting module path: PEV.exe2
Report Id: PEV.exe3

Error: (01/17/2015 11:08:56 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (01/17/2015 10:25:53 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (01/17/2015 09:38:22 AM) (Source: MsiInstaller) (EventID: 11316) (User: Galo-PC)
Description: Product: Consumer Input Update Helper -- Error 1316. The specified account already exists.

Error: (01/17/2015 01:18:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/16/2015 02:35:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/15/2015 09:28:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AVSAudioRecorder.exe, version: 4.0.2.22, time stamp: 0x521b3ab6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1b29e229
Faulting process id: 0xc94
Faulting application start time: 0xAVSAudioRecorder.exe0
Faulting application path: AVSAudioRecorder.exe1
Faulting module path: AVSAudioRecorder.exe2
Report Id: AVSAudioRecorder.exe3

System errors:
=============
Error: (01/18/2015 04:21:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/18/2015 04:21:10 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/18/2015 04:17:58 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (01/18/2015 03:13:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/18/2015 03:13:07 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/18/2015 03:09:49 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (01/18/2015 03:08:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UpdateCenterService service.

Error: (01/18/2015 03:07:03 AM) (Source: mouclass) (EventID: 10) (User: )
Description: Could not disable interrupts on connected port device \Device\PointerClass1.

Error: (01/18/2015 02:42:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/18/2015 02:42:02 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Microsoft Office Sessions:
=========================
Error: (08/08/2012 07:13:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2015-01-17 12:45:03.770
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-17 12:45:03.590
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-17 12:45:03.410
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-17 12:45:03.231
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-29 13:51:28.369
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-29 13:51:28.208
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-29 13:51:28.047
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-29 13:51:27.886
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-27 00:41:34.071
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-27 00:41:33.900
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4800+
Percentage of memory in use: 58%
Total physical RAM: 3327.3 MB
Available physical RAM: 1380.59 MB
Total Pagefile: 6652.79 MB
Available Pagefile: 4257.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:212.9 GB) NTFS
Drive f: (Elements) (Fixed) (Total:596.17 GB) (Free:434.57 GB) NTFS
Drive g: (Data) (Fixed) (Total:465.76 GB) (Free:308.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A6650269)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 800C2CD1)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: 0028F2EE)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================


    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 18 January 2015 - 08:43 PM

Hi ggee,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

bullseye_zpse9eaf36e.gif P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

  • uTorrent

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

I see you have/had ComboFix installed. When did you last use it?

What other malware removal programs have you run with regards to this issue?

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt




Start
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM-x32 -> DefaultScope {27A228E7-6BC2-4C4B-9F55-26382491968E} URL =
SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKLM-x32 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} ->  No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Task: {4D6D41D4-D36B-4BFA-85DD-15C13E2B31DE} - \Digital Sites No Task File <==== ATTENTION
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

  • checkup.txt
  • Fixlog.txt
  • Adwcleaner[S0].txt
  • JRT.txt
  • new FRST.txt
  • P2P decision
  • ComboFix and other tools information
  • How is the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 ggee

ggee

    Authentic Member

  • Authentic Member
  • PipPip
  • 78 posts

Posted 19 January 2015 - 01:08 AM

Hello,

 

To answer your questions:

 

uTorrent - Yes I installed it on my PC a long time ago. But I do not use it (maybe twice in the last two years) and it is not set to automatically run, connect, or share. It is set up in such a way that it will only run when I manually start it, and I shut it down when I exit out of it. Again, just so you are aware - I do not use it.

 

ComboFix - This was installed on my PC from the last time I received help from WTT. I beleive the last time I ran it was back in mid 2014. The only malware tool I ran with regards to this current infection was Malware Bytes (scan version only), and then MS Security Essentials.

 

Other Malware tool installed - My main realtime antivirus and firewall is MS Security Essentials. For realtime spyware I use Spyware Doctor (from PC Tools Security). Those are the only two realtime active tools I use. I also use the free version of Malware Bytes which is not realtime - it only performs manual updates and scans.

 

Symptoms - There does not seem to be any true symptoms, but I can't be sure there is anything infected. That is way I thought it might be best to come to you guys, just to be sure. Although, sometime my PC does get sluggish momentarily. This has been happening for about the past 4 or 5 months. But I think that may be more of a pure performance thing, which I will also have checked with you guys (after we are done with this).

 

**Update** - Actually, I just noticed my IE 11 won't open certain web sites. For example I can't get into cnn.com, or msn.com. I can't even get into yahoo.com, or my schools' website. This was not happening before. Yet somehow I can get into youtube.com (although the ad on the top of the page says "This page can't be displayed"). And I can get into WTT. The same thing is happening with my Firefox. Why????

 

Please see the attached logs in the order you instructed:

 

Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
Spyware Doctor with AntiVirus  
  (On Access scanning disabled!)
 Error obtaining update status for antivirus! 
`````````Anti-malware/Other Utilities Check:`````````
 Spyware Doctor with AntiVirus 8.0
 AVS Registry Cleaner 2.3.3.258 
 JavaFX 2.1.1   
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.257 
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks at 2015-01-19 00:25:33 Run:1
Running from C:\Users\Laurent Effen Rocks\Desktop
Loaded Profiles: Laurent Effen Rocks (Available profiles: Laurent Effen Rocks & LogMeInRemoteUser & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM-x32 -> DefaultScope {27A228E7-6BC2-4C4B-9F55-26382491968E} URL =
SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKLM-x32 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} ->  No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Task: {4D6D41D4-D36B-4BFA-85DD-15C13E2B31DE} - \Digital Sites No Task File <==== ATTENTION
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
End
*****************

Processes closed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8fe8d013-c3fd-4802-af48-79274e9f969e} => Key not found.
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => Key deleted successfully.
HKCR\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => Key not found.
"HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}" => Key deleted successfully.
HKCR\CLSID\{8fe8d013-c3fd-4802-af48-79274e9f969e} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41c9-AAE8-31F2EC22BF0D} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{71576546-354D-41c9-AAE8-31F2EC22BF0D}" => Key deleted successfully.
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => value deleted successfully.
HKCR\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D6D41D4-D36B-4BFA-85DD-15C13E2B31DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D6D41D4-D36B-4BFA-85DD-15C13E2B31DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 698.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 00:26:11 ====

 

 

# AdwCleaner v4.108 - Report created 19/01/2015 at 00:58:57
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Laurent Effen Rocks - GALO-PC
# Running from : C:\Users\Laurent Effen Rocks\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\Program Files (x86)\HiDefMedia
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Laurent Effen Rocks\AppData\Local\PackageAware
Folder Deleted : C:\Users\Laurent Effen Rocks\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Laurent Effen Rocks\AppData\Roaming\GrabPro
File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default\searchplugins\bingp.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3315828
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28C02550-6572-401a-A2AE-5BC703C9BBA6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKLM\SOFTWARE\CompeteInc

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.FF19Solved", "true");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.UserID", "UN34059080071753220");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.browser.search.defaultthis.engineName", "true");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.fullUserID", "UN34059080071753220.IN.20140101200103");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.installDate", "01/01/2014 20:01:21");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.installSessionId", "{3B38BA88-490E-4E91-A0DE-EF75503748A8}");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.installSp", "TRUE");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.installerVersion", "1.8.1.4");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.keyword", "true");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.originalHomepage", "hxxp://www.google.com");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.originalSearchAddressUrl", "hxxp://www.bing.com/search?FORM=U019DF&PC=U019&dt=072713&q=");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.originalSearchEngine", "Bing ");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.originalSearchEngineName", "Bing ");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.searchRevert", "false");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.searchUninstallUserMode", "2");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.searchUserMode", "2");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.smartbar.homepage", "true");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.toolbarInstallDate", "01-01-2014 20:01:03");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.versionFromInstaller", "10.23.0.726");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.xpeMode", "0");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=U019DF&PC=U019&dt=072713&q=");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.7 Customized Web Search");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://vosteran.com/?f=1&a=vst_ggfc_15_03_ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0FyEyCyB0CtBtAzzyEyB0FtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1[...]
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://vosteran.com/?f=2&a=vst_ggfc_15_03_ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0FyEyCyB0CtBtAzzyEyB0FtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDy[...]
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://vosteran.com/?f=3&a=vst_ggfc_15_03_ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0FyEyCyB0CtBtAzzyEyB0FtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzyt[...]
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3315828");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3315828");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3315828");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "YKYUH8UX8SATL4JNQBWKHIGY4YOD5FSEWHOQ+WBQQJPWYUGFE1YER23BTMG+UAWEVFXGD0AQRP+ALDEQVBFRTG");

-\\ Google Chrome v

[C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp

*************************

AdwCleaner[R0].txt - [9510 octets] - [19/01/2015 00:38:12]
AdwCleaner[S0].txt - [9714 octets] - [19/01/2015 00:58:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9774 octets] ##########

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks (administrator) on GALO-PC on 19-01-2015 01:28:48
Running from C:\Users\Laurent Effen Rocks\Desktop
Loaded Profiles: Laurent Effen Rocks (Available profiles: Laurent Effen Rocks & LogMeInRemoteUser & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
() C:\Program Files (x86)\HTC Home\Clock.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsGui.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ISTray] => C:\Program Files (x86)\PC Tools Security\pctsGui.exe [1589208 2010-12-01] (PC Tools)
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [Clock Widget (HTC Home)] => C:\Program Files (x86)\HTC Home\Clock.exe [2036736 2011-11-28] ()
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5}
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://simulcast.ma...v/LiveSound.dll
DPF: HKLM-x32 {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} http://adus1.liveblo...ory/laiexec.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab
DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://imageupload9....geUploader6.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]
ShellExecuteHooks-x32:  - {AEB6717E-7E19-11d0-97EE-00C04FD91972} -  No File [ ]

FireFox:
========
FF ProfilePath: C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default
FF SearchEngineOrder.3: Bing
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @talk.google.com/O1DPlugin -> C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Laurent Effen Rocks\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Laurent Effen Rocks\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Laurent Effen Rocks\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: WOT - C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]

Chrome:
=======
CHR Profile: C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-30]
CHR Extension: (Google Drive) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29]
CHR Extension: (YouTube) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-30]
CHR Extension: (Google Search) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-30]
CHR Extension: (Google Wallet) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Gmail) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-30]
CHR HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Chrome\Extension: [jhbbmmgbnjalccamlaefhepnajfmgopb] - C:\Users\Laurent Effen Rocks\AppData\Local\CRE\jhbbmmgbnjalccamlaefhepnajfmgopb.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jhbbmmgbnjalccamlaefhepnajfmgopb] - C:\Users\Laurent Effen Rocks\AppData\Local\CRE\jhbbmmgbnjalccamlaefhepnajfmgopb.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 astcc; C:\Windows\SysWOW64\astsrv.exe [57344 2008-11-26] (Nalpeiron Ltd.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-14] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-14] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
U2 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
S4 VRAID Log Service; C:\Program Files (x86)\VIA\RAID\vialogsv.exe [52888 2008-09-24] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-18] (Realtek Semiconductor Corp.)
S3 cleanhlp; C:\EEK\BIN\cleanhlp64.sys [57024 2014-09-13] (Emsisoft GmbH)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-06-05] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [175648 2009-06-30] (NVIDIA Corporation)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-11-25] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools)
R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [32848 2011-06-13] ()
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-01-24] (Acronis)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 01:28 - 2015-01-19 01:29 - 00023911 _____ () C:\Users\Laurent Effen Rocks\Desktop\FRST.txt
2015-01-19 01:01 - 2015-01-19 01:01 - 00009894 _____ () C:\Users\Laurent Effen Rocks\Desktop\AdwCleaner[S0].txt
2015-01-19 00:37 - 2015-01-19 00:58 - 00000000 ____D () C:\AdwCleaner
2015-01-19 00:37 - 2015-01-19 00:36 - 02186752 _____ () C:\Users\Laurent Effen Rocks\Desktop\AdwCleaner.exe
2015-01-19 00:20 - 2015-01-19 00:20 - 00001034 _____ () C:\Users\Laurent Effen Rocks\Desktop\checkup.txt
2015-01-18 23:54 - 2015-01-18 23:54 - 00262144 ____N () C:\Windows\Minidump\011815-47781-01.dmp
2015-01-18 23:46 - 2015-01-18 23:46 - 00852504 _____ () C:\Users\Laurent Effen Rocks\Desktop\SecurityCheck.exe
2015-01-18 20:04 - 2015-01-18 21:43 - 00022875 _____ () C:\Users\Laurent Effen Rocks\Desktop\Written Assignment 1.xlsx
2015-01-18 19:06 - 2015-01-19 01:10 - 00000280 _____ () C:\Windows\setupact.log
2015-01-18 19:06 - 2015-01-18 19:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-18 19:05 - 2015-01-19 01:10 - 00002298 _____ () C:\Windows\PFRO.log
2015-01-18 14:12 - 2015-01-19 01:28 - 00000000 ____D () C:\FRST
2015-01-18 13:33 - 2015-01-18 13:33 - 02126848 _____ (Farbar) C:\Users\Laurent Effen Rocks\Desktop\FRST64.exe
2015-01-18 03:06 - 2015-01-18 03:06 - 00003262 _____ () C:\Windows\System32\Tasks\{299F1F97-D564-4A06-B15E-C8C0BB14E34B}
2015-01-18 03:06 - 2015-01-18 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackballWorks
2015-01-17 15:59 - 2015-01-17 15:59 - 00000704 _____ () C:\EamClean.log
2015-01-17 12:51 - 2015-01-17 12:51 - 00037644 _____ () C:\ComboFix.txt
2015-01-17 09:39 - 2015-01-17 09:39 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\IsolatedStorage
2015-01-17 09:36 - 2015-01-17 10:16 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-01-17 09:36 - 2015-01-17 09:36 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-17 09:34 - 2015-01-17 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-15 20:47 - 2015-01-15 20:47 - 00262144 ____N () C:\Windows\Minidump\011515-34187-01.dmp
2015-01-14 10:52 - 2015-01-14 10:52 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-13 15:17 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 15:17 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 15:17 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 15:17 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 15:17 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 15:17 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 15:16 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 15:16 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 15:16 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 15:16 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 15:16 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 15:16 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 15:16 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-09 00:40 - 2015-01-09 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-02 16:01 - 2015-01-19 01:06 - 00000964 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA.job
2015-01-02 16:01 - 2015-01-18 16:06 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core.job
2015-01-02 16:01 - 2015-01-02 16:01 - 00003966 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA
2015-01-02 16:01 - 2015-01-02 16:01 - 00003570 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core
2014-12-27 20:00 - 2014-12-27 20:00 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrackballWorks
2014-12-27 19:58 - 2014-12-27 19:58 - 00000844 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
2014-12-27 19:56 - 2015-01-03 01:03 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\uTorrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 01:26 - 2011-02-13 03:30 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-19 01:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-19 01:21 - 2011-02-07 12:52 - 01592861 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 01:20 - 2011-02-13 03:30 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security
2015-01-19 01:17 - 2011-02-20 20:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 01:15 - 2009-07-13 23:45 - 00017472 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 01:15 - 2009-07-13 23:45 - 00017472 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 01:10 - 2014-01-22 12:51 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-01-19 01:10 - 2014-01-22 12:51 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-19 01:10 - 2012-12-27 21:19 - 00000000 ____D () C:\Program Files (x86)\HTC Home
2015-01-19 01:10 - 2011-02-20 20:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 01:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 00:52 - 2012-12-18 20:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 00:29 - 2011-02-13 16:26 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-18 23:54 - 2011-02-13 12:20 - 00000000 ____D () C:\Windows\Minidump
2015-01-18 12:08 - 2011-02-13 03:27 - 00000832 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-18 05:05 - 2011-02-16 22:57 - 00000334 _____ () C:\Windows\Tasks\AVSRegistryCleaner.job
2015-01-18 02:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-01-18 02:10 - 2014-07-07 23:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 16:11 - 2014-09-14 16:09 - 00000000 ____D () C:\Program Files (x86)\RKill
2015-01-17 13:45 - 2014-09-14 18:40 - 00000000 ____D () C:\EEK
2015-01-17 12:51 - 2012-12-23 12:23 - 00000000 ____D () C:\Qoobox
2015-01-17 12:46 - 2014-10-27 01:27 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\CrashDumps
2015-01-17 12:46 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-17 12:29 - 2012-06-20 14:13 - 00000000 ____D () C:\Program Files (x86)\RogueKiller
2015-01-17 11:54 - 2014-09-14 16:57 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-17 11:02 - 2012-12-23 13:48 - 00000000 ____D () C:\Program Files (x86)\ComboFix
2015-01-17 10:36 - 2014-07-06 01:31 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-17 10:23 - 2009-07-13 21:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-17 09:44 - 2011-09-10 12:53 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\.minecraft
2015-01-14 22:41 - 2014-03-28 09:47 - 00701788 _____ () C:\Windows\system32\perfh007.dat
2015-01-14 22:41 - 2014-03-28 09:47 - 00150686 _____ () C:\Windows\system32\perfc007.dat
2015-01-14 22:41 - 2011-02-13 00:34 - 00764030 _____ () C:\Windows\system32\perfh00A.dat
2015-01-14 22:41 - 2011-02-13 00:34 - 00164832 _____ () C:\Windows\system32\perfc00A.dat
2015-01-14 22:41 - 2011-02-07 13:28 - 02539324 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 22:41 - 2009-07-14 00:13 - 02539324 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 15:05 - 2011-02-13 16:26 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2015-01-14 10:52 - 2012-12-18 20:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 10:52 - 2012-09-09 00:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 10:52 - 2012-09-09 00:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 03:23 - 2013-07-31 19:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:01 - 2011-02-07 17:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:17 - 2011-02-13 03:31 - 04151810 _____ () C:\Windows\system32\Drivers\Cat.DB
2015-01-13 08:33 - 2011-06-30 21:21 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\HpUpdate
2015-01-09 20:12 - 2012-09-09 00:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-03 01:33 - 2011-02-13 03:30 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\Google
2015-01-02 16:01 - 2012-09-09 00:29 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla
2014-12-31 06:14 - 2011-02-07 13:32 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 16:29 - 2014-07-07 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 16:29 - 2014-07-07 23:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 20:20 - 2011-02-13 23:51 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\Adobe
2014-12-27 19:54 - 2011-07-15 16:03 - 00000000 ____D () C:\Program Files (x86)\tixati

==================== Files in the root of some directories =======
2014-05-08 00:03 - 2014-05-08 00:03 - 0002241 _____ () C:\Program Files (x86)\TdssKiller.lnk
2012-10-22 21:49 - 2012-10-24 20:22 - 0000177 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\hpmirrordriver.log
2011-02-07 18:58 - 2012-12-15 00:09 - 0007859 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.cat
2011-02-07 18:58 - 2012-12-15 00:09 - 0001167 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.inf
2011-02-07 18:59 - 2012-12-15 00:09 - 0000033 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.log
2011-02-07 18:58 - 2012-12-15 00:09 - 0082816 _____ (VSO Software) C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.sys
2013-07-26 23:36 - 2013-09-09 23:36 - 0000098 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\WB.CFG
2013-06-13 23:36 - 2013-06-22 23:36 - 0000005 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\WBPU-TTL.DAT
2011-02-19 00:22 - 2014-09-20 08:09 - 0044032 _____ () C:\Users\Laurent Effen Rocks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-19 07:50 - 2011-04-30 12:08 - 0007600 _____ () C:\Users\Laurent Effen Rocks\AppData\Local\Resmon.ResmonCfg
2012-06-19 17:37 - 2012-06-19 17:57 - 0000000 _____ () C:\ProgramData\-NfezIMrIkkW76n
2012-06-19 17:37 - 2012-06-19 17:57 - 0000160 _____ () C:\ProgramData\-NfezIMrIkkW76nr
2013-08-15 10:37 - 2013-08-15 10:37 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-04-26 22:02 - 2013-08-09 17:55 - 0059502 _____ () C:\ProgramData\hpzinstall.log
2012-06-19 17:37 - 2012-06-19 17:57 - 0000256 _____ () C:\ProgramData\NfezIMrIkkW76n

Some content of TEMP:
====================
C:\Users\Laurent Effen Rocks\AppData\Local\Temp\Quarantine.exe
C:\Users\Laurent Effen Rocks\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 01:34

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks at 2015-01-19 01:29:53
Running from C:\Users\Laurent Effen Rocks\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Spyware Doctor with AntiVirus (Disabled - Up to date) {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spyware Doctor (Enabled - Up to date) {94076BB2-F3DA-227F-9A1E-F060FF73600F}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\uTorrent) (Version: 3.4.2.37594 - BitTorrent Inc.)
3DVIA player 5.0.0.20 (HKLM-x32\...\{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}) (Version: 5.0.20 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Able2Extract Professional 7.0 (HKLM-x32\...\{C894CC24-0DEC-4340-BCC9-DD4310DF3BEC}_is1) (Version: 7.0 - Investintech.com Inc.)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11 - Innovative Solutions)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)
AVS Audio Recorder 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version: 4.0.2.22 - Online Media Technologies Ltd.)
AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version: 2.0.1.3 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.1.529 - Online Media Technologies Ltd.)
AVS Document Converter 2.3.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.3.1.232 - Online Media Technologies Ltd.)
AVS DVD Copy 4.1.2.283 (HKLM-x32\...\AVS DVD Copy_is1) (Version: 4.1.2.283 - Online Media Technologies Ltd.)
AVS Image Converter 3.1.1.275 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.1.1.275 - Online Media Technologies Ltd.)
AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)
AVS Photo Editor 2.2.1.140 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.2.1.140 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.3.258 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.3.258 - Online Media Technologies Ltd.)
AVS Ringtone Maker version 1.6 (HKLM-x32\...\AVS Ringtone Maker 1.6_is1) (Version: 1.6.1.140 - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: 1.0.5.158 - Online Media Technologies Ltd.)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.1.161 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.161 - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.5 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: 1.5.1.27 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CardRecovery 6.00 (HKLM-x32\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version:  - WinRecovery Software)
CM Installer (HKLM-x32\...\{681544C2-FFA2-4CFD-A9AD-2A3D25DF8D22}) (Version: 1.0.0.0 - Cyanogen Inc.)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Partition Master 9.1.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version:  - EaseUS)
Genuine Fractals 6.0 Professional Edition (HKLM-x32\...\{FCADA4FF-142C-42A8-B73C-0A54A7F83345}) (Version: 6.0 - onOne Software)
Google Apps Migration For Microsoft Outlook® 3.1.21.46 (HKLM-x32\...\{09538C28-E130-4210-A8F3-1D175EE2DDF1}) (Version: 3.1.21.46 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToMeeting 4.8.0.723 (HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
HTC Home Apis (HKLM-x32\...\HTC Home Apis) (Version: 3.0.620.0 - Stealth)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
Lyrics Plugin for Windows Media Player (HKLM-x32\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MGTEK dopisp (HKLM-x32\...\{C25D3128-3136-4B33-9D32-8F0F5E81F349}) (Version: 6.0.3128 - MGTEK)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.65 (HKLM-x32\...\Mp3tag) (Version: v2.65 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.14200.48.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{7D0A13FA-56BC-4755-8BAF-45A69BA6A5C8}) (Version: 10.0.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Update (HKLM-x32\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.37 - Realtek Semiconductor Corp.)
Roblox (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Spyware Doctor with AntiVirus 8.0 (HKLM-x32\...\Spyware Doctor) (Version: 8.0 - PC Tools)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SYLTEditor (HKLM-x32\...\SYLTEditor) (Version:  - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrackballWorks (HKLM-x32\...\{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}) (Version: 1.1.18 - Kensington Computer Products Group)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
ViewSonic Windows 7 x64 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version:  - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.2500 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player 64-bit Plug-in Fix (HKLM\...\{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb) (Version:  - )
Windows Media Player Plus! 2.6 (HKLM-x32\...\{67E4EF06-E0D6-42E0-A2BA-67199B0143FB}_is1) (Version: 2.6 - BM-productions)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points  =========================

17-01-2015 09:36:37 PerforMax Cleaner
17-01-2015 10:34:59 PerforMax Cleaner
18-01-2015 19:18:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-19 00:25 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {013C4B54-932F-4442-841A-1BE52AA2DC38} - System32\Tasks\{EBA151F1-24E4-460C-B254-25AA24337936} => C:\Program Files (x86)\AVS4YOU\AVSAudioEditor\AVSAudioEditor.exe [2013-12-18] (Online Media Technologies Ltd.)
Task: {1890952D-21D4-41C9-B866-CAE72F8C737A} - System32\Tasks\AVSRegistryCleaner => C:\Program Files (x86)\AVS4YOU\AVSRegistryCleaner\AVSRegistryCleaner.exe [2014-03-03] (Online Media Technologies Ltd.)
Task: {1E7D5FB0-F3F0-4430-BB9D-E6BD738E74B4} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {3321EF01-B7A7-4C7C-8549-226BFCBF255E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {357FE73B-B397-4298-9769-63C29C7EDDE7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {53FFFBDB-3E5B-43C8-BCF4-E4C6B5AEE200} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {624E7849-AFDB-4718-B521-AC97FC77AEE5} - System32\Tasks\{6C51A34F-0C1D-450D-B7F9-9AE1DD8D08FF} => pcalua.exe -a "G:\My Documents\BitTorrent Downloads\Winrar 3.70 and Key.exe" -d "G:\My Documents\BitTorrent Downloads"
Task: {7186BD4A-AAE1-43EF-AD81-97377770E06C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {7ACC5097-E2DE-4100-8B3F-1C2A7A4E265F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {7E470414-E4B8-4CCA-997B-9D55C28D6E1D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9C8071CD-056C-48F4-9789-4288519B4CDE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A44BEA2C-93ED-455E-8B15-7BA559F23DE0} - System32\Tasks\{542E628D-10C4-41DD-9758-10C60F56980A} => pcalua.exe -a "C:\Program Files (x86)\Kensington\TrackballWorks\Uninstall.exe" -c "C:\Program Files (x86)\Kensington\TrackballWorks\install.log"
Task: {A699CAD1-DD5E-48AF-BB00-85A8619BB447} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-08-09] (Google)
Task: {B3183ED9-8185-485E-B9EC-4B8E2E358416} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {D23CBB86-3502-409B-ADA6-7BCF08574BCB} - System32\Tasks\{299F1F97-D564-4A06-B15E-C8C0BB14E34B} => pcalua.exe -a "C:\Users\Laurent Effen Rocks\Desktop\6d2b2af8-68f0-478a-ba1d-2684f0462b50.exe" -d "C:\Users\Laurent Effen Rocks\Desktop"
Task: {DC1B2321-787A-4673-A4B1-6478420305E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E4E41824-6759-4AC5-84AA-AFF3B61F38B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {E7CAF7B4-E984-49A2-97E9-1867CCCEEAE9} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EFAC2E60-09B2-4F20-9104-5F0D8C032B5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {F1E39E49-76D8-48B0-AE71-5573E9C67562} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVSRegistryCleaner.job => C:\Program Files (x86)\AVS4YOU\AVSRegistryCleaner\AVSRegistryCleaner.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core.job => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA.job => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-07 22:19 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-13 17:10 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-06-21 01:07 - 2011-11-28 07:54 - 02036736 _____ () C:\Program Files (x86)\HTC Home\Clock.exe
2011-06-21 01:06 - 2011-06-21 01:06 - 00249344 _____ () C:\Program Files (x86)\HTC Home\Home.Base.dll
2011-06-20 08:12 - 2011-06-20 08:12 - 00011776 _____ () C:\Program Files (x86)\HTC Home\Home.Packaging.dll
2011-06-21 01:06 - 2011-06-22 03:15 - 00016896 _____ () C:\Program Files (x86)\HTC Home\Weather.Base.dll
2011-06-20 08:12 - 2014-12-13 08:38 - 00018432 _____ () C:\Program Files (x86)\HTC Home\Extras\Weather\MSN.dll
2011-06-20 03:49 - 2011-06-20 03:49 - 04660736 _____ () C:\Program Files (x86)\HTC Home\UIFramework.Weather.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-05-17 15:20 - 2014-04-21 17:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2011-03-13 18:55 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-23 22:59 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2014-07-23 22:59 - 2009-02-27 16:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2011-03-13 21:02 - 2007-12-24 00:08 - 00391680 _____ () C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll
2011-03-13 18:55 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2011-02-13 03:31 - 2010-08-10 17:59 - 01263576 _____ () C:\Program Files (x86)\PC Tools Security\UserModeFileCache.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\ProgramData\TEMP:A4A25FD3
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: VRAID Log Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2704817108-4072845770-1665254088-500 - Administrator - Disabled)
Galo (S-1-5-21-2704817108-4072845770-1665254088-1005 - Administrator - Disabled)
Guest (S-1-5-21-2704817108-4072845770-1665254088-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2704817108-4072845770-1665254088-1002 - Limited - Enabled)
Laurent Effen Rocks (S-1-5-21-2704817108-4072845770-1665254088-1000 - Administrator - Enabled) => C:\Users\Laurent Effen Rocks
LogMeInRemoteUser (S-1-5-21-2704817108-4072845770-1665254088-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
UpdatusUser (S-1-5-21-2704817108-4072845770-1665254088-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: RAID Controller
Description: RAID Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 11:56:41 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (01/18/2015 07:13:14 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (01/18/2015 01:21:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bfc

Start Time: 01d0334b9001993f

Termination Time: 9

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/18/2015 06:07:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/17/2015 04:03:47 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (01/17/2015 00:34:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Faulting module name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Exception code: 0x40000015
Fault offset: 0x0008d1c0
Faulting process id: 0xa04
Faulting application start time: 0xPEV.exe0
Faulting application path: PEV.exe1
Faulting module path: PEV.exe2
Report Id: PEV.exe3

Error: (01/17/2015 11:08:56 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (01/17/2015 10:25:53 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (01/17/2015 09:38:22 AM) (Source: MsiInstaller) (EventID: 11316) (User: Galo-PC)
Description: Product: Consumer Input Update Helper -- Error 1316. The specified account already exists.

Error: (01/17/2015 01:18:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

System errors:
=============
Error: (01/19/2015 01:26:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022

Error: (01/19/2015 01:26:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022

Error: (01/19/2015 01:26:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022

Error: (01/19/2015 01:26:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022

Error: (01/19/2015 01:26:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022

Error: (01/19/2015 01:26:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022

Error: (01/19/2015 01:26:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022

Error: (01/19/2015 01:26:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022

Error: (01/19/2015 01:26:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022

Error: (01/19/2015 01:26:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The IPsec Policy Agent service terminated with the following error:
%%10022

Microsoft Office Sessions:
=========================
Error: (08/08/2012 07:13:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2015-01-17 12:45:03.770
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-17 12:45:03.590
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-17 12:45:03.410
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-17 12:45:03.231
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-29 13:51:28.369
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-29 13:51:28.208
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-29 13:51:28.047
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-29 13:51:27.886
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-27 00:41:34.071
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-27 00:41:33.900
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4800+
Percentage of memory in use: 51%
Total physical RAM: 3327.3 MB
Available physical RAM: 1623.62 MB
Total Pagefile: 6652.79 MB
Available Pagefile: 4202.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:212.91 GB) NTFS
Drive f: (Elements) (Fixed) (Total:596.17 GB) (Free:434.57 GB) NTFS
Drive g: (Data) (Fixed) (Total:465.76 GB) (Free:308.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A6650269)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 800C2CD1)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: 0028F2EE)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by ggee, 19 January 2015 - 01:24 AM.


#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 January 2015 - 01:32 AM

Hi ggee,

Thank you for the detailed answers to my questions. :thumbup:

You seem to have overlooked the JRT.txt log. Please post it in your next reply.

Just for reference we don't really recommend registry cleaners, they tend to do more harm than good.

AVS Registry Cleaner 2.3.3.258

=========================

Your logs are looking better.

=========================

bullseye_zpse9eaf36e.gif Malwarebytes' Anti-Malware

(if not already installed on your machine, download it via the link below)

Download Malwarebytes' Anti-Malware (save it to your desktop).

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Select Scan tab.
    MBAMDashboard_zpsddef9b5f.gif
  • Select type of scan to perform:
    MBAMScanTab_zps2c5e74bd.gif
    • Threat Scan < --- Select this type of scan
    • Custom Scan
    • Hyper Scan
  • Next click the Scan button.
  • When the scan is complete, if no malicious items are found you can close the program.
  • If malicious items are found be sure that everything is checked, and click Quarantine .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================

bullseye_zpse9eaf36e.gif ESET Online Scanner

*Note:

  • It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
  • Please don't go surfing while your resident protection is disabled!
  • Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notification Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Checked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • When the scan completes, click List of found threats
  • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
  • Include the contents of this report in your next reply

    Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
  • Re-enable your Antivirus software.

=========================

In your next post please provide the following:

  • MBAM log
  • ESET's log.txt
  • JRT.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 ggee

ggee

    Authentic Member

  • Authentic Member
  • PipPip
  • 78 posts

Posted 19 January 2015 - 02:14 AM

Actually, I updated my initial reply after I posted it. I found a problem I did not have before running the scans you instructed. But after running the scans and cleanups I found an issue with my internet. I beleive you replied with out seeing my update (timing issue).

 

I am replying from my tablet. Let me describe what happened. After performing the scans, I was prompted to restart my computer, just as you mentioned. It restarted normally, but it did not connect to the internet at all. I didn't think much of it, so I unplugged my router for 30 seconds and plugged it back in and also restarted my computer again. I thought it was just a random connection problem. Everything restarted and seemed fine. I opened my IE 11 and it opened to my google home page like normal. I logged into WTT and posted my results back to you. So everything seemed normal.

 

At this point I decided to read some news and highlight of the games. It would not open cnn.com, or msn.com, or espn. Nothing! It said "This page can't be displayed". Yet it was able to open youtube.com (except for the top portion of the page where the ad is - it said "This page can't be displayed). And it was able to open WTT. The same thing is happening with Firefox. So I decided to reboot only my computer again. It reboots normally, but I had no internet connection again. I get the exclamation point symbol on the taskbar (in the right hand tray). So I instead logged on with my tablet, which is connected to the same router, via wifi (my pc is connected to the router via ethernet wire). What is causing this?. I have no issues connecting or navigating to wevsites on my tablet.

 

BTW -  the link you provided to JRT did not work for my. But then again, I tried downloading it for the first time after the scans prompted me to restart and had my first connection issue. So maybe this is another website I can't open.

 

Now I'm a little concerned! Did the cleanup somehow corrupt my internet connection configurations.



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 January 2015 - 10:19 AM

Hi ggee,

 


Did the cleanup somehow corrupt my internet connection configurations.

 

That is a possibility, let's continue and see if we can get to the bottom of the problem.

=========================

Try and download JRT from here: http://www.bleepingc...e-removal-tool/

=========================

bullseye_zpse9eaf36e.gif MiniToolBox

Please download MiniToolBox, save it to your desktop and run it.
Right click and select "Run as Administrator".

Check-mark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

=========================

And please run the scans posted from my last reply and post the corresponding logs.

=========================

In your next post please provide the following:

  • Result.txt
  • JRT.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 ggee

ggee

    Authentic Member

  • Authentic Member
  • PipPip
  • 78 posts

Posted 19 January 2015 - 03:01 PM

My computer connection does not connect automaticaly. I either have to unplug the router, or unplug the ethernet wire from the back of the computer. After I do this I then get connection, but I can't open any websites in IE or Firefox (besides google, youtube, and What The Tech). Each time I try I get "This page can't be diplayed". Why only these sites, this is not logical? In Firefox it instead says "Server can not be found".

 

I did not have this problem before performing the scans per your instructions (in post #2). Here is a recap of what I did:

 

1- I followed the instructions in the order they appeared (meaning that I downloaded and scanned as I read through each step at a time).

2- When I got to the AdwCleaner.exe part, I followed the downloaded and scannng instructions (your instructions then said to click "Clean" when the scan completes).

3- But before clicking "Clean", I was curious to see what was found. So I looked in each tab.

a- The Service Tab had nothing listed.

b- The Folder Tab had 3 or 4 folders listed. When I navigated to each folder, they were all empty (it seemed harmless - so no questions asked).

c- The Files Tab had 2 or 3 files. When I navigated to each file, they were all unimportant or unused (it seemed harmless - so no questions asked).

d- The Registry Tab had several items. But at this point my mind was already in the "it seemed harmless" mode.

e- The IE Tab had nothing listed.

f- The Firefox Tab had some items, which I thought were adware/cookies. At this point my mind was still in the "it seemed harmless" mode.

4- I clicked "Clean" and AdwCleaner.exe did its thing, and then it prompted me to reboot (thinking back on it, I suspect this is probably where something went wrong because of the Registry Tab items. Maybe some of these items should not have been cleaned out).

5- My computer rebooted normally, except I noticed I had no internet connection. At the time I thought it was a random connectivity issue so I just unplugged my router, and plugged it back in again (I had connection again - so I thought).

5- I then navigated back to WTT and continued with the next instruction. I tried downloading JRT using your link, but this is when I remember getting the first "This page can't be displayed". I initially thought it was because it was an old link that didn't work anymore, so I just moved on to FRST (which was the last step and was already installed from my initial post).

6- I re-opened IE and it opened to my google home page as normal. I navigated directly to WTT again and posted my scan results.

7- I then decided to read cnn.com. That's when I noticed the issue with not being able to display anyother websites (I tried several sites with the same results). Yet I able to search like normal in google, but when I tried to click on the link results - I have the same issue.

8- I then decided to only reboot my computer again. It rebooted like normal, except I had no internet connection again.

9- I posted this new issue using my tablet, which connects via wifi to the same router (remember, my computer is connected using an ethernet wire).

10- Today I unplugged and replugged the ethernet wire on my computer again. I connected to the internet so that I can try to get to the links you provided in your last post. But I still have "This page can't be displayed" issue.

 

This is where I am at this point. Like I said, I suspect something when wrong at the AdwCleaner step (due to the registry tab items). I also tried setting up a new network connection via the Windows 7 Control Panel. It does not resolve the issue, and I saw an Error 651 message for the first time. I googled it on my tablet, and it can be caused by several things - one being a corrupted registry or missing network card drivers. I have not taken any action on this error 651, until hearing back from you first.

 

Please help me. In the mean time I will try to download your links using a laptop, and transferring the files to by computer using a thumbdrive.


Edited by ggee, 19 January 2015 - 03:27 PM.


#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 January 2015 - 03:44 PM

Hi ggee,

I have looked through the AdwCleaner log and I don't see anything that was removed that would be causing the issue you are describing. Sometimes, during the malware removal process we find other issues that might have been compromised or files may have become corrupt.

Please try these steps one at a time. If the first one doesn't resolve the issue, continue onto the next step. Reboot after each step.

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 
Start
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

 Power cycling your Modem and Router

1.Save all your current work, close all open applications, then shut down your computer. Wait for a minute.
2.First, turn your Router off and wait for a couple of minutes.
3.Turn off your modem.
4.Disconnect all the Ethernet cables that are connected to the router and modem and the PC.
5.Reconnect them and ensure that there are no loose connections in between them.
6.Now, switch on your PC and let it boot.
7.Switch on the modem first and after it gets initialized, switch on the router.

=========================

Disable your security software temporarily and see it that is of any help. Be sure to re-enable the software.

=========================

In your next post please provide the following:
  • Fixlog.txt
  • Result.txt
  • JRT.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 ggee

ggee

    Authentic Member

  • Authentic Member
  • PipPip
  • 78 posts

Posted 19 January 2015 - 04:18 PM

Hello,

 

Here are the results and logs for the instructions on Post # 6 (JRT and MiniToolBox):

BTW - did you see my reply (Post # 7) - I mentioned I saw Error 651 for the first time (when trying to setup a new Home Network connection in Win 7)?

In the mean time, I will also try the instructions on Post # 8)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu

Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Laurent Effen Rocks on Mon 01/19/2015 at 16:53:50.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\Laurent Effen Rocks\appdata\local\{45BE14B2-3CB3-4BBD-8D3A-EF8493461ED9}
Successfully deleted: [Empty Folder] C:\Users\Laurent Effen Rocks\appdata\local\{567B3D27-F0B5-4C0F-A939-E835168B83C1}
Successfully deleted: [Empty Folder] C:\Users\Laurent Effen Rocks\appdata\local\{6391FB98-58FB-423C-9AE8-4D63C7279905}
Successfully deleted: [Empty Folder] C:\Users\Laurent Effen Rocks\appdata\local\{C12C668E-B8A3-40E1-B9DC-E164CF227AB1}
Successfully deleted: [Empty Folder] C:\Users\Laurent Effen Rocks\appdata\local\{D65FDDAF-E67F-49B2-8D50-9C1D9301992E}
Successfully deleted: [Empty Folder] C:\Users\Laurent Effen Rocks\appdata\local\{E29F9DC9-6040-42DF-8E5A-B4CFF8A6D608}
Successfully deleted: [Empty Folder] C:\Users\Laurent Effen Rocks\appdata\local\{ED7B259D-1547-4FEC-9270-BCCCE2EB1383}

 

~~~ FireFox

Emptied folder: C:\Users\Laurent Effen Rocks\AppData\Roaming\mozilla\firefox\profiles\mkcyav34.default\minidumps [47 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/19/2015 at 16:58:58.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Laurent Effen Rocks (administrator) on 19-01-2015 at 17:06:26
Running from "C:\Users\Laurent Effen Rocks\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

========================= IP Configuration: ================================

Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Galo-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
   Physical Address. . . . . . . . . : 00-11-2F-46-7C-23
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:c:6180:e839:4e6:3262:a9d3:347d(Preferred)
   Temporary IPv6 Address. . . . . . : 2601:c:6180:e839:88df:2f15:78be:ab7b(Preferred)
   Link-local IPv6 Address . . . . . : fe80::4e6:3262:a9d3:347d%10(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.52.125(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . : fe80::cea4:62ff:fecc:7df1%10
   DHCPv6 IAID . . . . . . . . . . . : 234885423
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-E1-A1-E3-00-11-2F-46-7C-23
   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{94B18308-8489-4019-A093-568B88D4D8C3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    google.com
Addresses:  2607:f8b0:400d:c06::8b
   173.194.123.8
   173.194.123.2
   173.194.123.4
   173.194.123.0
   173.194.123.5
   173.194.123.3
   173.194.123.6
   173.194.123.9
   173.194.123.1
   173.194.123.14
   173.194.123.7

Pinging google.com [2607:f8b0:400d:c03::66] with 32 bytes of data:
Reply from 2607:f8b0:400d:c03::66: time=24ms
Reply from 2607:f8b0:400d:c03::66: time=24ms

Ping statistics for 2607:f8b0:400d:c03::66:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 24ms, Average = 24ms
Server:  cdns01.comcast.net
Address:  2001:558:feed::1

Name:    yahoo.com
Addresses:  206.190.36.45
   98.138.253.109
   98.139.183.24

Ping request could not find host yahoo.com. Please check the name and try again.

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 10...00 11 2f 46 7c 23 ......Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller
  1...........................Software Loopback Interface 1
 14...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0         On-link    169.254.52.125    266
   169.254.52.125  255.255.255.255         On-link    169.254.52.125    266
  169.254.255.255  255.255.255.255         On-link    169.254.52.125    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link    169.254.52.125    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link    169.254.52.125    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    266 ::/0                     fe80::cea4:62ff:fecc:7df1
  1    306 ::1/128                  On-link
 10     18 2601:c:6180:e839::/64    On-link
 10    266 2601:c:6180:e839:4e6:3262:a9d3:347d/128
                                    On-link
 10    266 2601:c:6180:e839:88df:2f15:78be:ab7b/128
                                    On-link
 10    266 fe80::/64                On-link
 10    266 fe80::4e6:3262:a9d3:347d/128
                                    On-link
  1    306 ff00::/8                 On-link
 10    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (08/08/2012 07:13:01 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2015-01-17 12:45:03.770
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-17 12:45:03.590
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-17 12:45:03.410
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2015-01-17 12:45:03.231
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-29 13:51:28.369
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-29 13:51:28.208
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-29 13:51:28.047
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-29 13:51:27.886
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-27 00:41:34.071
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-27 00:41:33.900
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

========================= Minidump Files ==================================

No minidump file found

**** End of log ****



#10 ggee

ggee

    Authentic Member

  • Authentic Member
  • PipPip
  • 78 posts

Posted 19 January 2015 - 05:00 PM

Hello,

 

Please see the results from the instructions on Post #8

I still have the issue, even after unplugging and powering off.

Does the fact that I saw Error 651, have anything to do with it?

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks at 2015-01-19 17:20:10 Run:2
Running from C:\Users\Laurent Effen Rocks\Desktop
Loaded Profiles: Laurent Effen Rocks (Available profiles: Laurent Effen Rocks & LogMeInRemoteUser & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
End
*****************

=========  netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

==== End of Fixlog 17:20:12 ====


    Advertisements

Register to Remove


#11 ggee

ggee

    Authentic Member

  • Authentic Member
  • PipPip
  • 78 posts

Posted 19 January 2015 - 05:40 PM

Also, just for information purposes:

When I try to create a new nework connection in Win 7, I get Error 651.

When I boot to Safe Mode with Networking, I still have the same issue.

My Xfinity router is a Router/Modem/Wifi, and I can not connect to it either.

I can not connect to my network printer (connected via ethernet to the same network).

Does Microsoft Teredo Tunneling Adapter have any contibuting factor?

 

Thanks so far. I dont understand, everything was fine.



#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 January 2015 - 05:55 PM

Hi ggee,

Yes, I did read post #7.
 

Does the fact that I saw Error 651, have anything to do with it?


Is there any additional information provided when you receive the Error 651?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 ggee

ggee

    Authentic Member

  • Authentic Member
  • PipPip
  • 78 posts

Posted 19 January 2015 - 06:52 PM

When I try to setup a new network connection, I choose via cable modem. I click next and it come to the page where it asks for a username and password, which I beleive do not require (I use Comcast as my cable provider, and I have one of their Xfinity cable modems with built in router and wifi).

Do I need to call Comcast and ask if there is a username and password associated with my cable broadband?

Anyways, the wizard then tries to connect - "Connecting through WAN Miniport (PPPOE)...".

But if fails, and it says: Connection failed with error 651. The modem (or other connecting device) has reported an error.



#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 January 2015 - 10:15 PM

Hi ggee,

I am sorry that the steps we have taken has disrupted your internet connection. As malware removal is my area of knowledge, connectivity issues require a bit more time and patience to try and resolve.

Can you take a screenshot of the error message?

bullseye_zpse9eaf36e.gif SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.

Download the version suitable to your computer.

  • Right click SystemLook.exe and select "Run as Administrator" to run it.
  • Copy the content of the following code-box into the main text-field:
    :filefind
    raspppoe.sys
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

=========================

Additional Step Added

  • Go to Start -> Control Panel -> Internet Options
  • Under “Connections” tab, check the box, “Never dial a connection”,
  • Click “Apply” and then OK.

=========================

In your next post please provide the following:

  • SystemLook.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 ggee

ggee

    Authentic Member

  • Authentic Member
  • PipPip
  • 78 posts

Posted 19 January 2015 - 11:14 PM

Hello,

 

I don't understand how I can only have access to google, WTT and youtube, and not have access to any other site. Because of this, I can't download any of your links. Instead, what I am doing it using my tablet to navigate to this post. From there, I go ahead and download the links and save the file to my sdcard. I then transfer the .exe files to my google drive account. So then the file is sitting in my google drive. From there, since I can access google on my computer - I log into my google drive and pickup the .exe file. to download back to my computer. I then run the .exe files. That is the only way I can do this (google is saving my right now, and so is my galaxy 8.0 tablet).

 

Anyways...., please see the results below (and the screen shot of the error):

 

SystemLook 30.07.11 by jpshortstuff
Log created at 23:48 on 19/01/2015 by Laurent Effen Rocks
Administrator - Elevation successful

========== filefind ==========

Searching for "raspppoe.sys"
C:\Windows\System32\drivers\raspppoe.sys --a---- 92672 bytes [00:10 14/07/2009] [00:10 14/07/2009] 855C9B1CD4756C5E9A2AA58A15F58C25
C:\Windows\winsxs\amd64_microsoft-windows-rasbase-raspppoe_31bf3856ad364e35_6.1.7600.16385_none_b22875c7b448dfbb\raspppoe.sys --a---- 92672 bytes [00:10 14/07/2009] [00:10 14/07/2009] 855C9B1CD4756C5E9A2AA58A15F58C25

-= EOF =-

 

 

Connecting to Broadband Connection.png

 

Connection Failed with Error 651.png


Edited by ggee, 19 January 2015 - 11:16 PM.

Related Topics



1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users