WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus diagnostic help, please (possible infection) [Solved]

Started by ggee , Jan 18 2015 01:46 PM

This topic is locked

50 replies to this topic

#1 ggee

Authentic Member

Authentic Member
78 posts

Posted 18 January 2015 - 01:46 PM

Hello WTT,

Happy new year.

I beleive my PC might have been infected, after my young son tried downloading Minecraft without my permission. He knows daddy's PC is not for games, thats what his Wii-U and Xbox are for (the temptation must have got to him).

Anyways, I ran my Malware Bytes and I think it cleaned it out. But I would like the experts at WTT to take a look. Besides, I like coming on the site to get my "Tech" on - even though it's amature next to you guys =)

Please see the attached logs from aswMBR and FRST64.

As always - I recognize the time and value of the great volunteers, so......., Donations are coming!!!!!!

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-01-18 13:38:58
-----------------------------
13:38:58.519    OS Version: Windows x64 6.1.7601 Service Pack 1
13:38:58.520    Number of processors: 2 586 0x2302
13:38:58.521    ComputerName: GALO-PC UserName:
13:39:00.174    Initialize success
13:39:00.404    VM: initialized successfully
13:39:00.406    VM: Amd CPU virtualization not supported
13:41:02.666    AVAST engine defs: 15011800
13:41:43.206    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
13:41:43.208    Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 8
13:41:43.212    Disk 1 \Device\Harddisk1\DR1 -> \Device\00000067
13:41:43.216    Disk 1 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 8
13:41:43.330    Disk 0 MBR read successfully
13:41:43.337    Disk 0 MBR scan
13:41:43.378    Disk 0 Windows 7 default MBR code
13:41:43.388    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
13:41:43.415    Disk 0 Boot: NTFS     code=1
13:41:43.444    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       305144 MB offset 206848
13:41:43.474    Disk 0 scanning C:\Windows\system32\drivers
13:41:59.081    Service scanning
13:42:25.205    Modules scanning
13:42:25.211    Disk 0 trace - called modules:
13:42:25.236    ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt61.sys PCTCore64.sys storport.sys hal.dll vsmraid.sys
13:42:25.242    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003a81790]
13:42:25.248    3 CLASSPNP.SYS[fffff880010f743f] -> nt!IofCallDriver -> [0xfffffa8003a6d880]
13:42:25.255    5 vsflt61.sys[fffff88000e520fd] -> nt!IofCallDriver -> [0xfffffa8003a72b30]
13:42:25.261    7 PCTCore64.sys[fffff88001095094] -> nt!IofCallDriver -> \Device\00000066[0xfffffa800327b260]
13:42:26.501    AVAST engine scan C:\Windows
13:42:30.712    AVAST engine scan C:\Windows\system32
13:47:30.153    AVAST engine scan C:\Windows\system32\drivers
13:48:09.132    AVAST engine scan C:\Users\Laurent Effen Rocks
13:55:31.455    AVAST engine scan C:\ProgramData
14:03:52.613    Disk 0 statistics 3756444/0/0 @ 1.81 MB/s
14:03:52.624    Scan finished successfully
14:06:12.352    Disk 0 MBR has been saved successfully to "C:\Users\Laurent Effen Rocks\Desktop\MBR.dat"
14:06:12.359    The log file has been saved successfully to "C:\Users\Laurent Effen Rocks\Desktop\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks (administrator) on GALO-PC on 18-01-2015 14:18:28
Running from C:\Users\Laurent Effen Rocks\Desktop
Loaded Profiles: Laurent Effen Rocks (Available profiles: Laurent Effen Rocks & LogMeInRemoteUser & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsGui.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\HTC Home\Clock.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2010-09-17] (LogMeIn, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [Kensington TrackballWorks Helper] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ISTray] => C:\Program Files (x86)\PC Tools Security\pctsGui.exe [1589208 2010-12-01] (PC Tools)
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [Kensington TrackballWorks] => C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe [504320 2012-02-20] (Kensington)
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [Clock Widget (HTC Home)] => C:\Program Files (x86)\HTC Home\Clock.exe [2036736 2011-11-28] ()
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM-x32 -> DefaultScope {27A228E7-6BC2-4C4B-9F55-26382491968E} URL =
SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKLM-x32 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> No File
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5}
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://simulcast.ma...v/LiveSound.dll
DPF: HKLM-x32 {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} http://adus1.liveblo...ory/laiexec.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab
DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://imageupload9....geUploader6.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default
FF SearchEngineOrder.3: Bing
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @talk.google.com/O1DPlugin -> C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Laurent Effen Rocks\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Laurent Effen Rocks\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Laurent Effen Rocks\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default\searchplugins\bingp.xml
FF Extension: WOT - C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]

Chrome:
=======
CHR Profile: C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-30]
CHR Extension: (Google Drive) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-30]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-29]
CHR Extension: (YouTube) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-30]
CHR Extension: (Google Search) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-30]
CHR Extension: (Google Wallet) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30]
CHR Extension: (Gmail) - C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-30]
CHR HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\Chrome\Extension: [jhbbmmgbnjalccamlaefhepnajfmgopb] - C:\Users\Laurent Effen Rocks\AppData\Local\CRE\jhbbmmgbnjalccamlaefhepnajfmgopb.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jhbbmmgbnjalccamlaefhepnajfmgopb] - C:\Users\Laurent Effen Rocks\AppData\Local\CRE\jhbbmmgbnjalccamlaefhepnajfmgopb.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 astcc; C:\Windows\SysWOW64\astsrv.exe [57344 2008-11-26] (Nalpeiron Ltd.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-14] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-14] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
R2 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
S4 VRAID Log Service; C:\Program Files (x86)\VIA\RAID\vialogsv.exe [52888 2008-09-24] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-13] (Microsoft Corporation)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC64.SYS [3491616 2009-06-18] (Realtek Semiconductor Corp.)
S3 cleanhlp; C:\EEK\BIN\cleanhlp64.sys [57024 2014-09-13] (Emsisoft GmbH)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-06-05] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)
S3 nvrd64; C:\Windows\system32\DRIVERS\nvrd64.sys [175648 2009-06-30] (NVIDIA Corporation)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore64.sys [257232 2010-11-25] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS64.sys [452872 2010-06-29] (PC Tools)
R0 pctEFA; C:\Windows\System32\drivers\pctEFA64.sys [816016 2010-07-16] (PC Tools)
R3 tbwkern; C:\Windows\System32\DRIVERS\tbwkern.sys [32848 2011-06-13] ()
R0 vidsflt61; C:\Windows\System32\DRIVERS\vsflt61.sys [142944 2012-01-24] (Acronis)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 aswMBR; \??\C:\Users\LAUREN~1\AppData\Local\Temp\aswMBR.sys [X]
U3 aswVmm; \??\C:\Users\LAUREN~1\AppData\Local\Temp\aswVmm.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 14:18 - 2015-01-18 14:19 - 00028278 _____ () C:\Users\Laurent Effen Rocks\Desktop\FRST.txt
2015-01-18 14:12 - 2015-01-18 14:18 - 00000000 ____D () C:\FRST
2015-01-18 14:06 - 2015-01-18 14:06 - 00002391 _____ () C:\Users\Laurent Effen Rocks\Desktop\aswMBR.txt
2015-01-18 14:06 - 2015-01-18 14:06 - 00000512 _____ () C:\Users\Laurent Effen Rocks\Desktop\MBR.dat
2015-01-18 13:33 - 2015-01-18 13:33 - 02126848 _____ (Farbar) C:\Users\Laurent Effen Rocks\Desktop\FRST64.exe
2015-01-18 13:30 - 2015-01-18 13:30 - 05198336 _____ (AVAST Software) C:\Users\Laurent Effen Rocks\Desktop\aswMBR.exe
2015-01-18 03:06 - 2015-01-18 03:06 - 00003262 _____ () C:\Windows\System32\Tasks\{299F1F97-D564-4A06-B15E-C8C0BB14E34B}
2015-01-18 03:06 - 2015-01-18 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackballWorks
2015-01-17 15:59 - 2015-01-17 15:59 - 00000704 _____ () C:\EamClean.log
2015-01-17 12:51 - 2015-01-17 12:51 - 00037644 _____ () C:\ComboFix.txt
2015-01-17 09:39 - 2015-01-17 09:39 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\IsolatedStorage
2015-01-17 09:37 - 2015-01-17 10:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2015-01-17 09:36 - 2015-01-18 02:34 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\DigitalSites
2015-01-17 09:36 - 2015-01-17 10:16 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-01-17 09:36 - 2015-01-17 09:36 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-17 09:34 - 2015-01-17 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-15 20:47 - 2015-01-15 20:47 - 00262144 ____N () C:\Windows\Minidump\011515-34187-01.dmp
2015-01-14 10:52 - 2015-01-14 10:52 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-13 15:17 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 15:17 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 15:17 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 15:17 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 15:17 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 15:17 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 15:16 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 15:16 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 15:16 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 15:16 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 15:16 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 15:16 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 15:16 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-09 00:40 - 2015-01-09 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-02 16:01 - 2015-01-18 14:06 - 00000964 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA.job
2015-01-02 16:01 - 2015-01-17 16:06 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core.job
2015-01-02 16:01 - 2015-01-02 16:01 - 00003966 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA
2015-01-02 16:01 - 2015-01-02 16:01 - 00003570 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core
2014-12-27 20:00 - 2014-12-27 20:00 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrackballWorks
2014-12-27 19:58 - 2014-12-27 19:58 - 00000844 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
2014-12-27 19:56 - 2015-01-03 01:03 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\uTorrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 14:17 - 2011-02-20 20:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-18 13:52 - 2012-12-18 20:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 13:36 - 2011-02-13 03:30 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-18 12:08 - 2011-02-13 03:27 - 00000832 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-18 05:22 - 2011-02-07 12:52 - 01430264 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 05:05 - 2011-02-16 22:57 - 00000334 _____ () C:\Windows\Tasks\AVSRegistryCleaner.job
2015-01-18 04:23 - 2009-07-13 23:45 - 00017472 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 04:23 - 2009-07-13 23:45 - 00017472 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 04:18 - 2014-01-22 12:51 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-01-18 04:18 - 2014-01-22 12:51 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-18 04:18 - 2012-12-27 21:19 - 00000000 ____D () C:\Program Files (x86)\HTC Home
2015-01-18 04:18 - 2011-02-20 20:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-18 04:18 - 2011-02-13 03:30 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security
2015-01-18 04:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 02:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-01-18 02:10 - 2014-07-07 23:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 02:01 - 2011-02-13 16:26 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-17 16:11 - 2014-09-14 16:09 - 00000000 ____D () C:\Program Files (x86)\RKill
2015-01-17 13:45 - 2014-09-14 18:40 - 00000000 ____D () C:\EEK
2015-01-17 12:51 - 2012-12-23 12:23 - 00000000 ____D () C:\Qoobox
2015-01-17 12:46 - 2014-10-27 01:27 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\CrashDumps
2015-01-17 12:46 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-17 12:29 - 2012-06-20 14:13 - 00000000 ____D () C:\Program Files (x86)\RogueKiller
2015-01-17 11:54 - 2014-09-14 16:57 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-17 11:02 - 2012-12-23 13:48 - 00000000 ____D () C:\Program Files (x86)\ComboFix
2015-01-17 10:36 - 2014-07-06 01:31 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-17 10:23 - 2009-07-13 21:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-17 09:44 - 2011-09-10 12:53 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\.minecraft
2015-01-15 20:47 - 2011-02-13 12:20 - 00000000 ____D () C:\Windows\Minidump
2015-01-14 22:41 - 2014-03-28 09:47 - 00701788 _____ () C:\Windows\system32\perfh007.dat
2015-01-14 22:41 - 2014-03-28 09:47 - 00150686 _____ () C:\Windows\system32\perfc007.dat
2015-01-14 22:41 - 2011-02-13 00:34 - 00764030 _____ () C:\Windows\system32\perfh00A.dat
2015-01-14 22:41 - 2011-02-13 00:34 - 00164832 _____ () C:\Windows\system32\perfc00A.dat
2015-01-14 22:41 - 2011-02-07 13:28 - 02539324 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 22:41 - 2009-07-14 00:13 - 02539324 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 15:05 - 2011-02-13 16:26 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2015-01-14 10:52 - 2012-12-18 20:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 10:52 - 2012-09-09 00:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 10:52 - 2012-09-09 00:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 03:23 - 2013-07-31 19:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:01 - 2011-02-07 17:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:17 - 2011-02-13 03:31 - 04151810 _____ () C:\Windows\system32\Drivers\Cat.DB
2015-01-13 08:33 - 2011-06-30 21:21 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\HpUpdate
2015-01-09 20:12 - 2012-09-09 00:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-03 01:33 - 2011-02-13 03:30 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\Google
2015-01-02 16:01 - 2012-09-09 00:29 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla
2014-12-31 06:14 - 2011-02-07 13:32 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 16:29 - 2014-07-07 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 16:29 - 2014-07-07 23:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 20:20 - 2011-02-13 23:51 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\Adobe
2014-12-27 19:54 - 2011-07-15 16:03 - 00000000 ____D () C:\Program Files (x86)\tixati

==================== Files in the root of some directories =======
2014-05-08 00:03 - 2014-05-08 00:03 - 0002241 _____ () C:\Program Files (x86)\TdssKiller.lnk
2012-10-22 21:49 - 2012-10-24 20:22 - 0000177 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\hpmirrordriver.log
2011-02-07 18:58 - 2012-12-15 00:09 - 0007859 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.cat
2011-02-07 18:58 - 2012-12-15 00:09 - 0001167 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.inf
2011-02-07 18:59 - 2012-12-15 00:09 - 0000033 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.log
2011-02-07 18:58 - 2012-12-15 00:09 - 0082816 _____ (VSO Software) C:\Users\Laurent Effen Rocks\AppData\Roaming\pcouffin.sys
2013-07-26 23:36 - 2013-09-09 23:36 - 0000098 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\WB.CFG
2013-06-13 23:36 - 2013-06-22 23:36 - 0000005 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\WBPU-TTL.DAT
2011-02-19 00:22 - 2014-09-20 08:09 - 0044032 _____ () C:\Users\Laurent Effen Rocks\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-03-19 07:50 - 2011-04-30 12:08 - 0007600 _____ () C:\Users\Laurent Effen Rocks\AppData\Local\Resmon.ResmonCfg
2012-06-19 17:37 - 2012-06-19 17:57 - 0000000 _____ () C:\ProgramData\-NfezIMrIkkW76n
2012-06-19 17:37 - 2012-06-19 17:57 - 0000160 _____ () C:\ProgramData\-NfezIMrIkkW76nr
2013-08-15 10:37 - 2013-08-15 10:37 - 0000057 _____ () C:\ProgramData\Ament.ini
2011-04-26 22:02 - 2013-08-09 17:55 - 0059502 _____ () C:\ProgramData\hpzinstall.log
2012-06-19 17:37 - 2012-06-19 17:57 - 0000256 _____ () C:\ProgramData\NfezIMrIkkW76n

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 01:34

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks at 2015-01-18 14:20:30
Running from C:\Users\Laurent Effen Rocks\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Spyware Doctor with AntiVirus (Enabled - Up to date) {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spyware Doctor (Disabled - Up to date) {94076BB2-F3DA-227F-9A1E-F060FF73600F}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\uTorrent) (Version: 3.4.2.37594 - BitTorrent Inc.)
3DVIA player 5.0.0.20 (HKLM-x32\...\{B01DD1A4-F4E1-4CE7-AB6E-3168C5BD5D30}) (Version: 5.0.20 - 3DVIA)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
8500A909_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Able2Extract Professional 7.0 (HKLM-x32\...\{C894CC24-0DEC-4340-BCC9-DD4310DF3BEC}_is1) (Version: 7.0 - Investintech.com Inc.)
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Master Collection (HKLM-x32\...\Adobe_b2d6abde968e6f277ddbfd501383e02) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11 - Innovative Solutions)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)
AVS Audio Recorder 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version: 4.0.2.22 - Online Media Technologies Ltd.)
AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version: 2.0.1.3 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.1.529 - Online Media Technologies Ltd.)
AVS Document Converter 2.3.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.3.1.232 - Online Media Technologies Ltd.)
AVS DVD Copy 4.1.2.283 (HKLM-x32\...\AVS DVD Copy_is1) (Version: 4.1.2.283 - Online Media Technologies Ltd.)
AVS Image Converter 3.1.1.275 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.1.1.275 - Online Media Technologies Ltd.)
AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)
AVS Photo Editor 2.2.1.140 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.2.1.140 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.3.258 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.3.258 - Online Media Technologies Ltd.)
AVS Ringtone Maker version 1.6 (HKLM-x32\...\AVS Ringtone Maker 1.6_is1) (Version: 1.6.1.140 - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: 1.0.5.158 - Online Media Technologies Ltd.)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.246 - Online Media Technologies Ltd.)
AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.94 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.1.161 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.161 - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.5 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: 1.5.1.27 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BPD_DSWizards (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
CardRecovery 6.00 (HKLM-x32\...\{88D68A69-D247-466B-90DD-575F6BE16230}_is1) (Version: - WinRecovery Software)
CM Installer (HKLM-x32\...\{681544C2-FFA2-4CFD-A9AD-2A3D25DF8D22}) (Version: 1.0.0.0 - Cyanogen Inc.)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EaseUS Partition Master 9.1.1 Home Edition (HKLM-x32\...\EaseUS Partition Master Home Edition_is1) (Version: - EaseUS)
Genuine Fractals 6.0 Professional Edition (HKLM-x32\...\{FCADA4FF-142C-42A8-B73C-0A54A7F83345}) (Version: 6.0 - onOne Software)
Google Apps Migration For Microsoft Outlook® 3.1.21.46 (HKLM-x32\...\{09538C28-E130-4210-A8F3-1D175EE2DDF1}) (Version: 3.1.21.46 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
GoToMeeting 4.8.0.723 (HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\...\GoToMeeting) (Version: 4.8.0.723 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.234 - SurfRight B.V.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HTC Driver Installer (HKLM-x32\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 3.0.0.007 - HTC Corporation)
HTC Home Apis (HKLM-x32\...\HTC Home Apis) (Version: 3.0.620.0 - Stealth)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 10 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417010FF}) (Version: 7.0.100 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
LogMeIn (HKLM-x32\...\{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}) (Version: 4.1.1578 - LogMeIn, Inc.)
Lyrics Plugin for Windows Media Player (HKLM-x32\...\{43002AE2-4093-49E0-A03D-990EE184C568}) (Version: 0.4 - Lyrics Plugin)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
MGTEK dopisp (HKLM-x32\...\{C25D3128-3136-4B33-9D32-8F0F5E81F349}) (Version: 6.0.3128 - MGTEK)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.65 (HKLM-x32\...\Mp3tag) (Version: v2.65 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.4.10300.1.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.6.10500.3.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10400.0.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10600.4.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.4.10200.0.100 - Nero AG)
Nero Kwik Media (HKLM-x32\...\{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}) (Version: 1.6.14200.48.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{7D0A13FA-56BC-4755-8BAF-45A69BA6A5C8}) (Version: 10.0.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10400.2.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.10900.31.0 - Nero AG)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Controller Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.62.40 - NVIDIA Corporation)
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Performance (HKLM-x32\...\InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Monitor (HKLM-x32\...\InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}) (Version: 6.5 - NVIDIA Corporation)
NVIDIA System Update (HKLM-x32\...\InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}) (Version: 3.00 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek AC'97 Audio (HKLM-x32\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: 5.37 - Realtek Semiconductor Corp.)
Roblox (HKLM-x32\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version: - Punk Software)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.167.000 - Hewlett-Packard) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SnagIt 8 (HKLM-x32\...\{DA0BF7AB-88EB-4675-8FA1-531EAD938821}) (Version: 8.2.3 - TechSmith Corporation)
Spyware Doctor with AntiVirus 8.0 (HKLM-x32\...\Spyware Doctor) (Version: 8.0 - PC Tools)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SYLTEditor (HKLM-x32\...\SYLTEditor) (Version: - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrackballWorks (HKLM-x32\...\{51ADFD15-6B63-4F8E-8076-F4E31FFEE32A}) (Version: 1.1.18 - Kensington Computer Products Group)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
ViewSonic Windows 7 x64 Signed Files (HKLM-x32\...\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}) (Version: - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.8-4 - Wacom Technology Corp.)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.2500 - Broadcom Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player 64-bit Plug-in Fix (HKLM\...\{00a8ce68-cb2e-4652-aecd-c05c0d9d53a7}.sdb) (Version: - )
Windows Media Player Plus! 2.6 (HKLM-x32\...\{67E4EF06-E0D6-42E0-A2BA-67199B0143FB}_is1) (Version: 2.6 - BM-productions)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\723\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

17-01-2015 01:25:17 Scheduled Checkpoint
17-01-2015 09:36:37 PerforMax Cleaner
17-01-2015 10:34:59 PerforMax Cleaner

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-17 12:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {013C4B54-932F-4442-841A-1BE52AA2DC38} - System32\Tasks\{EBA151F1-24E4-460C-B254-25AA24337936} => C:\Program Files (x86)\AVS4YOU\AVSAudioEditor\AVSAudioEditor.exe [2013-12-18] (Online Media Technologies Ltd.)
Task: {1890952D-21D4-41C9-B866-CAE72F8C737A} - System32\Tasks\AVSRegistryCleaner => C:\Program Files (x86)\AVS4YOU\AVSRegistryCleaner\AVSRegistryCleaner.exe [2014-03-03] (Online Media Technologies Ltd.)
Task: {1E7D5FB0-F3F0-4430-BB9D-E6BD738E74B4} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {3321EF01-B7A7-4C7C-8549-226BFCBF255E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {357FE73B-B397-4298-9769-63C29C7EDDE7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {4D6D41D4-D36B-4BFA-85DD-15C13E2B31DE} - \Digital Sites No Task File <==== ATTENTION
Task: {53FFFBDB-3E5B-43C8-BCF4-E4C6B5AEE200} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {624E7849-AFDB-4718-B521-AC97FC77AEE5} - System32\Tasks\{6C51A34F-0C1D-450D-B7F9-9AE1DD8D08FF} => pcalua.exe -a "G:\My Documents\BitTorrent Downloads\Winrar 3.70 and Key.exe" -d "G:\My Documents\BitTorrent Downloads"
Task: {7186BD4A-AAE1-43EF-AD81-97377770E06C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {7ACC5097-E2DE-4100-8B3F-1C2A7A4E265F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {7E470414-E4B8-4CCA-997B-9D55C28D6E1D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9C8071CD-056C-48F4-9789-4288519B4CDE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A44BEA2C-93ED-455E-8B15-7BA559F23DE0} - System32\Tasks\{542E628D-10C4-41DD-9758-10C60F56980A} => pcalua.exe -a "C:\Program Files (x86)\Kensington\TrackballWorks\Uninstall.exe" -c "C:\Program Files (x86)\Kensington\TrackballWorks\install.log"
Task: {A699CAD1-DD5E-48AF-BB00-85A8619BB447} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-08-09] (Google)
Task: {B3183ED9-8185-485E-B9EC-4B8E2E358416} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {D23CBB86-3502-409B-ADA6-7BCF08574BCB} - System32\Tasks\{299F1F97-D564-4A06-B15E-C8C0BB14E34B} => pcalua.exe -a "C:\Users\Laurent Effen Rocks\Desktop\6d2b2af8-68f0-478a-ba1d-2684f0462b50.exe" -d "C:\Users\Laurent Effen Rocks\Desktop"
Task: {DC1B2321-787A-4673-A4B1-6478420305E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E4E41824-6759-4AC5-84AA-AFF3B61F38B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {E7CAF7B4-E984-49A2-97E9-1867CCCEEAE9} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EFAC2E60-09B2-4F20-9104-5F0D8C032B5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {F1E39E49-76D8-48B0-AE71-5573E9C67562} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVSRegistryCleaner.job => C:\Program Files (x86)\AVS4YOU\AVSRegistryCleaner\AVSRegistryCleaner.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core.job => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA.job => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-07 22:19 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-13 17:10 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-06-21 01:07 - 2011-11-28 07:54 - 02036736 _____ () C:\Program Files (x86)\HTC Home\Clock.exe
2011-06-21 01:06 - 2011-06-21 01:06 - 00249344 _____ () C:\Program Files (x86)\HTC Home\Home.Base.dll
2011-06-20 08:12 - 2011-06-20 08:12 - 00011776 _____ () C:\Program Files (x86)\HTC Home\Home.Packaging.dll
2011-06-21 01:06 - 2011-06-22 03:15 - 00016896 _____ () C:\Program Files (x86)\HTC Home\Weather.Base.dll
2011-06-20 08:12 - 2014-12-13 08:38 - 00018432 _____ () C:\Program Files (x86)\HTC Home\Extras\Weather\MSN.dll
2011-06-20 03:49 - 2011-06-20 03:49 - 04660736 _____ () C:\Program Files (x86)\HTC Home\UIFramework.Weather.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-05-17 15:20 - 2014-04-21 17:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2011-03-13 18:55 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-02-13 03:31 - 2010-08-10 17:59 - 01263576 _____ () C:\Program Files (x86)\PC Tools Security\UserModeFileCache.dll
2011-02-13 03:31 - 2010-08-10 17:58 - 00091608 _____ () C:\Program Files (x86)\PC Tools Security\avengine\sdkBSCtrl.dll
2011-02-13 03:31 - 2010-08-30 16:05 - 00157656 _____ () C:\Program Files (x86)\PC Tools Security\NetworkLayer\PCTCFHook.dll
2011-03-13 18:55 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2014-07-23 22:59 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2014-07-23 22:59 - 2009-02-27 16:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2011-03-13 21:02 - 2007-12-24 00:08 - 00391680 _____ () C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:AstInfo
AlternateDataStreams: C:\ProgramData\TEMP:A4A25FD3
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: VRAID Log Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

========================= Accounts: ==========================

Administrator (S-1-5-21-2704817108-4072845770-1665254088-500 - Administrator - Disabled)
Galo (S-1-5-21-2704817108-4072845770-1665254088-1005 - Administrator - Disabled)
Guest (S-1-5-21-2704817108-4072845770-1665254088-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2704817108-4072845770-1665254088-1002 - Limited - Enabled)
Laurent Effen Rocks (S-1-5-21-2704817108-4072845770-1665254088-1000 - Administrator - Enabled) => C:\Users\Laurent Effen Rocks
LogMeInRemoteUser (S-1-5-21-2704817108-4072845770-1665254088-1003 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser
UpdatusUser (S-1-5-21-2704817108-4072845770-1665254088-1004 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: RAID Controller
Description: RAID Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 01:21:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: bfc

Start Time: 01d0334b9001993f

Termination Time: 9

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/18/2015 06:07:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/17/2015 04:03:47 PM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (01/17/2015 00:34:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Faulting module name: PEV.exe, version: 0.0.0.0, time stamp: 0x4e06cfe8
Exception code: 0x40000015
Fault offset: 0x0008d1c0
Faulting process id: 0xa04
Faulting application start time: 0xPEV.exe0
Faulting application path: PEV.exe1
Faulting module path: PEV.exe2
Report Id: PEV.exe3

Error: (01/17/2015 11:08:56 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (01/17/2015 10:25:53 AM) (Source: WTabletServicePro) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (01/17/2015 09:38:22 AM) (Source: MsiInstaller) (EventID: 11316) (User: Galo-PC)
Description: Product: Consumer Input Update Helper -- Error 1316. The specified account already exists.

Error: (01/17/2015 01:18:24 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/16/2015 02:35:33 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/15/2015 09:28:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AVSAudioRecorder.exe, version: 4.0.2.22, time stamp: 0x521b3ab6
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x1b29e229
Faulting process id: 0xc94
Faulting application start time: 0xAVSAudioRecorder.exe0
Faulting application path: AVSAudioRecorder.exe1
Faulting module path: AVSAudioRecorder.exe2
Report Id: AVSAudioRecorder.exe3

System errors:
=============
Error: (01/18/2015 04:21:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/18/2015 04:21:10 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/18/2015 04:17:58 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (01/18/2015 03:13:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/18/2015 03:13:07 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/18/2015 03:09:49 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 6) (User: NT AUTHORITY)
Description: Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

Error: (01/18/2015 03:08:29 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UpdateCenterService service.

Error: (01/18/2015 03:07:03 AM) (Source: mouclass) (EventID: 10) (User: )
Description: Could not disable interrupts on connected port device \Device\PointerClass1.

Error: (01/18/2015 02:42:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/18/2015 02:42:02 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Microsoft Office Sessions:
=========================
Error: (08/08/2012 07:13:01 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 28 seconds with 0 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2015-01-17 12:45:03.770
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-17 12:45:03.590
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-17 12:45:03.410
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-01-17 12:45:03.231
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-29 13:51:28.369
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-29 13:51:28.208
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-29 13:51:28.047
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-29 13:51:27.886
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-27 00:41:34.071
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-12-27 00:41:33.900
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD Athlon™ 64 X2 Dual Core Processor 4800+
Percentage of memory in use: 58%
Total physical RAM: 3327.3 MB
Available physical RAM: 1380.59 MB
Total Pagefile: 6652.79 MB
Available Pagefile: 4257.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:212.9 GB) NTFS
Drive f: (Elements) (Fixed) (Total:596.17 GB) (Free:434.57 GB) NTFS
Drive g: (Data) (Fixed) (Total:465.76 GB) (Free:308.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: A6650269)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 800C2CD1)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 596.2 GB) (Disk ID: 0028F2EE)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Advertisements

Register to Remove

#2 OCD

SuperHelper

Malware Team
5,574 posts

Posted 18 January 2015 - 08:43 PM

Hi ggee,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

uTorrent

If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

I see you have/had ComboFix installed. When did you last use it?

What other malware removal programs have you run with regards to this issue?

=========================

Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt

Start
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM-x32 -> DefaultScope {27A228E7-6BC2-4C4B-9F55-26382491968E} URL =
SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKLM-x32 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} ->  No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} -  No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Task: {4D6D41D4-D36B-4BFA-85DD-15C13E2B31DE} - \Digital Sites No Task File <==== ATTENTION
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
End

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

Junkware Removal Tool

Download Junkware Removal Tool to your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

Re-run Farbar Recovery Scan Tool it should be on your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

checkup.txt
Fixlog.txt
Adwcleaner[S0].txt
JRT.txt
new FRST.txt
P2P decision
ComboFix and other tools information
How is the computer running, any symptoms?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#3 ggee

Authentic Member

Authentic Member
78 posts

Posted 19 January 2015 - 01:08 AM

Hello,

To answer your questions:

uTorrent - Yes I installed it on my PC a long time ago. But I do not use it (maybe twice in the last two years) and it is not set to automatically run, connect, or share. It is set up in such a way that it will only run when I manually start it, and I shut it down when I exit out of it. Again, just so you are aware - I do not use it.

ComboFix - This was installed on my PC from the last time I received help from WTT. I beleive the last time I ran it was back in mid 2014. The only malware tool I ran with regards to this current infection was Malware Bytes (scan version only), and then MS Security Essentials.

Other Malware tool installed - My main realtime antivirus and firewall is MS Security Essentials. For realtime spyware I use Spyware Doctor (from PC Tools Security). Those are the only two realtime active tools I use. I also use the free version of Malware Bytes which is not realtime - it only performs manual updates and scans.

Symptoms - There does not seem to be any true symptoms, but I can't be sure there is anything infected. That is way I thought it might be best to come to you guys, just to be sure. Although, sometime my PC does get sluggish momentarily. This has been happening for about the past 4 or 5 months. But I think that may be more of a pure performance thing, which I will also have checked with you guys (after we are done with this).

**Update** - Actually, I just noticed my IE 11 won't open certain web sites. For example I can't get into cnn.com, or msn.com. I can't even get into yahoo.com, or my schools' website. This was not happening before. Yet somehow I can get into youtube.com (although the ad on the top of the page says "This page can't be displayed"). And I can get into WTT. The same thing is happening with my Firefox. Why????

Please see the attached logs in the order you instructed:

Results of screen317's Security Check version 0.99.93
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Spyware Doctor with AntiVirus
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Spyware Doctor with AntiVirus 8.0
AVS Registry Cleaner 2.3.3.258
JavaFX 2.1.1
Java version 32-bit out of Date!
Adobe Flash Player 16.0.0.257
Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks at 2015-01-19 00:25:33 Run:1
Running from C:\Users\Laurent Effen Rocks\Desktop
Loaded Profiles: Laurent Effen Rocks (Available profiles: Laurent Effen Rocks & LogMeInRemoteUser & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 - (No Name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKLM-x32 -> DefaultScope {27A228E7-6BC2-4C4B-9F55-26382491968E} URL =
SearchScopes: HKLM-x32 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKLM-x32 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://vosteran.com/...r=2061285875=
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = http://search.tb.ask...or={searchTerms}
SearchScopes: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> {8fe8d013-c3fd-4802-af48-79274e9f969e} URL = http://search.mywebs...or={searchTerms}
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> No File
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Task: {4D6D41D4-D36B-4BFA-85DD-15C13E2B31DE} - \Digital Sites No Task File <==== ATTENTION
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
End
*****************

Processes closed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8fe8d013-c3fd-4802-af48-79274e9f969e} => Key not found.
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110a9ea2-8810-4c04-b916-cfd4e9427fec}" => Key deleted successfully.
HKCR\CLSID\{110a9ea2-8810-4c04-b916-cfd4e9427fec} => Key not found.
"HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8fe8d013-c3fd-4802-af48-79274e9f969e}" => Key deleted successfully.
HKCR\CLSID\{8fe8d013-c3fd-4802-af48-79274e9f969e} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{71576546-354D-41c9-AAE8-31F2EC22BF0D} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{71576546-354D-41c9-AAE8-31F2EC22BF0D}" => Key deleted successfully.
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => value deleted successfully.
HKCR\CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D6D41D4-D36B-4BFA-85DD-15C13E2B31DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D6D41D4-D36B-4BFA-85DD-15C13E2B31DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Digital Sites" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 698.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog 00:26:11 ====

# AdwCleaner v4.108 - Report created 19/01/2015 at 00:58:57
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Laurent Effen Rocks - GALO-PC
# Running from : C:\Users\Laurent Effen Rocks\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\Program Files (x86)\HiDefMedia
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Laurent Effen Rocks\AppData\Local\PackageAware
Folder Deleted : C:\Users\Laurent Effen Rocks\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Laurent Effen Rocks\AppData\Roaming\GrabPro
File Deleted : C:\Windows\Downloaded Program Files\popcaploader.inf
File Deleted : C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default\searchplugins\bingp.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3315828
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28C02550-6572-401a-A2AE-5BC703C9BBA6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD4D7B0F-45C6-4bb2-A1E7-54D1754E7FC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5C9CB1C-1C0A-45A2-81CC-1DD342D0A478}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKLM\SOFTWARE\CompeteInc

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.FF19Solved", "true");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.UserID", "UN34059080071753220");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.browser.search.defaultthis.engineName", "true");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.fullUserID", "UN34059080071753220.IN.20140101200103");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.installDate", "01/01/2014 20:01:21");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.installSessionId", "{3B38BA88-490E-4E91-A0DE-EF75503748A8}");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.installSp", "TRUE");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.installerVersion", "1.8.1.4");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.keyword", "true");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.originalHomepage", "hxxp://www.google.com");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.originalSearchAddressUrl", "hxxp://www.bing.com/search?FORM=U019DF&PC=U019&dt=072713&q=");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.originalSearchEngine", "Bing ");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.originalSearchEngineName", "Bing ");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.searchRevert", "false");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.searchUninstallUserMode", "2");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.searchUserMode", "2");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.smartbar.homepage", "true");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.toolbarInstallDate", "01-01-2014 20:01:03");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.versionFromInstaller", "10.23.0.726");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("CT3315828.xpeMode", "0");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.bing.com/search?FORM=U019DF&PC=U019&dt=072713&q=");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "InternetHelper3.7 Customized Web Search");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://vosteran.com/?f=1&a=vst_ggfc_15_03_ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0FyEyCyB0CtBtAzzyEyB0FtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1[...]
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://vosteran.com/?f=2&a=vst_ggfc_15_03_ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0FyEyCyB0CtBtAzzyEyB0FtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDy[...]
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://vosteran.com/?f=3&a=vst_ggfc_15_03_ie&cd=2XzuyEtN2Y1L1QzutDtDtCtCtB0FyEyCyB0CtBtAzzyEyB0FtN0D0Tzu0StCtCtCtBtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzyt[...]
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3315828");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3315828");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3315828");
[mkcyav34.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "YKYUH8UX8SATL4JNQBWKHIGY4YOD5FSEWHOQ+WBQQJPWYUGFE1YER23BTMG+UAWEVFXGD0AQRP+ALDEQVBFRTG");

-\\ Google Chrome v

[C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Laurent Effen Rocks\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp

*************************

AdwCleaner[R0].txt - [9510 octets] - [19/01/2015 00:38:12]
AdwCleaner[S0].txt - [9714 octets] - [19/01/2015 00:58:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9774 octets] ##########

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks (administrator) on GALO-PC on 19-01-2015 01:28:48
Running from C:\Users\Laurent Effen Rocks\Desktop
Loaded Profiles: Laurent Effen Rocks (Available profiles: Laurent Effen Rocks & LogMeInRemoteUser & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\ASTSRV.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Kensington) C:\Program Files (x86)\Kensington\TrackballWorks\TbwHelper.exe
() C:\Program Files (x86)\HTC Home\Clock.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsGui.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(PC Tools) C:\Program Files (x86)\PC Tools Security\pctsSvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2704817108-4072845770-1665254088-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll (TechSmith Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
BHO-x32: ContributeBHO Class -> {074C1DC5-9320-4A9A-947D-C042949C6216} -> C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
Toolbar: HKU\S-1-5-21-2704817108-4072845770-1665254088-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5}
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab
DPF: HKLM-x32 {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://simulcast.ma...v/LiveSound.dll
DPF: HKLM-x32 {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} http://adus1.liveblo...ory/laiexec.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab
DPF: HKLM-x32 {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://imageupload9....geUploader6.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.co...ploader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]
ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ]

FireFox:
========
FF ProfilePath: C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default
FF SearchEngineOrder.3: Bing
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 -> C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @virtools.com/3DviaPlayer -> C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @talk.google.com/O1DPlugin -> C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2704817108-4072845770-1665254088-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Laurent Effen Rocks\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Laurent Effen Rocks\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Laurent Effen Rocks\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: WOT - C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla\Firefox\Profiles\mkcyav34.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 astcc; C:\Windows\SysWOW64\astsrv.exe [57344 2008-11-26] (Nalpeiron Ltd.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [377704 2015-01-14] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2015-01-14] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [366840 2010-03-15] (PC Tools)
U2 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1150936 2010-11-19] (PC Tools)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-06-16] (DEVGURU Co., LTD.)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
S4 VRAID Log Service; C:\Program Files (x86)\VIA\RAID\vialogsv.exe [52888 2008-09-24] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [635160 2014-04-21] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 01:28 - 2015-01-19 01:29 - 00023911 _____ () C:\Users\Laurent Effen Rocks\Desktop\FRST.txt
2015-01-19 01:01 - 2015-01-19 01:01 - 00009894 _____ () C:\Users\Laurent Effen Rocks\Desktop\AdwCleaner[S0].txt
2015-01-19 00:37 - 2015-01-19 00:58 - 00000000 ____D () C:\AdwCleaner
2015-01-19 00:37 - 2015-01-19 00:36 - 02186752 _____ () C:\Users\Laurent Effen Rocks\Desktop\AdwCleaner.exe
2015-01-19 00:20 - 2015-01-19 00:20 - 00001034 _____ () C:\Users\Laurent Effen Rocks\Desktop\checkup.txt
2015-01-18 23:54 - 2015-01-18 23:54 - 00262144 ____N () C:\Windows\Minidump\011815-47781-01.dmp
2015-01-18 23:46 - 2015-01-18 23:46 - 00852504 _____ () C:\Users\Laurent Effen Rocks\Desktop\SecurityCheck.exe
2015-01-18 20:04 - 2015-01-18 21:43 - 00022875 _____ () C:\Users\Laurent Effen Rocks\Desktop\Written Assignment 1.xlsx
2015-01-18 19:06 - 2015-01-19 01:10 - 00000280 _____ () C:\Windows\setupact.log
2015-01-18 19:06 - 2015-01-18 19:06 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-18 19:05 - 2015-01-19 01:10 - 00002298 _____ () C:\Windows\PFRO.log
2015-01-18 14:12 - 2015-01-19 01:28 - 00000000 ____D () C:\FRST
2015-01-18 13:33 - 2015-01-18 13:33 - 02126848 _____ (Farbar) C:\Users\Laurent Effen Rocks\Desktop\FRST64.exe
2015-01-18 03:06 - 2015-01-18 03:06 - 00003262 _____ () C:\Windows\System32\Tasks\{299F1F97-D564-4A06-B15E-C8C0BB14E34B}
2015-01-18 03:06 - 2015-01-18 03:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrackballWorks
2015-01-17 15:59 - 2015-01-17 15:59 - 00000704 _____ () C:\EamClean.log
2015-01-17 12:51 - 2015-01-17 12:51 - 00037644 _____ () C:\ComboFix.txt
2015-01-17 09:39 - 2015-01-17 09:39 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\IsolatedStorage
2015-01-17 09:36 - 2015-01-17 10:16 - 00000000 __HDC () C:\ProgramData\{FA77A43D-F6ED-4924-87B5-517C061388C6}
2015-01-17 09:36 - 2015-01-17 09:36 - 00000000 ____D () C:\ProgramData\Unchecky
2015-01-17 09:34 - 2015-01-17 10:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2015-01-15 20:47 - 2015-01-15 20:47 - 00262144 ____N () C:\Windows\Minidump\011515-34187-01.dmp
2015-01-14 10:52 - 2015-01-14 10:52 - 05013680 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-13 15:17 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 15:17 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 15:17 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 15:17 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 15:17 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 15:17 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 15:16 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 15:16 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 15:16 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 15:16 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 15:16 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 15:16 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 15:16 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-09 00:40 - 2015-01-09 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-02 16:01 - 2015-01-19 01:06 - 00000964 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA.job
2015-01-02 16:01 - 2015-01-18 16:06 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core.job
2015-01-02 16:01 - 2015-01-02 16:01 - 00003966 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA
2015-01-02 16:01 - 2015-01-02 16:01 - 00003570 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core
2014-12-27 20:00 - 2014-12-27 20:00 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrackballWorks
2014-12-27 19:58 - 2014-12-27 19:58 - 00000844 _____ () C:\Users\Laurent Effen Rocks\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
2014-12-27 19:56 - 2015-01-03 01:03 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\uTorrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-19 01:26 - 2011-02-13 03:30 - 00000000 ____D () C:\ProgramData\TEMP
2015-01-19 01:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-19 01:21 - 2011-02-07 12:52 - 01592861 _____ () C:\Windows\WindowsUpdate.log
2015-01-19 01:20 - 2011-02-13 03:30 - 00000000 ____D () C:\Program Files (x86)\PC Tools Security
2015-01-19 01:17 - 2011-02-20 20:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-19 01:15 - 2009-07-13 23:45 - 00017472 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-19 01:15 - 2009-07-13 23:45 - 00017472 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-19 01:10 - 2014-01-22 12:51 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-01-19 01:10 - 2014-01-22 12:51 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-01-19 01:10 - 2012-12-27 21:19 - 00000000 ____D () C:\Program Files (x86)\HTC Home
2015-01-19 01:10 - 2011-02-20 20:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-19 01:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-19 00:52 - 2012-12-18 20:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-19 00:29 - 2011-02-13 16:26 - 00000000 ____D () C:\ProgramData\LogMeIn
2015-01-18 23:54 - 2011-02-13 12:20 - 00000000 ____D () C:\Windows\Minidump
2015-01-18 12:08 - 2011-02-13 03:27 - 00000832 _____ () C:\Windows\Tasks\Google Software Updater.job
2015-01-18 05:05 - 2011-02-16 22:57 - 00000334 _____ () C:\Windows\Tasks\AVSRegistryCleaner.job
2015-01-18 02:37 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\L2Schemas
2015-01-18 02:10 - 2014-07-07 23:06 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 16:11 - 2014-09-14 16:09 - 00000000 ____D () C:\Program Files (x86)\RKill
2015-01-17 13:45 - 2014-09-14 18:40 - 00000000 ____D () C:\EEK
2015-01-17 12:51 - 2012-12-23 12:23 - 00000000 ____D () C:\Qoobox
2015-01-17 12:46 - 2014-10-27 01:27 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\CrashDumps
2015-01-17 12:46 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-17 12:29 - 2012-06-20 14:13 - 00000000 ____D () C:\Program Files (x86)\RogueKiller
2015-01-17 11:54 - 2014-09-14 16:57 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-17 11:02 - 2012-12-23 13:48 - 00000000 ____D () C:\Program Files (x86)\ComboFix
2015-01-17 10:36 - 2014-07-06 01:31 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-17 10:23 - 2009-07-13 21:34 - 00000580 _____ () C:\Windows\win.ini
2015-01-17 09:44 - 2011-09-10 12:53 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\.minecraft
2015-01-14 22:41 - 2014-03-28 09:47 - 00701788 _____ () C:\Windows\system32\perfh007.dat
2015-01-14 22:41 - 2014-03-28 09:47 - 00150686 _____ () C:\Windows\system32\perfc007.dat
2015-01-14 22:41 - 2011-02-13 00:34 - 00764030 _____ () C:\Windows\system32\perfh00A.dat
2015-01-14 22:41 - 2011-02-13 00:34 - 00164832 _____ () C:\Windows\system32\perfc00A.dat
2015-01-14 22:41 - 2011-02-07 13:28 - 02539324 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 22:41 - 2009-07-14 00:13 - 02539324 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 15:05 - 2011-02-13 16:26 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll
2015-01-14 15:05 - 2011-02-13 16:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2015-01-14 10:52 - 2012-12-18 20:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 10:52 - 2012-09-09 00:41 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 10:52 - 2012-09-09 00:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 03:23 - 2013-07-31 19:32 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:01 - 2011-02-07 17:58 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 15:17 - 2011-02-13 03:31 - 04151810 _____ () C:\Windows\system32\Drivers\Cat.DB
2015-01-13 08:33 - 2011-06-30 21:21 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\HpUpdate
2015-01-09 20:12 - 2012-09-09 00:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-03 01:33 - 2011-02-13 03:30 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\Google
2015-01-02 16:01 - 2012-09-09 00:29 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Roaming\Mozilla
2014-12-31 06:14 - 2011-02-07 13:32 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-28 16:29 - 2014-07-07 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 16:29 - 2014-07-07 23:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-27 20:20 - 2011-02-13 23:51 - 00000000 ____D () C:\Users\Laurent Effen Rocks\AppData\Local\Adobe
2014-12-27 19:54 - 2011-07-15 16:03 - 00000000 ____D () C:\Program Files (x86)\tixati

Some content of TEMP:
====================
C:\Users\Laurent Effen Rocks\AppData\Local\Temp\Quarantine.exe
C:\Users\Laurent Effen Rocks\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2015-01-14 01:34

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 01
Ran by Laurent Effen Rocks at 2015-01-19 01:29:53
Running from C:\Users\Laurent Effen Rocks\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: Spyware Doctor with AntiVirus (Disabled - Up to date) {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spyware Doctor (Enabled - Up to date) {94076BB2-F3DA-227F-9A1E-F060FF73600F}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

17-01-2015 09:36:37 PerforMax Cleaner
17-01-2015 10:34:59 PerforMax Cleaner
18-01-2015 19:18:54 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2015-01-19 00:25 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {013C4B54-932F-4442-841A-1BE52AA2DC38} - System32\Tasks\{EBA151F1-24E4-460C-B254-25AA24337936} => C:\Program Files (x86)\AVS4YOU\AVSAudioEditor\AVSAudioEditor.exe [2013-12-18] (Online Media Technologies Ltd.)
Task: {1890952D-21D4-41C9-B866-CAE72F8C737A} - System32\Tasks\AVSRegistryCleaner => C:\Program Files (x86)\AVS4YOU\AVSRegistryCleaner\AVSRegistryCleaner.exe [2014-03-03] (Online Media Technologies Ltd.)
Task: {1E7D5FB0-F3F0-4430-BB9D-E6BD738E74B4} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {3321EF01-B7A7-4C7C-8549-226BFCBF255E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {357FE73B-B397-4298-9769-63C29C7EDDE7} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {53FFFBDB-3E5B-43C8-BCF4-E4C6B5AEE200} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {624E7849-AFDB-4718-B521-AC97FC77AEE5} - System32\Tasks\{6C51A34F-0C1D-450D-B7F9-9AE1DD8D08FF} => pcalua.exe -a "G:\My Documents\BitTorrent Downloads\Winrar 3.70 and Key.exe" -d "G:\My Documents\BitTorrent Downloads"
Task: {7186BD4A-AAE1-43EF-AD81-97377770E06C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {7ACC5097-E2DE-4100-8B3F-1C2A7A4E265F} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {7E470414-E4B8-4CCA-997B-9D55C28D6E1D} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {9C8071CD-056C-48F4-9789-4288519B4CDE} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {A44BEA2C-93ED-455E-8B15-7BA559F23DE0} - System32\Tasks\{542E628D-10C4-41DD-9758-10C60F56980A} => pcalua.exe -a "C:\Program Files (x86)\Kensington\TrackballWorks\Uninstall.exe" -c "C:\Program Files (x86)\Kensington\TrackballWorks\install.log"
Task: {A699CAD1-DD5E-48AF-BB00-85A8619BB447} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2013-08-09] (Google)
Task: {B3183ED9-8185-485E-B9EC-4B8E2E358416} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {D23CBB86-3502-409B-ADA6-7BCF08574BCB} - System32\Tasks\{299F1F97-D564-4A06-B15E-C8C0BB14E34B} => pcalua.exe -a "C:\Users\Laurent Effen Rocks\Desktop\6d2b2af8-68f0-478a-ba1d-2684f0462b50.exe" -d "C:\Users\Laurent Effen Rocks\Desktop"
Task: {DC1B2321-787A-4673-A4B1-6478420305E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {E4E41824-6759-4AC5-84AA-AFF3B61F38B5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {E7CAF7B4-E984-49A2-97E9-1867CCCEEAE9} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2704817108-4072845770-1665254088-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {EFAC2E60-09B2-4F20-9104-5F0D8C032B5C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {F1E39E49-76D8-48B0-AE71-5573E9C67562} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVSRegistryCleaner.job => C:\Program Files (x86)\AVS4YOU\AVSRegistryCleaner\AVSRegistryCleaner.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000Core.job => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2704817108-4072845770-1665254088-1000UA.job => C:\Users\Laurent Effen Rocks\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-07 22:19 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-02-13 17:10 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2011-03-31 16:08 - 2011-03-31 16:08 - 00080896 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2011-06-21 01:07 - 2011-11-28 07:54 - 02036736 _____ () C:\Program Files (x86)\HTC Home\Clock.exe
2011-06-21 01:06 - 2011-06-21 01:06 - 00249344 _____ () C:\Program Files (x86)\HTC Home\Home.Base.dll
2011-06-20 08:12 - 2011-06-20 08:12 - 00011776 _____ () C:\Program Files (x86)\HTC Home\Home.Packaging.dll
2011-06-21 01:06 - 2011-06-22 03:15 - 00016896 _____ () C:\Program Files (x86)\HTC Home\Weather.Base.dll
2011-06-20 08:12 - 2014-12-13 08:38 - 00018432 _____ () C:\Program Files (x86)\HTC Home\Extras\Weather\MSN.dll
2011-06-20 03:49 - 2011-06-20 03:49 - 04660736 _____ () C:\Program Files (x86)\HTC Home\UIFramework.Weather.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-05-17 15:20 - 2014-04-21 17:30 - 01356568 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2011-03-13 18:55 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-23 22:59 - 2009-02-27 16:39 - 00019968 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
2014-07-23 22:59 - 2009-02-27 16:32 - 00020480 _____ () C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
2011-03-13 21:02 - 2007-12-24 00:08 - 00391680 _____ () C:\Program Files (x86)\RocketDock\Docklets\StackDocklet\StackDocklet.dll
2011-03-13 18:55 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2011-02-13 03:31 - 2010-08-10 17:59 - 01263576 _____ () C:\Program Files (x86)\PC Tools Security\UserModeFileCache.dll