Need fixlist.txt for Farbar Recovery Scan Tool

Status
Not open for further replies.

Mr.LucianoSno

New Member
Thread author
Nov 21, 2013
8
Hi any help with this would be greatly appreciated

Here is my FRST.txt file

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by SYSTEM on MININT-5L8G8QU on 21-11-2013 01:07:36
Running from K:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [MRT] - C:\Windows\System32\MRT.exe [80541720 2013-10-26] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\Run: [HPADVISOR] - [x]
HKU\Default User\...\Run: [HPADVISOR] - [x]
HKU\Fabian Zayas\...\Run: [Google Update] - C:\Users\Fabian Zayas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-03] (Google Inc.)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - No File

==================== Services (Whitelisted) =================

S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

S3 gbridge; C:\Windows\System32\DRIVERS\gbridge64.sys [48192 2009-10-12] (Gbridge LLC)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [31832 2010-01-07] (KORG INC.)
S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S1 MpKsl24c7195b; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl24c7195b.sys [46768 2013-10-26] (Microsoft Corporation)
S1 MpKsl71c12e8c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl71c12e8c.sys [46768 2013-11-08] (Microsoft Corporation)
S1 MpKsl7de8a784; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl7de8a784.sys [46768 2013-11-08] (Microsoft Corporation)
S1 MpKsl81550350; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl81550350.sys [46768 2013-11-01] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
S1 eqcpqxgh; \??\C:\Windows\system32\drivers\eqcpqxgh.sys [x]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
S1 rgqxleuo; \??\C:\Windows\system32\drivers\rgqxleuo.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
2013-10-23 19:43 - 2013-10-23 19:43 - 38929700 _____ C:\Users\Fabian Zayas\Downloads\The Sound Of The Wolves DNB.wav

==================== One Month Modified Files and Folders =======

2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
2013-11-21 00:13 - 2010-01-19 21:39 - 00000000 ____D C:\users\Fabian Zayas
2013-11-21 00:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-11-18 00:00 - 2009-10-31 01:17 - 01296133 _____ C:\Windows\WindowsUpdate.log
2013-11-17 23:58 - 2012-02-03 07:03 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000UA.job
2013-11-17 23:52 - 2013-03-06 22:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-17 23:40 - 2011-02-15 19:09 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-17 22:40 - 2011-02-15 19:09 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 20:58 - 2012-02-03 07:03 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000Core.job
2013-11-17 19:02 - 2013-10-21 16:36 - 00000362 _____ C:\Windows\Tasks\HPCeeScheduleForFabian Zayas.job
2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-08 06:58 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
2013-11-08 06:51 - 2010-01-29 07:38 - 410054500 _____ C:\Windows\MEMORY.DMP
2013-11-08 06:51 - 2010-01-29 07:38 - 00000000 ____D C:\Windows\Minidump
2013-11-08 06:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-08 06:51 - 2009-07-13 20:51 - 00191847 _____ C:\Windows\setupact.log
2013-11-01 23:01 - 2013-04-30 11:44 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-01 23:01 - 2013-04-30 11:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-01 23:01 - 2013-04-30 11:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-31 05:59 - 2010-01-19 22:39 - 00000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-10-26 23:20 - 2012-05-12 23:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-26 23:20 - 2012-05-12 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-26 23:20 - 2009-08-19 02:18 - 00348350 _____ C:\Windows\PFRO.log
2013-10-26 23:00 - 2013-08-14 23:01 - 00000000 ____D C:\Windows\System32\MRT
2013-10-26 23:00 - 2010-02-21 23:22 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-26 12:02 - 2013-10-21 16:36 - 00003230 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFabian Zayas
2013-10-25 16:36 - 2010-01-20 22:44 - 00000000 ____D C:\Users\Fabian Zayas\AppData\Roaming\HpUpdate
2013-10-23 19:43 - 2013-10-23 19:43 - 38929700 _____ C:\Users\Fabian Zayas\Downloads\The Sound Of The Wolves DNB.wav
2013-10-22 22:04 - 2012-02-03 07:04 - 00002409 _____ C:\Users\Fabian Zayas\Desktop\Google Chrome.lnk
2013-10-22 21:35 - 2011-02-15 19:09 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-22 21:35 - 2011-02-15 19:09 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

ZeroAccess:
C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.

Files to move or delete:
====================
C:\ProgramData\0949343.pad
C:\ProgramData\4v7x6c2B2.dat
C:\Users\Fabian Zayas\audacity-win-1.2.6.exe
C:\Users\Fabian Zayas\switchsetup.exe
C:\Users\Fabian Zayas\utorrent.exe


Some content of TEMP:
====================
C:\Users\Fabian Zayas\AppData\Local\Temp\50or.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\alw8tfq0.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\bitool.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\Bonjour64Setup.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\bpuninstall.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\burnsetup.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\default_pack_installer.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\emhumjj-.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\ffmpeg15.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\FlashPlayer.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\intrau3.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\oyhilrl7.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\tspohk6x.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\uninst.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\vpsetup.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\wctikeq3.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\xtj1ygy9.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\zfqyfyh4.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\zipsetup.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

19
Restore point made on: 2013-10-28 23:00:15
Restore point made on: 2013-10-29 23:00:15
Restore point made on: 2013-10-30 23:00:14
Restore point made on: 2013-10-31 23:00:15
Restore point made on: 2013-11-01 23:00:24
Restore point made on: 2013-11-02 23:00:20
Restore point made on: 2013-11-03 00:00:16
Restore point made on: 2013-11-08 06:53:45
Restore point made on: 2013-11-09 00:00:26
Restore point made on: 2013-11-10 00:00:15
Restore point made on: 2013-11-11 00:00:14
Restore point made on: 2013-11-12 00:00:15
Restore point made on: 2013-11-13 00:00:15
Restore point made on: 2013-11-14 00:00:15
Restore point made on: 2013-11-15 00:00:15
Restore point made on: 2013-11-16 00:00:15
Restore point made on: 2013-11-17 00:00:15
Restore point made on: 2013-11-18 00:00:15
Restore point made on: 2013-11-19 00:00:14

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3966.49 MB
Available physical RAM: 3197.69 MB
Total Pagefile: 3964.69 MB
Available Pagefile: 3217.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:244.97 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
Drive k: () (Removable) (Total:7.45 GB) (Free:0.99 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-11-09 21:03

==================== End Of Log ============================
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Hi, I'll be working with you. We'll start here, and moderator will move this thread to appropriate forum.

[attachment=6300]

On your clean PC, download the following file by right-clicking it and select save as


and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally.
 

Attachments

  • fixlist.txt
    359 bytes · Views: 1,364

Mr.LucianoSno

New Member
Thread author
Nov 21, 2013
8
Thank you for your quick response.

I attempted to boot normally and my computer still freezes on the same black screen.

Here is my fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
Ran by SYSTEM at 2013-11-22 22:58:16 Run:1
Running from K:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
S1 eqcpqxgh; \??\C:\Windows\system32\drivers\eqcpqxgh.sys [x]
S1 rgqxleuo; \??\C:\Windows\system32\drivers\rgqxleuo.sys [x]
C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda
C:\Windows\svchost.exe
C:\ProgramData\0949343.pad
C:\ProgramData\4v7x6c2B2.dat
C:\Users\Fabian Zayas\AppData\Local\Temp
DeleteJunctionsIndirectory: C:\Windows\system64

*****************

eqcpqxgh => Service deleted successfully.
rgqxleuo => Service deleted successfully.
C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda => Moved successfully.
C:\Windows\svchost.exe => Moved successfully.
C:\ProgramData\0949343.pad => Moved successfully.
C:\ProgramData\4v7x6c2B2.dat => Moved successfully.
C:\Users\Fabian Zayas\AppData\Local\Temp => Moved successfully.
Error: DeleteJunctionsIndirectory: C:\Windows\system64 => entry should be fixed outside recovery mode.

==== End of Fixlog ====
 

Mr.LucianoSno

New Member
Thread author
Nov 21, 2013
8
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by SYSTEM on MININT-5L8G8QU on 21-11-2013 01:07:36
Running from K:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [MRT] - C:\Windows\System32\MRT.exe [80541720 2013-10-26] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\Run: [HPADVISOR] - [x]
HKU\Default User\...\Run: [HPADVISOR] - [x]
HKU\Fabian Zayas\...\Run: [Google Update] - C:\Users\Fabian Zayas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-03] (Google Inc.)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - No File

==================== Services (Whitelisted) =================

S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

S3 gbridge; C:\Windows\System32\DRIVERS\gbridge64.sys [48192 2009-10-12] (Gbridge LLC)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [31832 2010-01-07] (KORG INC.)
S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S1 MpKsl24c7195b; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl24c7195b.sys [46768 2013-10-26] (Microsoft Corporation)
S1 MpKsl71c12e8c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl71c12e8c.sys [46768 2013-11-08] (Microsoft Corporation)
S1 MpKsl7de8a784; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl7de8a784.sys [46768 2013-11-08] (Microsoft Corporation)
S1 MpKsl81550350; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl81550350.sys [46768 2013-11-01] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
S1 eqcpqxgh; \??\C:\Windows\system32\drivers\eqcpqxgh.sys [x]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
S1 rgqxleuo; \??\C:\Windows\system32\drivers\rgqxleuo.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
2013-10-23 19:43 - 2013-10-23 19:43 - 38929700 _____ C:\Users\Fabian Zayas\Downloads\The Sound Of The Wolves DNB.wav

==================== One Month Modified Files and Folders =======

2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
2013-11-21 00:13 - 2010-01-19 21:39 - 00000000 ____D C:\users\Fabian Zayas
2013-11-21 00:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-11-18 00:00 - 2009-10-31 01:17 - 01296133 _____ C:\Windows\WindowsUpdate.log
2013-11-17 23:58 - 2012-02-03 07:03 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000UA.job
2013-11-17 23:52 - 2013-03-06 22:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-17 23:40 - 2011-02-15 19:09 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-17 22:40 - 2011-02-15 19:09 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 20:58 - 2012-02-03 07:03 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000Core.job
2013-11-17 19:02 - 2013-10-21 16:36 - 00000362 _____ C:\Windows\Tasks\HPCeeScheduleForFabian Zayas.job
2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-08 06:58 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
2013-11-08 06:51 - 2010-01-29 07:38 - 410054500 _____ C:\Windows\MEMORY.DMP
2013-11-08 06:51 - 2010-01-29 07:38 - 00000000 ____D C:\Windows\Minidump
2013-11-08 06:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-08 06:51 - 2009-07-13 20:51 - 00191847 _____ C:\Windows\setupact.log
2013-11-01 23:01 - 2013-04-30 11:44 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-01 23:01 - 2013-04-30 11:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-01 23:01 - 2013-04-30 11:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-10-31 05:59 - 2010-01-19 22:39 - 00000552 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2013-10-26 23:20 - 2012-05-12 23:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-26 23:20 - 2012-05-12 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-26 23:20 - 2009-08-19 02:18 - 00348350 _____ C:\Windows\PFRO.log
2013-10-26 23:00 - 2013-08-14 23:01 - 00000000 ____D C:\Windows\System32\MRT
2013-10-26 23:00 - 2010-02-21 23:22 - 80541720 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-26 12:02 - 2013-10-21 16:36 - 00003230 _____ C:\Windows\System32\Tasks\HPCeeScheduleForFabian Zayas
2013-10-25 16:36 - 2010-01-20 22:44 - 00000000 ____D C:\Users\Fabian Zayas\AppData\Roaming\HpUpdate
2013-10-23 19:43 - 2013-10-23 19:43 - 38929700 _____ C:\Users\Fabian Zayas\Downloads\The Sound Of The Wolves DNB.wav
2013-10-22 22:04 - 2012-02-03 07:04 - 00002409 _____ C:\Users\Fabian Zayas\Desktop\Google Chrome.lnk
2013-10-22 21:35 - 2011-02-15 19:09 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-22 21:35 - 2011-02-15 19:09 - 00003654 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

ZeroAccess:
C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.

Files to move or delete:
====================
C:\ProgramData\0949343.pad
C:\ProgramData\4v7x6c2B2.dat
C:\Users\Fabian Zayas\audacity-win-1.2.6.exe
C:\Users\Fabian Zayas\switchsetup.exe
C:\Users\Fabian Zayas\utorrent.exe


Some content of TEMP:
====================
C:\Users\Fabian Zayas\AppData\Local\Temp\50or.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\alw8tfq0.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\bitool.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\Bonjour64Setup.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\bpuninstall.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\burnsetup.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\default_pack_installer.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\emhumjj-.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\ffmpeg15.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\FlashPlayer.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\intrau3.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\oyhilrl7.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\tspohk6x.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\uninst.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\vpsetup.exe
C:\Users\Fabian Zayas\AppData\Local\Temp\wctikeq3.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\xtj1ygy9.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\zfqyfyh4.dll
C:\Users\Fabian Zayas\AppData\Local\Temp\zipsetup.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

19
Restore point made on: 2013-10-28 23:00:15
Restore point made on: 2013-10-29 23:00:15
Restore point made on: 2013-10-30 23:00:14
Restore point made on: 2013-10-31 23:00:15
Restore point made on: 2013-11-01 23:00:24
Restore point made on: 2013-11-02 23:00:20
Restore point made on: 2013-11-03 00:00:16
Restore point made on: 2013-11-08 06:53:45
Restore point made on: 2013-11-09 00:00:26
Restore point made on: 2013-11-10 00:00:15
Restore point made on: 2013-11-11 00:00:14
Restore point made on: 2013-11-12 00:00:15
Restore point made on: 2013-11-13 00:00:15
Restore point made on: 2013-11-14 00:00:15
Restore point made on: 2013-11-15 00:00:15
Restore point made on: 2013-11-16 00:00:15
Restore point made on: 2013-11-17 00:00:15
Restore point made on: 2013-11-18 00:00:15
Restore point made on: 2013-11-19 00:00:14

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3966.49 MB
Available physical RAM: 3197.69 MB
Total Pagefile: 3964.69 MB
Available Pagefile: 3217.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:244.97 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
Drive k: () (Removable) (Total:7.45 GB) (Free:0.99 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-11-09 21:03

==================== End Of Log ============================
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
On your clean PC, download the following file by right-clicking it and select save as

[attachment=6406]

and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally.
 

Attachments

  • fixlist.txt
    536 bytes · Views: 432

Mr.LucianoSno

New Member
Thread author
Nov 21, 2013
8
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
Ran by SYSTEM at 2013-12-01 19:19:07 Run:3
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
S1 eqcpqxgh; \??\C:\Windows\system32\drivers\eqcpqxgh.sys [x]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [x]
S1 rgqxleuo; \??\C:\Windows\system32\drivers\rgqxleuo.sys [x]
C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda
C:\Windows\svchost.exe
C:\ProgramData\0949343.pad
C:\ProgramData\4v7x6c2B2.dat
C:\Users\Fabian Zayas\audacity-win-1.2.6.exe
C:\Users\Fabian Zayas\switchsetup.exe
C:\Users\Fabian Zayas\utorrent.exe
C:\Users\Fabian Zayas\AppData\Local\Temp
*****************

eqcpqxgh => Service deleted successfully.
PCDSRVC{F36B3A4C-F95654BD-06000000}_0 => Service deleted successfully.
rgqxleuo => Service deleted successfully.
"C:\$Recycle.Bin\S-1-5-20\$7f423d6bb8301d0cfc6ddd327d766fda" => File/Directory not found.
"C:\Windows\svchost.exe" => File/Directory not found.
"C:\ProgramData\0949343.pad" => File/Directory not found.
"C:\ProgramData\4v7x6c2B2.dat" => File/Directory not found.
"C:\Users\Fabian Zayas\audacity-win-1.2.6.exe" => File/Directory not found.
"C:\Users\Fabian Zayas\switchsetup.exe" => File/Directory not found.
"C:\Users\Fabian Zayas\utorrent.exe" => File/Directory not found.
"C:\Users\Fabian Zayas\AppData\Local\Temp" => File/Directory not found.

==== End of Fixlog ====

Attempted to Boot Normally and same result
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
I need fresh FRST report, you attached the first report you created...

Boot to recovery, open FRST, press Scan and attach that report...
 

Mr.LucianoSno

New Member
Thread author
Nov 21, 2013
8
Sorry, I did as you directed. Here is the Fresh FRST report.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by SYSTEM on MININT-9IATATT on 02-12-2013 02:41:49
Running from K:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [MRT] - C:\Windows\System32\MRT.exe [80541720 2013-10-26] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\Run: [HPADVISOR] - [x]
HKU\Default User\...\Run: [HPADVISOR] - [x]
HKU\Fabian Zayas\...\Run: [Google Update] - C:\Users\Fabian Zayas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-03] (Google Inc.)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - No File

==================== Services (Whitelisted) =================

S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
S2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

S3 gbridge; C:\Windows\System32\DRIVERS\gbridge64.sys [48192 2009-10-12] (Gbridge LLC)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [31832 2010-01-07] (KORG INC.)
S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S1 MpKsl24c7195b; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl24c7195b.sys [46768 2013-10-26] (Microsoft Corporation)
S1 MpKsl71c12e8c; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl71c12e8c.sys [46768 2013-11-08] (Microsoft Corporation)
S1 MpKsl7de8a784; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl7de8a784.sys [46768 2013-11-08] (Microsoft Corporation)
S1 MpKsl81550350; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B14D72D4-AEC5-4005-BC79-2307C0E89114}\MpKsl81550350.sys [46768 2013-11-01] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
S3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
S4 eqcpqxgh;
S4 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;
S4 rgqxleuo;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp

==================== One Month Modified Files and Folders =======

2013-12-01 19:08 - 2010-01-19 21:39 - 00000000 ____D C:\users\Fabian Zayas
2013-11-21 01:07 - 2013-11-21 01:07 - 00000000 ____D C:\FRST
2013-11-21 00:13 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2013-11-19 20:00 - 2013-11-19 20:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
2013-11-19 20:00 - 2013-11-19 20:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
2013-11-19 19:58 - 2013-11-19 19:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-19 19:41 - 2013-11-19 19:41 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-11-18 00:00 - 2009-10-31 01:17 - 01296133 _____ C:\Windows\WindowsUpdate.log
2013-11-17 23:58 - 2012-02-03 07:03 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000UA.job
2013-11-17 23:52 - 2013-03-06 22:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-17 23:40 - 2011-02-15 19:09 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-17 22:40 - 2011-02-15 19:09 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-17 20:58 - 2012-02-03 07:03 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000Core.job
2013-11-17 19:02 - 2013-10-21 16:36 - 00000362 _____ C:\Windows\Tasks\HPCeeScheduleForFabian Zayas.job
2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-08 07:00 - 2009-07-13 20:45 - 00015792 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-08 06:58 - 2009-07-13 21:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-08 06:51 - 2013-11-08 06:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
2013-11-08 06:51 - 2010-01-29 07:38 - 410054500 _____ C:\Windows\MEMORY.DMP
2013-11-08 06:51 - 2010-01-29 07:38 - 00000000 ____D C:\Windows\Minidump
2013-11-08 06:51 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-08 06:51 - 2009-07-13 20:51 - 00191847 _____ C:\Windows\setupact.log

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

19
Restore point made on: 2013-10-28 23:00:15
Restore point made on: 2013-10-29 23:00:15
Restore point made on: 2013-10-30 23:00:14
Restore point made on: 2013-10-31 23:00:15
Restore point made on: 2013-11-01 23:00:24
Restore point made on: 2013-11-02 23:00:20
Restore point made on: 2013-11-03 00:00:16
Restore point made on: 2013-11-08 06:53:45
Restore point made on: 2013-11-09 00:00:26
Restore point made on: 2013-11-10 00:00:15
Restore point made on: 2013-11-11 00:00:14
Restore point made on: 2013-11-12 00:00:15
Restore point made on: 2013-11-13 00:00:15
Restore point made on: 2013-11-14 00:00:15
Restore point made on: 2013-11-15 00:00:15
Restore point made on: 2013-11-16 00:00:15
Restore point made on: 2013-11-17 00:00:15
Restore point made on: 2013-11-18 00:00:15
Restore point made on: 2013-11-19 00:00:14

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3966.49 MB
Available physical RAM: 3212.71 MB
Total Pagefile: 3964.69 MB
Available Pagefile: 3198.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:244.97 GB) NTFS
Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
Drive k: () (Removable) (Total:7.45 GB) (Free:0.99 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-11-09 21:03

==================== End Of Log ============================
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Download ListParts64.exe from link below, and save it to your USB.

http://www.bleepingcomputer.com/download/listparts/dl/78/

Go to recovery, run it, click on Scan, and attach the report.
 

Mr.LucianoSno

New Member
Thread author
Nov 21, 2013
8
Here is the report.

ListParts by Farbar Version: 20-10-2013
Ran by SYSTEM (administrator) on 02-12-2013 at 03:31:21
Windows 7 (X64)
Running From: K:\
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3966.49 MB
Available physical RAM: 3346.18 MB
Total Pagefile: 3964.69 MB
Available Pagefile: 3337.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (HP) (Fixed) (Total:453.72 GB) (Free:244.97 GB) NTFS
2 Drive e: (FACTORY_IMAGE) (Fixed) (Total:11.94 GB) (Free:2.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.24 GB) (Free:0 GB) UDF
8 Drive k: () (Removable) (Total:7.45 GB) (Free:0.99 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 7629 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 1549F232

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 453 GB 101 MB
Partition 3 Primary 11 GB 453 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C HP NTFS Partition 453 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E FACTORY_IMA NTFS Partition 11 GB Healthy

======================================================================================================

Partitions of Disk 5:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7629 MB 16 KB

======================================================================================================

Disk: 5
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 K FAT32 Removable 7629 MB Healthy

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 1549F232
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==============================
Partitions of Disk 5:
===============
Disk ID: 00000000
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


****** End Of Log ******
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Let's try another method


On your clean PC, download the following file by right-clicking it and select save as

[attachment=6423]

and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally.
 

Attachments

  • fixlist.txt
    249 bytes · Views: 290

Mr.LucianoSno

New Member
Thread author
Nov 21, 2013
8
I was able to boot up normally!
Thank you for your efforts!

Here is my fixlog.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-11-2013
Ran by SYSTEM at 2013-12-02 04:01:49 Run:4
Running from K:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Run: [] - [x]
HKU\Default\...\Run: [HPADVISOR] - [x]
HKU\Default User\...\Run: [HPADVISOR] - [x]
cmd: bootrec /FixMbr
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\Run\\HPADVISOR => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\Run\\HPADVISOR => Value not found.

========= bootrec /FixMbr =========

??T h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Ok, we need to settle few more things, and check for malware remnants.


Now run FRST from Normal mode, and attach fresh report. Make sure to Check Addition.txt before Scan...
 

Mr.LucianoSno

New Member
Thread author
Nov 21, 2013
8
Here is the fresh report

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013
Ran by Fabian Zayas (administrator) on THEFACTORY on 02-12-2013 05:12:15
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Digidesign, A Division of Avid Technology, Inc.) C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
(Hewlett-Packard Company) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(M-Audio) C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Fabian Zayas\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRServer.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRFeature.exe
(CyberLink Corp.) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM-x32\...\Runonce: [ExpressZipUninstall] - cmd.exe /C rmdir /S /Q "C:\Program Files (x86)\NCH Software\ExpressZip" [x]
HKLM-x32\...\Runonce: [ExpressZipUninstall2] - cmd.exe /C rmdir /Q "C:\Program Files (x86)\NCH Software\ExpressZip" [x]
HKLM-x32\...\Runonce: [ExpressZipUninstall3] - cmd.exe /C rmdir /S /Q "C:\Users\Fabian Zayas\AppData\Roaming\NCH Software\Program Files\ExpressZip" [x]
HKLM-x32\...\Runonce: [ExpressZipUninstall4] - cmd.exe /C rmdir /Q "C:\Users\Fabian Zayas\AppData\Roaming\NCH Software\Program Files" [x]
HKLM-x32\...\Runonce: [ExpressZipUninstall5] - cmd.exe /C rmdir /Q "C:\Users\Fabian Zayas\AppData\Roaming\NCH Software" [x]
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKCU\...\Run: [Google Update] - C:\Users\Fabian Zayas\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-03] (Google Inc.)
MountPoints2: {79acb9ca-4def-11e0-a327-90e6ba954105} - L:\LaunchU3.exe -a
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:58687
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U040&ocid=U040DHP&dt=080813
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {3402CC29-EC9D-4FF3-8647-077679973A5B} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {74AE090C-745B-4BDF-96A5-2C7F29055522} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - DefaultScope {3402CC29-EC9D-4FF3-8647-077679973A5B} URL = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {74AE090C-745B-4BDF-96A5-2C7F29055522} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - DefaultScope {40419C19-01BD-D42C-3B25-A639D6F21B1C} URL = http://www.bing.com/search?q={searchTerms}&pc=Z016&form=ZGAIDF
SearchScopes: HKCU - {40419C19-01BD-D42C-3B25-A639D6F21B1C} URL = http://www.bing.com/search?q={searchTerms}&pc=Z016&form=ZGAIDF
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {74AE090C-745B-4BDF-96A5-2C7F29055522} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - {9D425283-D487-4337-BAB6-AB8354A81457} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

FireFox:
========
FF ProfilePath: C:\Users\Fabian Zayas\AppData\Roaming\Mozilla\Firefox\Profiles\jvo0hogw.default
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 58687
FF NetworkProxy: "type", 1
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U040DF&PC=U040&dt=080813&q=
FF Homepage: hxxp://www.msn.com/?pc=U040&ocid=U040DHP&dt=080813
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\Fabian Zayas\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Fabian Zayas\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Fabian Zayas\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Fabian Zayas\AppData\Roaming\Mozilla\Firefox\Profiles\jvo0hogw.default\searchplugins\bingp.xml
FF Extension: I Want This - C:\Users\Fabian Zayas\AppData\Roaming\Mozilla\Firefox\Profiles\jvo0hogw.default\Extensions\crossriderapp2258@crossrider.com
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Fabian Zayas\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Fabian Zayas\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Fabian Zayas\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Download Manager) - C:\Users\Fabian Zayas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbngmhdomibdionpoibpjdkloeggblgi\1.0_0\npDownloadManager.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Fabian Zayas\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Facebook Plugin) - C:\Users\Fabian Zayas\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Drive) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Sketchpad) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkllajgbhondgjjnhmmgbjndmogapinp\1.0.0.4_0
CHR Extension: () - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa\4.3.3_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1
CHR Extension: (WeVideo - Video Editor and Maker) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\okgjbfikepgflmlelgfgecmgjnmnmnnb\3.3.3_0
CHR Extension: (OneClick Cleaner for Chrome) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oncckmaelaecccmaniihojgeopkcajfh\0.9.0.7_0
CHR Extension: (Gmail) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (RSS Feed Reader) - C:\Users\FABIAN~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.0_0
CHR HKLM-x32\...\Chrome\Extension: [mpfapcdfbbledbojijcbcclmlieaoogk] - C:\Users\Fabian Zayas\AppData\Local\I Want This\Chrome\I Want This.crx

==================== Services (Whitelisted) =================

R2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
S3 digiSPTIService; C:\Program Files (x86)\Digidesign\Pro Tools\digiSPTIService.exe [159744 2009-08-14] (Digidesign, A Division of Avid Technology, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 USBMIDIAudioDevMon; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [1636872 2010-04-13] (M-Audio)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [303360 2011-12-07] ()

==================== Drivers (Whitelisted) ====================

R3 gbridge; C:\Windows\System32\DRIVERS\gbridge64.sys [48192 2009-10-13] (Gbridge LLC)
S3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [31832 2010-01-08] (KORG INC.)
S3 MAUSBMIDI; C:\Windows\System32\DRIVERS\MAudioUSBMIDI.sys [200200 2010-04-13] (M-Audio)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
S3 MBX2DFU; C:\Windows\System32\DRIVERS\MBX2DFU.sys [31120 2009-08-15] (Digidesign, A Division of Avid Technology, Inc.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2009-08-15] (Digidesign, A Division of Avid Technology, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347904 2013-01-30] (EldoS Corporation)
U4 eqcpqxgh;
U4 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;
U4 rgqxleuo;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-02 04:02 - 2013-12-02 04:02 - 00296704 _____ C:\Windows\Minidump\120213-20888-01.dmp
2013-11-21 04:07 - 2013-11-21 04:07 - 00000000 ____D C:\FRST
2013-11-19 23:00 - 2013-11-19 23:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
2013-11-19 23:00 - 2013-11-19 23:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
2013-11-19 22:58 - 2013-11-19 22:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-19 22:41 - 2013-11-19 22:41 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-11-08 09:51 - 2013-11-08 09:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp

==================== One Month Modified Files and Folders =======

2013-12-02 04:58 - 2012-02-03 10:03 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000UA.job
2013-12-02 04:52 - 2013-03-07 01:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-02 04:44 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-02 04:44 - 2009-07-13 23:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-02 04:41 - 2011-02-15 22:09 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 04:37 - 2009-10-31 04:17 - 01425841 _____ C:\Windows\WindowsUpdate.log
2013-12-02 04:28 - 2013-04-01 03:54 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-12-02 04:25 - 2011-11-06 06:34 - 00000000 ___HD C:\ProgramData\NCH Software
2013-12-02 04:25 - 2011-11-06 06:34 - 00000000 ____D C:\Program Files (x86)\NCH Software
2013-12-02 04:22 - 2013-04-01 03:47 - 00000000 ____D C:\Program Files (x86)\Bonjour
2013-12-02 04:22 - 2011-09-02 19:54 - 00000000 ____D C:\Users\Fabian Zayas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2013-12-02 04:22 - 2011-09-02 19:52 - 00000000 ____D C:\Program Files (x86)\Image-Line
2013-12-02 04:14 - 2009-07-14 00:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 04:08 - 2011-02-15 22:09 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 04:07 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 04:07 - 2009-07-13 23:51 - 00191993 _____ C:\Windows\setupact.log
2013-12-02 04:02 - 2013-12-02 04:02 - 00296704 _____ C:\Windows\Minidump\120213-20888-01.dmp
2013-12-02 04:02 - 2010-01-29 10:38 - 759066500 _____ C:\Windows\MEMORY.DMP
2013-12-02 04:02 - 2010-01-29 10:38 - 00000000 ____D C:\Windows\Minidump
2013-12-01 22:08 - 2010-01-20 00:39 - 00000000 ____D C:\Users\Fabian Zayas
2013-11-21 04:07 - 2013-11-21 04:07 - 00000000 ____D C:\FRST
2013-11-21 03:13 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2013-11-19 23:00 - 2013-11-19 23:00 - 00445859 _____ C:\Users\Fabian Zayas\Downloads\Unconfirmed 89245.crdownload
2013-11-19 23:00 - 2013-11-19 23:00 - 00000920 _____ C:\Users\Fabian Zayas\Desktop\Rkill.txt
2013-11-19 22:58 - 2013-11-19 22:58 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-11-19 22:41 - 2013-11-19 22:41 - 00000000 ____D C:\Windows\system32\MpEngineStore
2013-11-17 23:58 - 2012-02-03 10:03 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1262836980-3029127208-1620874908-1000Core.job
2013-11-08 09:51 - 2013-11-08 09:51 - 00292576 _____ C:\Windows\Minidump\110813-25662-01.dmp
2013-11-02 02:01 - 2013-04-30 14:44 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-02 02:01 - 2013-04-30 14:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-02 02:01 - 2013-04-30 14:41 - 00000000 ____D C:\Program Files\Microsoft Security Client

Some content of TEMP:
====================
C:\Users\Fabian Zayas\AppData\Local\Temp\uninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64


LastRegBack: 2013-11-10 00:03

==================== End Of Log ============================
 

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Download attached fixlist.txt on the same location as FRST (otherwise the fix won't work)

Open FRST, and click Fix. Attach me that report after it is finished.



1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guidehttp://www.bleepingcomputer.com/combofix/how-to-use-combofix carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.htmlthis or this Instruction.

Instructions how to disable avast:
  • Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
  • In the window that opens on the top right corner, click Settings.
  • In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
  • => Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
  • In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.

ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.

If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.


--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.



Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
 

Attachments

  • fixlist.txt
    771 bytes · Views: 233

Nigel79

New Member
Jan 4, 2015
1
Wondering if this thread is closed; last action over a year ago. I'm experiencing enormous trouble with what looks like a corrupted iexplore.exe file; ran FRST but don't know where to go from here. It looks like I need a fixlist.txt file, which obviously I have no clue :(
Any help would be highly appreciated
2 reports; 1) FRST report, 2) Addition.txt report:
/////////////////////////////////////////////// (1) FRST
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-01-2015 03
Ran by NorMac (administrator) on LEVIATHON on 04-01-2015 09:03:29
Running from C:\Users\NorMac\Downloads
Loaded Profile: NorMac (Available profiles: NorMac)
Platform: Windows 8 Pro (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\Start8\Start8_64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
(Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
(Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5237256 2012-12-20] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-20] (AVAST Software)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-09-09] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-19] (SUPERAntiSpyware)
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [eFax 4.4] => C:\Program Files (x86)\eFax Messenger 4.4\J2GDllCmd.exe [95744 2012-08-29] (j2 Global Communications, Inc.)
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [cdloader] => C:\Users\NorMac\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2013-11-14] (NETGEAR Inc.)
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566984 2014-04-25] (Safer-Networking Ltd.)
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [EssentialPIM] => C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe [17719664 2014-12-01] (Astonsoft)
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\Users\NorMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.4.lnk
ShortcutTarget: eFax 4.4.lnk -> C:\Program Files (x86)\eFax Messenger 4.4\J2GTray.exe (j2 Global Communications, Inc.)
Startup: C:\Users\NorMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HMA Pro VPN 2.0.lnk
ShortcutTarget: HMA Pro VPN 2.0.lnk -> C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe (Privax)
Startup: C:\Users\NorMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\NorMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar.lnk
ShortcutTarget: Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-485173556-832918840-2370493585-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-485173556-832918840-2370493585-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-485173556-832918840-2370493585-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-485173556-832918840-2370493585-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie64.dll (WinZip Computing, S.L.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: WinZip Courier BHO -> {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} -> C:\Program Files (x86)\WinZip Courier\wzwmcie32.dll (WinZip Computing, S.L.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {41525333-0076-A76A-76A7-7A786E7484D7} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\NorMac\AppData\Roaming\Mozilla\Firefox\Profiles\p4jsu73l.default-1415307498372
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @exent.com/npExentCtl,version=7.0.0.0 -> C:\Program Files (x86)\Free Ride Games\npExentCtl.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @winzip.com/Winzip Courier -> C:\Program Files (x86)\WinZip Courier\npwzwmc.dll (WinZip Computing, S.L.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: www.exent.com/GameTreatWidget -> C:\Program Files (x86)\Free Ride Games\NPGameTreatPlugin.dll No File
FF Plugin HKU\S-1-5-21-485173556-832918840-2370493585-1000: @citrixonline.com/appdetectorplugin -> C:\Users\NorMac\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKU\S-1-5-21-485173556-832918840-2370493585-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\NorMac\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{74c841e3-b59f-479e-8d7a-e26a942a87c8}] - C:\Program Files (x86)\WinZip Courier\FFExt
FF Extension: WinZip Courier - C:\Program Files (x86)\WinZip Courier\FFExt [2014-04-05]
FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-10]
FF HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-16]
CHR Extension: (Google Docs) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-16]
CHR Extension: (Google Drive) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-10]
CHR Extension: (YouTube) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-16]
CHR Extension: (Google Search) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-16]
CHR Extension: (Google Sheets) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-16]
CHR Extension: (Avast Online Security) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-08]
CHR Extension: (WinZip Courier) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk [2014-05-28]
CHR Extension: (Google Wallet) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-28]
CHR Extension: (Gmail) - C:\Users\NorMac\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-20]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [ilckobikkmajlmhhdenkhonjkoaneclk] - C:\Program Files (x86)\WinZip Courier\wzwmcgc.crx [2013-02-27]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-16] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-20] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-20] (Avast Software)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-11-14] (NETGEAR)
S3 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [34528 2013-04-24] (The OpenVPN Project)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2008-09-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-08-08] (Intuit Inc.) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Start8; C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [142960 2013-03-19] (Stardock Software, Inc)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1155088 2012-12-20] (Western Digital )
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248840 2012-12-20] (Western Digital)
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1178128 2012-12-20] (Western Digital )
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-20] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-20] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-20] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-20] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-20] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows (R) Win 7 DDK provider)
S3 ICDUSB3; C:\Windows\System32\Drivers\ICDUSB3.sys [13312 2008-08-18] (Sony Corporation)
R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2014-02-11] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-20] (Avast Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 X5XSEx_Pr143; \??\C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 09:06 - 2015-01-04 09:06 - 01707939 _____ (Thisisu) C:\Users\NorMac\Downloads\JRT (2).exe
2015-01-04 09:03 - 2015-01-04 09:05 - 00025082 _____ () C:\Users\NorMac\Downloads\FRST.txt
2015-01-04 09:01 - 2015-01-04 09:01 - 02173952 _____ () C:\Users\NorMac\Downloads\AdwCleaner (1).exe
2015-01-04 09:00 - 2015-01-04 09:03 - 00000000 ____D () C:\FRST
2015-01-04 08:51 - 2015-01-04 08:52 - 02123776 _____ (Farbar) C:\Users\NorMac\Downloads\FRST64.exe
2015-01-03 23:10 - 2015-01-03 23:10 - 00002790 _____ () C:\Users\NorMac\Desktop\cc_20150103_230953.reg
2015-01-03 22:33 - 2015-01-03 22:33 - 00003234 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-485173556-832918840-2370493585-1000
2015-01-03 22:32 - 2015-01-03 22:32 - 00003366 _____ () C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-485173556-832918840-2370493585-1000
2015-01-02 19:06 - 2015-01-02 19:06 - 00000000 ____D () C:\ProgramData\Sophos
2015-01-02 19:04 - 2015-01-02 19:04 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-01-02 19:04 - 2015-01-02 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-01-02 19:04 - 2015-01-02 19:04 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-01-02 18:59 - 2015-01-02 18:47 - 107479960 _____ (Sophos Limited) C:\Users\NorMac\Desktop\Sophos Virus Removal Tool(1).exe
2015-01-02 17:31 - 2015-01-02 17:40 - 01771732 _____ (Sophos Limited) C:\Users\NorMac\Downloads\Unconfirmed 257443.crdownload
2015-01-02 12:53 - 2015-01-02 12:53 - 06824304 _____ (ParetoLogic, Inc.) C:\Users\NorMac\Downloads\Repair_Tool.exe
2015-01-02 12:42 - 2015-01-02 12:42 - 00000794 _____ () C:\WINDOWS\setupact.log
2015-01-02 12:42 - 2015-01-02 12:42 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-02 09:03 - 2015-01-02 09:03 - 00000999 _____ () C:\Users\NorMac\Desktop\magicJack.lnk
2015-01-01 22:21 - 2015-01-01 22:21 - 00050508 _____ () C:\Users\NorMac\Desktop\cc_20150101_222046.reg
2015-01-01 21:44 - 2015-01-01 21:45 - 125705984 _____ (Microsoft Corporation) C:\Users\NorMac\Downloads\msert.exe
2015-01-01 21:03 - 2015-01-01 21:03 - 00002774 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-01-01 21:03 - 2015-01-01 21:03 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-01 21:03 - 2015-01-01 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-01 21:03 - 2015-01-01 21:03 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-01 21:02 - 2015-01-01 21:02 - 05317104 _____ (Piriform Ltd) C:\Users\NorMac\Downloads\ccsetup501.exe
2015-01-01 19:15 - 2015-01-01 19:30 - 00002278 _____ () C:\Users\NorMac\Desktop\Rkill.txt
2014-12-31 22:19 - 2015-01-03 23:24 - 00451271 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-31 22:17 - 2014-12-31 22:18 - 00511088 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-31 19:57 - 2014-12-31 19:57 - 00149144 _____ () C:\Users\NorMac\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-30 20:11 - 2014-12-30 20:11 - 00516603 _____ () C:\Users\NorMac\Downloads\2813_timeline_business_plan.zip
2014-12-30 20:10 - 2014-12-30 20:11 - 00436139 _____ () C:\Users\NorMac\Downloads\2828-timeline-gantt-ppt.zip
2014-12-30 20:10 - 2014-12-30 20:10 - 00216114 _____ () C:\Users\NorMac\Downloads\marketing-plan-timeline-template.zip
2014-12-30 20:09 - 2014-12-30 20:10 - 00172321 _____ () C:\Users\NorMac\Downloads\partner-development-powerpoint-timeline(1).zip
2014-12-30 20:09 - 2014-12-30 20:09 - 00188111 _____ () C:\Users\NorMac\Downloads\resume-timeline-career-path.zip
2014-12-30 20:08 - 2014-12-30 20:09 - 00172321 _____ () C:\Users\NorMac\Downloads\partner-development-powerpoint-timeline.zip
2014-12-30 20:07 - 2014-12-30 20:07 - 00138727 _____ () C:\Users\NorMac\Downloads\1028_schedule_ppt.zip
2014-12-30 20:06 - 2014-12-30 20:06 - 00348531 _____ () C:\Users\NorMac\Downloads\980_post_it_ppt.zip
2014-12-30 20:03 - 2014-12-30 20:03 - 00081088 _____ () C:\Users\NorMac\Downloads\51.zip
2014-12-30 20:01 - 2014-12-30 20:01 - 00626823 _____ () C:\Users\NorMac\Downloads\188.zip
2014-12-30 19:47 - 2014-12-30 19:47 - 00317699 _____ () C:\Users\NorMac\Downloads\1737_children_ppt.zip
2014-12-30 19:47 - 2014-12-30 19:47 - 00242204 _____ () C:\Users\NorMac\Downloads\881_puppies walking blue_ppt.zip
2014-12-30 19:47 - 2014-12-30 19:47 - 00191683 _____ () C:\Users\NorMac\Downloads\1992_turtle_ppt.zip
2014-12-30 19:46 - 2014-12-30 19:46 - 00549822 _____ () C:\Users\NorMac\Downloads\1791_childhood_ppt.zip
2014-12-30 19:44 - 2014-12-30 19:45 - 00296313 _____ () C:\Users\NorMac\Downloads\846_twitter_ppt.zip
2014-12-30 19:42 - 2014-12-30 19:42 - 00316625 _____ () C:\Users\NorMac\Downloads\329_white_horse_ppt.zip
2014-12-29 21:00 - 2014-12-29 21:00 - 13087456 _____ (Microsoft Corporation) C:\Users\NorMac\Downloads\Silverlight_x64 (2).exe
2014-12-29 20:56 - 2014-12-29 20:56 - 00079991 _____ () C:\Users\NorMac\Downloads\silverlight.diagcab
2014-12-28 22:43 - 2014-12-29 21:08 - 00003344 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-485173556-832918840-2370493585-1000
2014-12-28 22:43 - 2014-12-29 21:08 - 00003212 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-485173556-832918840-2370493585-1000
2014-12-28 19:39 - 2014-12-28 15:16 - 00000000 __SHD () C:\Jumpshot
2014-12-28 19:37 - 2014-12-28 22:36 - 00000000 ____D () C:\WINDOWS\jumpshot.com
2014-12-26 20:17 - 2014-12-26 20:44 - 00000247 _____ () C:\WINDOWS\system32\2014-12-27-01-17-00.093-aswFe.exe-1596.log
2014-12-26 20:16 - 2014-12-26 20:16 - 00000197 _____ () C:\WINDOWS\system32\2014-12-27-01-16-49.018-AvastVBoxSVC.exe-11984.log
2014-12-26 15:23 - 2014-12-26 15:37 - 00000247 _____ () C:\WINDOWS\system32\2014-12-26-20-23-30.049-aswFe.exe-13796.log
2014-12-26 15:22 - 2014-12-26 15:22 - 00000197 _____ () C:\WINDOWS\system32\2014-12-26-20-22-43.029-AvastVBoxSVC.exe-6888.log
2014-12-26 14:13 - 2014-12-26 14:22 - 00000247 _____ () C:\WINDOWS\system32\2014-12-26-19-13-36.033-aswFe.exe-14272.log
2014-12-26 14:13 - 2014-12-26 14:13 - 00000197 _____ () C:\WINDOWS\system32\2014-12-26-19-13-29.055-AvastVBoxSVC.exe-4232.log
2014-12-25 15:36 - 2014-12-25 15:37 - 00000197 _____ () C:\WINDOWS\system32\2014-12-25-20-36-08.072-AvastVBoxSVC.exe-3668.log
2014-12-25 15:35 - 2014-11-26 16:11 - 00714184 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-25 15:35 - 2014-11-26 16:11 - 00106440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-25 15:10 - 2014-12-25 15:19 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-25 15:08 - 2014-10-08 23:00 - 01519104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2014-12-25 15:08 - 2014-10-08 23:00 - 01484288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-12-25 15:08 - 2014-10-08 23:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2014-12-25 15:08 - 2014-10-08 22:59 - 01195520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2014-12-25 15:08 - 2014-10-08 22:59 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2014-12-25 12:06 - 2014-12-25 12:07 - 00000197 _____ () C:\WINDOWS\system32\2014-12-25-17-06-44.062-AvastVBoxSVC.exe-4776.log
2014-12-24 18:51 - 2014-12-24 18:53 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\EPIM-Outlook Sync
2014-12-24 18:50 - 2014-12-24 18:50 - 00000849 _____ () C:\Users\Public\Desktop\EPIM-Outlook Sync.lnk
2014-12-24 18:50 - 2014-12-24 18:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPIM-Outlook Sync
2014-12-24 18:50 - 2014-12-24 18:50 - 00000000 ____D () C:\Program Files\EPIM-Outlook Sync
2014-12-24 18:11 - 2014-12-24 18:11 - 00000000 ____D () C:\Users\NorMac\Documents\NorMac
2014-12-24 17:34 - 2014-12-24 17:34 - 16227712 _____ () C:\Users\NorMac\Downloads\EssentialPIMPro6(1).exe
2014-12-24 16:51 - 2014-12-24 16:53 - 00000197 _____ () C:\WINDOWS\system32\2014-12-24-21-51-58.024-AvastVBoxSVC.exe-3700.log
2014-12-23 08:51 - 2014-12-23 08:51 - 00000197 _____ () C:\WINDOWS\system32\2014-12-23-13-51-00.058-AvastVBoxSVC.exe-4720.log
2014-12-22 18:08 - 2014-12-22 18:10 - 00000197 _____ () C:\WINDOWS\system32\2014-12-22-23-08-39.021-AvastVBoxSVC.exe-3512.log
2014-12-21 17:51 - 2014-12-21 17:51 - 00000247 _____ () C:\WINDOWS\system32\2014-12-21-22-51-14.079-aswFe.exe-5972.log
2014-12-21 17:45 - 2014-12-21 17:50 - 00000247 _____ () C:\WINDOWS\system32\2014-12-21-22-45-52.048-aswFe.exe-9344.log
2014-12-21 17:45 - 2014-12-21 17:45 - 00000197 _____ () C:\WINDOWS\system32\2014-12-21-22-45-50.034-AvastVBoxSVC.exe-8124.log
2014-12-20 21:34 - 2014-12-20 21:35 - 00000247 _____ () C:\WINDOWS\system32\2014-12-21-02-34-57.092-aswFe.exe-5748.log
2014-12-20 21:30 - 2014-12-20 21:34 - 00000247 _____ () C:\WINDOWS\system32\2014-12-21-02-30-36.025-aswFe.exe-5252.log
2014-12-20 21:30 - 2014-12-20 21:30 - 00000197 _____ () C:\WINDOWS\system32\2014-12-21-02-30-32.062-AvastVBoxSVC.exe-4584.log
2014-12-20 15:20 - 2014-12-20 15:23 - 00000000 ____D () C:\WINDOWS\SysWOW64\vbox
2014-12-20 15:20 - 2014-12-20 15:23 - 00000000 ____D () C:\WINDOWS\system32\vbox
2014-12-20 10:58 - 2014-12-20 10:58 - 00001928 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-20 10:58 - 2014-12-20 10:57 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-20 10:57 - 2014-12-20 10:57 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-19 10:27 - 2014-12-30 18:26 - 00000000 ____D () C:\Users\NorMac\Downloads\NY Cooperative Loan Recognition Agreement_files
2014-12-19 10:27 - 2014-12-19 10:27 - 00026190 _____ () C:\Users\NorMac\Downloads\NY Cooperative Loan Recognition Agreement.html
2014-12-17 14:04 - 2014-12-17 14:04 - 02166272 _____ () C:\Users\NorMac\Downloads\adwcleaner_4.105.exe
2014-12-16 22:49 - 2014-12-23 20:33 - 00065536 ____H () C:\Users\NorMac\Documents\~Outlook-12345.pst.tmp
2014-12-16 22:34 - 2014-12-31 21:42 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\EssentialPIM Pro
2014-12-16 22:34 - 2014-12-24 18:22 - 00001087 _____ () C:\Users\Public\Desktop\EssentialPIM Pro.lnk
2014-12-16 22:34 - 2014-12-16 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EssentialPIM Pro
2014-12-16 22:34 - 2014-12-16 22:34 - 00000000 ____D () C:\Program Files (x86)\EssentialPIM Pro
2014-12-16 22:32 - 2014-12-16 22:32 - 16279040 _____ () C:\Users\NorMac\Downloads\EssentialPIMPro6.exe
2014-12-16 21:10 - 2014-12-16 21:10 - 00012540 _____ () C:\Users\NorMac\Documents\cc_20141216_211001.reg
2014-12-10 09:59 - 2014-12-10 09:59 - 00085862 _____ () C:\Users\NorMac\Documents\cc_20141210_095952.reg
2014-12-10 09:39 - 2014-11-21 03:38 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-10 09:39 - 2014-11-21 03:38 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-10 09:39 - 2014-11-21 03:37 - 01409536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-10 09:39 - 2014-11-21 03:37 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2014-12-10 09:39 - 2014-11-21 03:37 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 19283456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 15400960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 02655232 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-12-10 09:39 - 2014-11-21 03:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-12-10 09:39 - 2014-11-21 03:35 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-10 09:39 - 2014-11-21 02:17 - 01762816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-10 09:39 - 2014-11-21 02:17 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-10 09:39 - 2014-11-21 02:17 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-12-10 09:39 - 2014-11-21 02:17 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-10 09:39 - 2014-11-21 02:17 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-12-10 09:39 - 2014-11-21 02:16 - 13758976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-10 09:39 - 2014-11-21 02:16 - 02054656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-10 09:39 - 2014-11-21 02:16 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-10 09:39 - 2014-11-21 02:16 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-10 09:39 - 2014-11-21 02:16 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-10 09:39 - 2014-11-21 02:16 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-12-10 09:39 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-10 09:39 - 2014-11-21 02:16 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-10 09:39 - 2014-11-21 02:16 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2014-12-10 09:39 - 2014-11-21 02:16 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-12-10 09:39 - 2014-11-21 02:16 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-12-10 09:39 - 2014-11-21 02:16 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-12-10 09:39 - 2014-11-21 02:00 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-12-10 09:39 - 2014-11-21 01:54 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-12-10 09:39 - 2014-11-20 23:30 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2014-12-10 09:39 - 2014-10-11 02:44 - 19764736 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-12-10 09:39 - 2014-10-11 00:57 - 17562112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-12-10 09:39 - 2014-10-08 22:59 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-12-10 09:39 - 2014-10-08 22:59 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-12-10 09:39 - 2014-10-08 22:58 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-12-10 09:39 - 2014-09-22 00:38 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-12-10 09:39 - 2014-09-21 22:56 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-12-10 09:39 - 2014-09-17 18:24 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2014-12-10 09:39 - 2014-09-17 18:24 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmscan.dll
2014-12-10 09:39 - 2014-09-17 18:24 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm.dll
2014-12-10 09:39 - 2014-09-17 18:24 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adrclient.dll
2014-12-10 09:39 - 2014-09-17 17:57 - 01346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2014-12-10 09:39 - 2014-09-17 17:57 - 00652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
2014-12-10 09:39 - 2014-09-17 17:57 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm.dll
2014-12-10 09:39 - 2014-09-17 17:57 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\adrclient.dll
2014-12-10 09:38 - 2014-11-21 02:17 - 14364672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-10 09:38 - 2014-11-21 02:16 - 02861568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-10 09:38 - 2014-11-06 01:50 - 01627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-10 09:38 - 2014-11-06 00:03 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-08 22:56 - 2014-12-08 22:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-07 12:31 - 2014-12-17 14:10 - 00000000 ____D () C:\AdwCleaner
2014-12-07 12:31 - 2014-12-07 12:31 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-06 23:35 - 2014-12-06 23:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-06 23:30 - 2014-12-17 13:55 - 00096472 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-06 23:30 - 2014-12-17 13:55 - 00000000 ____D () C:\Users\NorMac\Desktop\mbar
2014-12-06 23:29 - 2014-12-06 23:29 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\NorMac\Downloads\rkill.exe
2014-12-06 23:28 - 2014-12-06 23:29 - 01707646 _____ (Thisisu) C:\Users\NorMac\Downloads\JRT (1).exe
2014-12-06 23:02 - 2014-12-06 23:02 - 00001069 _____ () C:\Users\NorMac\Documents\checkup.txt
2014-12-06 09:56 - 2014-12-06 09:56 - 00002008 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-12-06 09:34 - 2014-12-06 09:34 - 00003618 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8610
2014-12-06 09:33 - 2014-12-06 09:33 - 00002164 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8610.lnk
2014-12-06 09:33 - 2014-03-06 12:51 - 00763912 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM7112.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-04 09:04 - 2013-05-10 10:44 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-04 09:02 - 2013-05-01 19:34 - 00000000 ____D () C:\Users\NorMac\AppData\Local\CrashDumps
2015-01-04 09:00 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-04 08:32 - 2012-07-26 02:28 - 00852298 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-04 08:29 - 2013-02-28 12:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-01-03 23:28 - 2014-07-26 10:58 - 00000588 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-485173556-832918840-2370493585-1000.job
2015-01-03 22:34 - 2012-12-19 04:36 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-485173556-832918840-2370493585-1000
2015-01-03 22:32 - 2014-06-10 12:45 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-03 22:30 - 2013-05-10 10:44 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-03 22:29 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-02 09:03 - 2013-09-14 10:47 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\mjusbsp
2015-01-02 09:03 - 2013-09-14 10:39 - 00000985 _____ () C:\Users\NorMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2015-01-01 20:36 - 2012-12-19 04:11 - 00000000 ____D () C:\Users\NorMac
2015-01-01 20:28 - 2014-10-06 20:30 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-01-01 20:28 - 2014-10-06 20:21 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2015-01-01 20:28 - 2013-02-11 18:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-01 20:21 - 2013-08-07 19:49 - 00000000 ____D () C:\ProgramData\Apple
2015-01-01 13:22 - 2013-02-04 18:35 - 01111552 ___SH () C:\Users\NorMac\Downloads\Thumbs.db
2014-12-31 22:28 - 2013-04-28 12:58 - 00000000 ____D () C:\Users\NorMac\Desktop\4-X-13 TO DO FOLDER
2014-12-31 22:19 - 2013-01-14 19:42 - 00000000 ____D () C:\ProgramData\Western Digital
2014-12-31 22:13 - 2013-09-09 14:54 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\Audacity
2014-12-30 18:39 - 2012-12-20 01:00 - 02285056 ___SH () C:\Users\NorMac\Desktop\Thumbs.db
2014-12-30 18:26 - 2014-10-23 11:43 - 00000000 ____D () C:\Users\NorMac\Downloads\Ansonia-Milford JD Directions - CT Judicial Branch_files
2014-12-30 17:20 - 2012-11-09 13:01 - 00000000 ____D () C:\Users\NorMac\Documents\9-Sony IC recorder files
2014-12-28 20:15 - 2012-12-19 04:11 - 06815744 ___SH () C:\Users\NorMac\.ghost-ntfs-3g-00000000000000000013
2014-12-28 20:15 - 2012-07-26 00:26 - 95944704 _____ () C:\WINDOWS\system32\config\.ghost-ntfs-3g-00000000000000000001
2014-12-28 20:15 - 2012-07-26 00:26 - 34603008 _____ () C:\WINDOWS\system32\config\.ghost-ntfs-3g-00000000000000000003
2014-12-26 13:55 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-25 17:36 - 2014-10-14 16:30 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\vlc
2014-12-25 15:35 - 2013-07-10 15:32 - 00000884 __RSH () C:\Users\NorMac\ntuser.pol
2014-12-25 15:27 - 2012-07-26 03:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-12-25 15:27 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-25 15:27 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-25 15:27 - 2012-07-26 03:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-25 15:27 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-25 15:27 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-25 15:22 - 2012-12-20 00:30 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-24 16:34 - 2014-02-06 22:11 - 2011317248 _____ () C:\Users\NorMac\Documents\Outlook-12345.pst
2014-12-24 16:19 - 2014-07-26 10:58 - 00003592 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-485173556-832918840-2370493585-1000
2014-12-22 19:09 - 2014-11-10 18:51 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\EssentialPIM
2014-12-22 18:44 - 2013-06-07 12:20 - 00000000 ____D () C:\Users\NorMac\Desktop\Sutton Place Properties LLC
2014-12-21 20:46 - 2012-12-19 17:58 - 00000000 ____D () C:\Users\NorMac\AppData\Local\CutePDF Writer
2014-12-20 22:05 - 2012-12-20 00:42 - 00000000 ____D () C:\Users\NorMac\AppData\Local\HP
2014-12-20 15:15 - 2014-02-11 23:54 - 00000000 ____D () C:\Users\NorMac\AppData\Local\NETGEARGenie
2014-12-20 15:10 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-20 10:58 - 2014-06-10 12:45 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-20 10:57 - 2014-06-10 12:45 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-12-20 10:57 - 2014-06-10 12:45 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-20 10:57 - 2014-06-10 12:45 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2014-12-20 10:57 - 2014-06-10 12:45 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-12-20 10:57 - 2014-06-10 12:45 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-12-20 10:57 - 2014-06-10 12:45 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-20 10:57 - 2014-06-10 12:45 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-20 08:12 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-12-16 20:45 - 2012-12-27 18:49 - 00000000 ____D () C:\WINDOWS\Minidump
2014-12-16 00:56 - 2013-03-01 08:59 - 00030208 _____ () C:\Users\NorMac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-14 14:33 - 2012-12-19 18:06 - 00000000 ____D () C:\Users\NorMac\AppData\Local\Adobe
2014-12-14 10:28 - 2013-02-06 17:44 - 00545792 ___SH () C:\Users\NorMac\Documents\Thumbs.db
2014-12-12 23:14 - 2013-05-10 10:45 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 08:45 - 2012-12-19 04:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-09 08:36 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-12-07 17:18 - 2014-12-02 21:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-12-07 12:50 - 2013-11-20 00:13 - 00001083 _____ () C:\Users\NorMac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-12-06 23:35 - 2014-04-08 17:40 - 00135384 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-06 09:56 - 2012-12-20 00:49 - 00000000 ____D () C:\ProgramData\HP
2014-12-06 09:56 - 2012-12-20 00:49 - 00000000 ____D () C:\Program Files (x86)\HP
2014-12-06 09:40 - 2012-12-20 00:50 - 00000000 ____D () C:\Users\NorMac\AppData\Roaming\HpUpdate
2014-12-06 09:35 - 2014-09-25 12:03 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-12-06 09:34 - 2012-12-20 00:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-06 09:30 - 2012-12-20 00:49 - 00000000 ____D () C:\Program Files\HP

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-03 03:01

==================== End Of Log ============================

//////////////// (2) ADDITION.TXT REPORT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-01-2015 03
Ran by NorMac at 2015-01-04 09:11:36
Running from C:\Users\NorMac\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
6400_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
8GadgetPack (HKLM-x32\...\{DE18940E-5986-480A-8518-7327D14756D3}) (Version: 6.0.0 - Helmut Buhler)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Ask Toolbar (HKLM-x32\...\{41525333-0076-A76A-76A7-A758B70B0A00}) (Version: 11.10.0.748 - Ask Partner Network) <==== ATTENTION
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.3.3.535 - Online Media Technologies Ltd.)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{C57F6C71-C365-4AFF-9108-397BBAD6127F}) (Version: 1.0.204 - Citrix)
Cradle of Rome (HKLM-x32\...\exent_554750) (Version: - )
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Digital Voice Editor 3 (HKLM-x32\...\{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}) (Version: 3.3.01.11240 - Sony Corporation)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.2.533 - j2 Global)
EPIM-Outlook Sync (HKLM-x32\...\EPIM-Outlook Sync) (Version: 6.0 - Astonsoft Ltd)
EssentialPIM (HKLM-x32\...\EssentialPIM) (Version: 6.02 - Astonsoft Ltd)
EssentialPIM Pro (HKLM-x32\...\EssentialPIM Pro) (Version: 6.03 - Astonsoft Ltd)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GoToMeeting 7.0.5.2130 (HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\GoToMeeting) (Version: 7.0.5.2130 - CitrixOnline)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Heroes of Hellas (HKLM-x32\...\exent_532150) (Version: - )
HMA! Pro VPN 2.8.1.10 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.8.1.10 - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP OfficeJet J6400 14.0 Rel. 6 (HKLM\...\{4B4B81D9-3C2C-4388-A281-40F3299B911E}) (Version: 14.0 - HP)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{DAE3B13B-5097-4EAE-BC26-C463377BD80E}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
J6400 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
magicJack (HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 1.0.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 en-US)) (Version: 31.3.0 - Mozilla)
mPlayer version 1.0 (HKLM-x32\...\{B482E758-D602-434C-80B9-DDEFEEAE4BCA}_is1) (Version: 1.0 - Download Freely, LLC)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG)
Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.16 - NETGEAR Inc.)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{710F7B0F-A679-4314-8E69-E868B660FAEA}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4001.703 - Intuit Inc.)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.20 - Stardock Software, Inc.)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1010 - SUPERAntiSpyware.com)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TaxACT 2006 (HKLM-x32\...\TaxACT 2006) (Version: - 2nd Story Software, Inc.)
TaxACT 2007 (HKLM-x32\...\TaxACT 2007) (Version: - 2nd Story Software, Inc.)
TaxACT 2008 (HKLM-x32\...\TaxACT 2008) (Version: - 2nd Story Software, Inc.)
TaxACT 2010 (HKLM-x32\...\TaxACT 2010) (Version: - 2nd Story Software, Inc.)
TaxACT 2010 New York (HKLM-x32\...\TaxACT 2010 New York) (Version: - 2nd Story Software, Inc.)
TaxACT 2012 - 1040 Edition (HKLM-x32\...\TaxACT 2012 - 1040 Edition) (Version: - 2nd Story Software, Inc.)
TaxACT 2012 - 1120 Edition (HKLM-x32\...\TaxACT 2012 - 1120 Edition) (Version: - 2nd Story Software, Inc.)
TaxACT 2012 New York - 1120 Edition (HKLM-x32\...\TaxACT 2012 New York - 1120 Edition) (Version: - 2nd Story Software, Inc.)
TaxACT 2012 New York (HKLM-x32\...\TaxACT 2012 New York) (Version: - 2nd Story Software, Inc.)
TaxACT 2013 - 1040 Edition (HKLM-x32\...\TaxACT 2013 - 1040 Edition) (Version: - TaxACT, Inc.)
TaxACT 2013 - 1120 Edition (HKLM-x32\...\TaxACT 2013 - 1120 Edition) (Version: - TaxACT, Inc.)
TaxACT 2013 New York - 1120 Edition (HKLM-x32\...\TaxACT 2013 New York - 1120 Edition) (Version: - TaxACT, Inc.)
TaxACT 2013 New York (HKLM-x32\...\TaxACT 2013 New York) (Version: - TaxACT, Inc.)
Time Riddles: The Mansion (HKLM-x32\...\exent_683150) (Version: - )
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc)
TurboTax Business 2010 (HKLM-x32\...\TurboTax Business 2010) (Version: - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
WD SmartWare (HKLM\...\{9798BB87-01B9-4D46-8EA0-6681E72BDE87}) (Version: 1.6.5.2 - Western Digital Technologies, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip Courier (HKLM-x32\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325BC}) (Version: 4.5.10424 - WinZip Computing, S.L. )
Wondershare DVD Creator(Build 2.6.5) (HKLM-x32\...\Wondershare DVD Creator_is1) (Version: - Wondershare)
XMind 2012 (v3.3.1) (HKLM-x32\...\XMind_is1) (Version: 3.3.1.201212250029 - XMind Ltd.)
Your Software Deals 1.0.0 (HKLM-x32\...\Your Software Deals_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG)
Youtube Downloader HD v. 2.9.9.14 (HKLM-x32\...\Youtube Downloader HD_is1) (Version: - YoutubeDownloaderHD.com)
Zimbra Desktop (HKLM-x32\...\{B88E669F-9435-4677-A308-2D2690301754}) (Version: 7.2.5.12038 - Zimbra)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{083f5ae0-2b0a-11dd-bd0b-0800200c9a66}\InprocServer32 -> C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\NorMac\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)
CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files (x86)\WinZip Courier\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\NorMac\AppData\Local\Citrix\GoToMeeting\1440\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{943F19B2-32F9-4373-8D4C-DBE62B95F2CF}\InprocServer32 -> C:\Program Files (x86)\WinZip Courier\adxloader64.dll ()
CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NorMac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NorMac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NorMac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-485173556-832918840-2370493585-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\NorMac\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 00:26 - 2014-10-30 09:38 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F8B3B22-4EA7-489F-8045-C48E18D91FA6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {1983858A-6EB9-4995-A988-409BF0C1868B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-20] (AVAST Software)
Task: {2769D9A0-4920-4AD7-9487-C5D5B4847B0A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {48802F80-ED7F-430C-8645-3D1C31C0C1D1} - System32\Tasks\Open Chrome => Chrome.exe --new-window http://toolbar.avg.com/almost-done?pid=safeguard&amp;lang=en
Task: {5A6D7855-2CB0-44BD-88B3-1032F9F78CB9} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-485173556-832918840-2370493585-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {5DF0BDA0-D387-4B0B-AC1E-2A7A9F53C912} - System32\Tasks\G2MUpdateTask-S-1-5-21-485173556-832918840-2370493585-1000 => C:\Users\NorMac\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe [2014-12-24] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {606FCEDA-6C92-4E27-9427-ED08F354ED58} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-485173556-832918840-2370493585-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {60DCDFEB-EDCB-4A6C-BF6D-E1CA8016626A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {6FFB3B73-4E27-4117-9EA3-C2FC754F573B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {7E5D0F91-D775-4A0A-83B3-5F3D2FA6F788} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
Task: {8F297ACA-A8AE-4D92-AF56-46D73B58F602} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-485173556-832918840-2370493585-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {907BBD30-74CB-40E6-AA8F-AD8005FB2A5A} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-485173556-832918840-2370493585-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
Task: {AD9B9AED-42BA-4E4C-8632-14F0FE33165F} - System32\Tasks\{4851C7F9-7E33-46BC-8896-C0A9DCBDA153} => pcalua.exe -a C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe -c /Uninstall /{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} /su=3c3d33e7d8853371 /um
Task: {AE7F524C-65FC-4D54-93A4-045E7D9F1F3A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {C203381B-56CD-4040-A1DE-B48855B365C5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-485173556-832918840-2370493585-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {CBB23B04-EB3C-4940-BF29-43281C27A1D1} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-03-06] (Hewlett-Packard Co.)
Task: {CD6CF9B9-297B-4922-8B33-DE74C19328CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-10] (Google Inc.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-485173556-832918840-2370493585-1000.job => C:\Users\NorMac\AppData\Local\Citrix\GoToMeeting\2130\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Open Chrome.job => c:\program files (x86)\Google\Chrome\Application\chrome.exe

==================== Loaded Modules (whitelisted) =============

2012-12-19 17:57 - 2012-10-04 22:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2013-08-14 14:19 - 2013-08-14 14:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-03-09 10:41 - 2011-03-09 10:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2011-03-09 10:41 - 2011-03-09 10:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2013-07-13 17:02 - 2013-01-12 13:33 - 00012520 _____ () C:\Users\NorMac\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\CoreTempReader.dll
2013-07-13 17:02 - 2013-01-12 13:33 - 00015080 _____ () C:\Users\NorMac\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\GetCoreTempInfoNET.dll
2013-07-13 17:02 - 2013-01-12 13:33 - 00014056 _____ () C:\Users\NorMac\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter.gadget\SystemInfo.dll
2013-11-14 08:12 - 2013-11-14 08:12 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2015-01-03 12:07 - 2015-01-03 12:07 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010301\algo.dll
2015-01-04 08:44 - 2015-01-04 08:44 - 02909696 _____ () C:\Program Files\AVAST Software\Avast\defs\15010400\algo.dll
2014-06-06 11:56 - 2014-04-25 13:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-06 11:56 - 2014-04-25 13:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-06 11:56 - 2014-04-25 13:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-06 11:56 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-06 11:56 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-03-05 08:24 - 2010-03-05 08:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2013-12-06 03:04 - 2013-12-06 03:04 - 00465920 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2013-12-05 06:36 - 2013-12-05 06:36 - 01547776 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2013-11-10 20:59 - 2013-11-10 20:59 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2013-12-05 06:37 - 2013-12-05 06:37 - 00631808 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2013-12-06 00:55 - 2013-12-06 00:55 - 04956160 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2013-11-13 04:05 - 2013-11-13 04:05 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2013-11-10 20:58 - 2013-11-10 20:58 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2013-11-10 21:09 - 2013-11-10 21:09 - 01174528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2013-12-05 06:31 - 2013-12-05 06:31 - 08558592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2013-12-05 06:34 - 2013-12-05 06:34 - 01270272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2013-11-10 20:59 - 2013-11-10 20:59 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2013-12-06 02:57 - 2013-12-06 02:57 - 00199680 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2013-12-05 06:43 - 2013-12-05 06:43 - 00884736 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2013-11-10 21:21 - 2013-11-10 21:21 - 00427520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-11-10 20:58 - 2013-11-10 20:58 - 00078848 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00140288 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00074752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2013-12-05 06:43 - 2013-12-05 06:43 - 00641536 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2013-11-10 21:24 - 2013-11-10 21:24 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2013-11-10 21:23 - 2013-11-10 21:23 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2013-11-10 20:56 - 2013-11-10 20:56 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-12-20 10:57 - 2014-12-20 10:57 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-02-13 19:55 - 2013-02-13 19:55 - 00755712 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
2013-02-13 19:55 - 2013-02-13 19:55 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2013-02-13 14:10 - 2013-02-13 14:10 - 00854016 _____ () C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2013-02-13 14:10 - 2013-02-13 14:10 - 00471040 _____ () C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2012-11-29 16:59 - 2012-11-29 16:59 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-12-12 23:14 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 23:14 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 23:14 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 23:14 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 23:14 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\NorMac\AppData\Roaming\Tab Separated Values (Windows).EML:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MZA => ""="service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "WDDMStatus.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "TkBellExe"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "WD Quick View"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "LTCM Client"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\StartupApproved\StartupFolder: => "eFax 4.4.lnk"
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\StartupApproved\StartupFolder: => "HMA Pro VPN 2.0.lnk"
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\StartupApproved\Run: => "eFax 4.4"
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-485173556-832918840-2370493585-1000\...\StartupApproved\Run: => "EssentialPIM"

========================= Accounts: ==========================

Administrator (S-1-5-21-485173556-832918840-2370493585-500 - Administrator - Disabled)
Guest (S-1-5-21-485173556-832918840-2370493585-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-485173556-832918840-2370493585-1002 - Limited - Enabled)
NorMac (S-1-5-21-485173556-832918840-2370493585-1000 - Administrator - Enabled) => C:\Users\NorMac

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2015 09:13:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50ecdcd3
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061233
Faulting process id: 0x2ec4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/04/2015 09:02:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010a55f
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x3928
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/04/2015 08:56:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010a55f
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x3594
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/04/2015 08:47:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x505a96c3
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x654
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/04/2015 08:45:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x0005811c
Faulting process id: 0x3238
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/04/2015 08:40:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x261c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/04/2015 08:39:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010888a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x380c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/04/2015 08:38:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109188
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x3788
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/04/2015 08:30:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x50109de9
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x40
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5

Error: (01/04/2015 08:29:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.17183, time stamp: 0x5010a64a
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505aaa82
Exception code: 0xc0000005
Fault offset: 0x00061206
Faulting process id: 0x2970
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
Faulting package full name: iexplore.exe4
Faulting package-relative application ID: iexplore.exe5


System errors:
=============
Error: (01/03/2015 11:34:16 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/03/2015 11:11:03 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/03/2015 11:04:52 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/03/2015 11:04:20 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/03/2015 11:03:48 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/03/2015 11:03:13 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/03/2015 11:02:40 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/03/2015 11:02:07 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/03/2015 11:01:34 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/03/2015 11:01:02 PM) (Source: DCOM) (EventID: 10010) (User: LEVIATHON)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}


Microsoft Office Sessions:
=========================
Error: (12/31/2014 10:13:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9915 seconds with 540 seconds of active time. This session ended with a crash.

Error: (12/19/2014 00:19:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 68031 seconds with 2220 seconds of active time. This session ended with a crash.

Error: (11/11/2014 00:17:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 766754 seconds with 9660 seconds of active time. This session ended with a crash.

Error: (10/30/2014 08:57:42 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 232690 seconds with 11580 seconds of active time. This session ended with a crash.

Error: (08/06/2014 09:20:19 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 43925 seconds with 1920 seconds of active time. This session ended with a crash.

Error: (07/31/2014 01:50:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1115 seconds with 420 seconds of active time. This session ended with a crash.

Error: (07/25/2014 01:35:22 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 277794 seconds with 7680 seconds of active time. This session ended with a crash.

Error: (07/22/2014 08:25:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 87246 seconds with 660 seconds of active time. This session ended with a crash.

Error: (07/16/2014 10:16:04 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 27085 seconds with 1980 seconds of active time. This session ended with a crash.

Error: (07/16/2014 02:05:38 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 529236 seconds with 21420 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2014-10-30 10:34:04.886
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 71%
Total physical RAM: 6071.11 MB
Available physical RAM: 1744.52 MB
Total Pagefile: 9527.11 MB
Available Pagefile: 3781.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:917.74 GB) (Free:5.05 GB) NTFS
Drive f: (PHONE) (Removable) (Total:0.02 GB) (Free:0.02 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7EDF2454)
Partition 1: (Not Active) - (Size=13.7 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=917.7 GB) - (Type=07 NTFS)
Could not read MBR for disk 3.

==================== End Of Log ============================
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top