Jump to content

cozahost.exe and other zoomify files


Recommended Posts

I have done a LOT to remove these files from my computer but they continue to stay on my C drive. I am currently running HouseCall program to scan my computer and it has found 2 threats at 54% scan.

 

At first, the programs forcibly ran in the background and it controlled all my web browsers and did annoying ad pop ups that not even AdblockerPro web extension could stop. Then I research into it more and it says it can be a Trojan???? What in the world! 

 

I have learned that you cannot delete a program that is running from the task manager, but these programs are not running anymore. I do not know if I should attempt to delete these now or not. 

 

Malwarebytes was then installed shortly after I found that out, and it found 4 instances of Trojan.dnschanger in my registry data. It would "remove them" and then reboot, then when I scan again with MBAM it would find the same 4 files. 

 

I am staring at these files in my file explorer (them being cozahost.exe, coza32host.exe, coza64host.exe, and zoomify DLL files)  and I do not know if I should just remove them right now or wait for HouseCall to finish. 

 

 

Link to post
Share on other sites

  • Replies 133
  • Created
  • Last Reply

Top Posters In This Topic

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2015

Ran by Patrick (administrator) on PATRICK-PC on 04-01-2015 18:44:47

Running from C:\Users\Patrick\Downloads

Loaded Profile: Patrick (Available profiles: Patrick & Administrator)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe

() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe

(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Microsoft Corporation) C:\Windows\System32\alg.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe

() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE

() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe

(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Trend Micro Inc.) C:\Users\Patrick\AppData\Local\Temp\HouseCall32\housecall.bin

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(Symantec Corporation) C:\Users\Patrick\Downloads\NPE (1).exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coNatHst.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\nacl64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)

HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)

HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)

HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-01-16] (Alcor Micro Corp.)

HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)

HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [indexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [iJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)

HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [239488 2011-04-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\Run: [Google Update] => C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-22] (Google Inc.)

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\MountPoints2: {15b0515f-3c9e-11e3-be86-606c66a7ef85} - "D:\LG_PC_Programs.exe" 

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\MountPoints2: {37c0fa81-cda8-11e3-be9d-606c66a7ef85} - "D:\LGAutoRun.exe" 

Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 

HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll (CANON INC.)

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll (CANON INC.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 168.28.176.11 168.28.176.253 198.72.72.10

 

FireFox:

========

FF ProfilePath: C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\j6jtmv08.default

FF DefaultSearchEngine: Google

FF SearchEngineOrder.3: Bing 

FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1214154.dll (Adobe Systems, Inc.)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-2150100393-3706727894-453651403-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File

FF Plugin HKU\S-1-5-21-2150100393-3706727894-453651403-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Patrick\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKU\S-1-5-21-2150100393-3706727894-453651403-1001: @talk.google.com/O1DPlugin -> C:\Users\Patrick\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKU\S-1-5-21-2150100393-3706727894-453651403-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Patrick\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-2150100393-3706727894-453651403-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Patrick\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-2150100393-3706727894-453651403-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Patrick\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKU\S-1-5-21-2150100393-3706727894-453651403-1001: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Patrick\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\Patrick\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

FF Extension: Adblock Plus Pop-up Addon - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\j6jtmv08.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-10-05]

FF Extension: Adblock Plus - C:\Users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\j6jtmv08.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-28]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-12-09]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-04]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

 

Chrome: 

=======

CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-04]

CHR Extension: (Google Docs) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-04]

CHR Extension: (Google Drive) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-27]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-06]

CHR Extension: (YouTube) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-04]

CHR Extension: (Google Search) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-04]

CHR Extension: (Google Sheets) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-04]

CHR Extension: (Norton Identity Safe) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-01-04]

CHR Extension: (Skype Click to Call) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-01-04]

CHR Extension: (Norton Security Toolbar) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-01-04]

CHR Extension: (Google Wallet) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-28]

CHR Extension: (Gmail) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-04]

CHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Profile 1

CHR Extension: (Google Slides) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-03]

CHR Extension: (Google Docs) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-03]

CHR Extension: (Google Drive) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-03]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-03]

CHR Extension: (YouTube) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-03]

CHR Extension: (Google Search) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-03]

CHR Extension: (Google Sheets) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-03]

CHR Extension: (Norton Security Toolbar) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-01-03]

CHR Extension: (Google Wallet) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-03]

CHR Extension: (Gmail) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-03]

CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-16]

CHR HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - No Path

CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-16]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-03-27] (Nuance Communications, Inc.)

R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()

R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()

R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)

R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)

S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)

R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-11-17] (Symantec Corporation)

R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)

R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2014-04-11] ()

R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-08-16] (IDT, Inc.) [File not signed]

S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)

S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141203.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [131584 2013-08-22] (Microsoft Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150102.001\IDSvia64.sys [637656 2014-11-17] (Symantec Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-04] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

S3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [115272 2012-03-25] (MotioninJoy) [File not signed]

R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150104.002\ENG64.SYS [129752 2014-10-26] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150104.002\EX64.SYS [2137304 2014-10-26] (Symantec Corporation)

R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)

R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)

S0 SymELAM; C:\Windows\System32\drivers\N360x64\1506000.020\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-03] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)

R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [33168 2013-11-01] (Windows ® Win 7 DDK provider)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-03] ()

R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [48024 2013-01-28] (Windows ® Win 7 DDK provider)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

S3 WUDFWpdComp; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)

R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [194456 2013-01-28] (Windows ® Win 7 DDK provider)

S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-04 18:44 - 2015-01-04 18:44 - 02123776 _____ (Farbar) C:\Users\Patrick\Downloads\frst64.exe

2015-01-04 18:44 - 2015-01-04 18:44 - 00033147 _____ () C:\Users\Patrick\Downloads\FRST.txt

2015-01-04 18:44 - 2015-01-04 18:44 - 00000000 ____D () C:\FRST

2015-01-04 17:18 - 2015-01-04 18:45 - 00108216 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR430.SYS

2015-01-04 17:15 - 2015-01-04 17:15 - 03060320 ____N (Symantec Corporation) C:\Users\Patrick\Downloads\NPE (1).exe

2015-01-04 10:31 - 2015-01-04 10:31 - 00152276 _____ () C:\Users\Patrick\AppData\Local\census.cache

2015-01-04 10:31 - 2015-01-04 10:31 - 00090740 _____ () C:\Users\Patrick\AppData\Local\ars.cache

2015-01-04 10:20 - 2015-01-04 10:20 - 00000010 _____ () C:\Users\Patrick\AppData\Local\sponge.last.runtime.cache

2015-01-04 10:19 - 2015-01-04 10:19 - 00002321 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-01-04 10:19 - 2015-01-04 10:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-04 10:17 - 2015-01-04 18:22 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-01-04 10:17 - 2015-01-04 10:22 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-04 10:17 - 2015-01-04 10:17 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2015-01-04 10:17 - 2015-01-04 10:17 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2015-01-04 10:14 - 2015-01-04 10:14 - 00000036 _____ () C:\Users\Patrick\AppData\Local\housecall.guid.cache

2015-01-03 19:22 - 2015-01-03 19:22 - 00000000 ____D () C:\_OTL

2015-01-03 18:14 - 2015-01-03 18:14 - 00000469 _____ () C:\DelFix.txt

2015-01-03 17:50 - 2015-01-03 19:00 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2015-01-03 17:50 - 2015-01-03 17:50 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-03 15:51 - 2015-01-03 15:51 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk

2015-01-03 15:51 - 2015-01-03 15:51 - 00002507 _____ () C:\Users\Public\Desktop\Safari.lnk

2015-01-03 15:50 - 2015-01-03 20:04 - 00000000 ____D () C:\Program Files (x86)\Safari

2015-01-03 15:46 - 2015-01-03 15:47 - 38494576 _____ (Apple Inc.) C:\Users\Patrick\Downloads\SafariSetup.exe

2015-01-03 14:48 - 2015-01-04 18:44 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-01-03 14:47 - 2015-01-04 18:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-03 14:47 - 2015-01-03 14:47 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Patrick\Downloads\mbam-setup-2.0.4.1028.exe

2015-01-03 14:47 - 2015-01-03 14:47 - 00001160 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-03 14:47 - 2015-01-03 14:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-03 14:47 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-01-03 14:47 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-01-03 14:47 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-01-03 14:44 - 2015-01-03 14:44 - 01277652 _____ () C:\WINDOWS\shost.bin

2015-01-03 13:59 - 2015-01-03 13:59 - 00000000 ____D () C:\Users\Patrick\Doctor Web

2015-01-03 13:30 - 2015-01-03 14:19 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

2015-01-03 12:35 - 2015-01-03 12:35 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2015-01-02 15:25 - 2015-01-02 15:25 - 00000000 ____D () C:\Users\Patrick\Desktop\Modern Database Management - 10th Edition

2015-01-02 15:23 - 2015-01-03 19:51 - 00000000 ____D () C:\Program Files\WinRAR

2015-01-02 15:23 - 2015-01-02 15:23 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\WinRAR

2015-01-02 14:43 - 2015-01-02 14:43 - 00000000 ____D () C:\ProgramData\makulitsidwe

2015-01-02 14:42 - 2015-01-02 14:42 - 00000000 ____D () C:\Users\Patrick\Documents\ProPCCleaner

2015-01-02 14:42 - 2015-01-02 14:42 - 00000000 ____D () C:\Users\Patrick\AppData\Local\Rainmaker_Software_Group_

2015-01-02 14:41 - 2015-01-02 14:41 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Rainmaker Software Group LLC.​

2015-01-02 13:47 - 2015-01-02 14:06 - 00000000 ____D () C:\Users\Patrick\Desktop\Discrete Mathematics with Applications[Team Nanban][TPB]

2015-01-02 13:16 - 2015-01-02 13:47 - 05968872 ____R () C:\Users\Patrick\Downloads\Modern Database Management - 10th Edition.rar

2015-01-02 13:10 - 2015-01-03 14:53 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\uTorrent

2014-12-20 18:01 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

2014-12-20 18:01 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe

2014-12-11 21:17 - 2014-12-11 21:17 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf

2014-12-11 13:53 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-12-11 13:53 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-11 13:43 - 2014-12-11 13:43 - 00000000 ____D () C:\WINDOWS\system32\appraiser

2014-12-10 12:55 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll

2014-12-10 12:55 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll

2014-12-10 11:33 - 2014-12-03 18:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-12-10 11:33 - 2014-12-03 18:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2014-12-10 11:33 - 2014-12-02 18:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-12-10 11:33 - 2014-12-02 18:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2014-12-10 11:33 - 2014-12-02 18:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2014-12-10 11:33 - 2014-12-02 18:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2014-12-10 11:33 - 2014-12-02 18:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2014-12-10 11:33 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll

2014-12-10 11:33 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll

2014-12-10 11:33 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2014-12-10 11:33 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2014-12-10 11:33 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2014-12-10 11:33 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2014-12-10 11:32 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-12-10 11:32 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-12-10 11:32 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-12-10 11:32 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-12-10 11:32 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2014-12-10 11:32 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2014-12-10 11:32 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

2014-12-10 11:32 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys

2014-12-10 11:31 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-12-10 11:31 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-12-10 11:31 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec

2014-12-10 11:31 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-12-10 11:31 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2014-12-10 11:31 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-12-10 11:31 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-12-10 11:31 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-12-10 11:31 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec

2014-12-10 11:31 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2014-12-10 11:31 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-12-10 11:31 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-12-10 11:31 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-12-10 11:31 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2014-12-10 11:31 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2014-12-10 11:31 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2014-12-10 11:31 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-12-10 11:31 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-12-10 11:31 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-12-10 11:31 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-12-10 11:31 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-12-10 11:31 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2014-12-10 11:31 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-12-10 11:31 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-12-10 11:31 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2014-12-10 11:31 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-12-10 11:31 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2014-12-10 11:31 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-12-10 11:31 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-12-10 11:31 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-12-10 11:31 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-12-10 11:31 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-12-10 11:31 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-12-10 11:31 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-12-10 11:31 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-12-09 20:53 - 2015-01-03 17:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-12-07 23:10 - 2014-12-07 23:10 - 00000000 ____D () C:\Users\Patrick\Tracing

2014-12-07 23:05 - 2015-01-03 19:50 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-12-07 23:05 - 2015-01-03 19:50 - 00000000 ____D () C:\ProgramData\Skype

2014-12-07 23:05 - 2014-12-11 13:34 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Skype

2014-12-07 23:05 - 2014-12-07 23:05 - 00000000 ____D () C:\Users\Patrick\AppData\Local\Skype

2014-12-07 23:02 - 2014-12-07 23:02 - 44841568 _____ (Skype Technologies S.A.) C:\Users\Patrick\Downloads\SkypeSetupFull.exe

2014-12-07 22:09 - 2014-12-07 22:09 - 10801980 _____ () C:\Users\Patrick\Downloads\195255314.m4a

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-04 18:38 - 2013-11-07 16:39 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0C082060-EFC5-4CA5-BC92-3859A400486D}

2015-01-04 18:31 - 2013-08-19 20:26 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2015-01-04 18:24 - 2013-11-05 21:45 - 01994466 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-04 18:06 - 2013-07-30 16:36 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2150100393-3706727894-453651403-1001

2015-01-04 18:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-04 17:48 - 2013-11-22 20:06 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2150100393-3706727894-453651403-1001UA.job

2015-01-04 17:18 - 2014-07-10 09:18 - 00000000 ____D () C:\Users\Patrick\AppData\Local\NPE

2015-01-04 16:58 - 2013-09-03 10:22 - 00007628 _____ () C:\Users\Patrick\AppData\Local\Resmon.ResmonCfg

2015-01-04 10:18 - 2013-07-30 16:38 - 00000000 ____D () C:\Program Files (x86)\Google

2015-01-04 10:11 - 2013-09-08 14:51 - 00000441 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics

2015-01-04 06:16 - 2013-11-05 23:45 - 00000000 ___DO () C:\Users\Patrick\SkyDrive

2015-01-04 06:15 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-01-04 06:14 - 2013-08-22 08:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI

2015-01-04 02:56 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp

2015-01-03 20:37 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-01-03 20:18 - 2014-10-19 19:19 - 00000000 ____D () C:\Users\Patrick\Desktop\JUDAISM

2015-01-03 19:51 - 2014-08-22 16:06 - 00000000 ____D () C:\Users\Patrick\jagexcache

2015-01-03 19:50 - 2013-08-09 11:52 - 00000000 ____D () C:\Users\Patrick\AppData\Local\CrashDumps

2015-01-03 18:17 - 2013-09-29 22:55 - 00436932 _____ () C:\WINDOWS\PFRO.log

2015-01-03 17:42 - 2013-07-30 16:28 - 00000000 ____D () C:\Users\Patrick\AppData\Local\VirtualStore

2015-01-03 16:31 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions

2015-01-03 15:55 - 2013-07-30 18:38 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Apple Computer

2015-01-03 15:51 - 2013-07-30 18:38 - 00000000 ____D () C:\Users\Patrick\AppData\Local\Apple Computer

2015-01-03 15:34 - 2013-09-29 23:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2015-01-03 15:28 - 2013-09-29 22:51 - 00000000 ____D () C:\WINDOWS\ShellNew

2015-01-03 15:27 - 2013-11-05 21:22 - 00000000 ____D () C:\Users\Patrick

2015-01-03 15:27 - 2013-08-19 10:50 - 00000000 ____D () C:\Users\Patrick\AppData\Local\CRE

2015-01-03 14:47 - 2014-03-21 13:06 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-03 14:24 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP

2015-01-03 12:36 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM

2015-01-03 12:30 - 2013-04-29 02:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2015-01-03 12:01 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-01-02 14:15 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-12-31 18:15 - 2013-05-27 02:28 - 00000000 ____D () C:\Program Files (x86)\PC Checkup

2014-12-29 13:23 - 2013-08-17 18:48 - 00000000 ____D () C:\Users\Patrick\AppData\Local\Warframe

2014-12-29 12:38 - 2014-04-16 09:18 - 00000000 ____D () C:\Users\Patrick\Desktop\IMPORTANT

2014-12-11 21:17 - 2013-08-22 09:46 - 00323860 _____ () C:\WINDOWS\setupact.log

2014-12-11 18:48 - 2013-04-29 02:22 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-12-11 13:43 - 2014-07-09 09:15 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-12-11 13:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS

2014-12-11 13:43 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS

2014-12-11 13:42 - 2013-07-30 17:25 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2014-12-11 13:42 - 2013-07-30 17:19 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-12-10 13:32 - 2013-08-11 09:53 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-12-10 13:23 - 2013-08-01 11:21 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-12-09 20:31 - 2013-08-19 20:26 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2014-12-08 01:48 - 2013-11-22 20:06 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2150100393-3706727894-453651403-1001Core.job

2014-12-07 23:02 - 2013-07-30 16:28 - 00000000 ____D () C:\Users\Patrick\AppData\Local\Packages

 

Files to move or delete:

====================

C:\Users\Patrick\fastboot.exe

C:\Users\Patrick\jagex_cl_runescape_LIVE.dat

C:\Users\Patrick\random.dat

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-04 10:48

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-01-2015

Ran by Patrick at 2015-01-04 18:48:18

Running from C:\Users\Patrick\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

1953 - KGB Unleashed (HKLM-x32\...\Steam App 248490) (Version:  - )

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.4.154 - Adobe Systems, Inc.)

Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.4.1245.72462 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 4.4.1245.72462 - Alcor Micro Corp.) Hidden

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)

Brother MFL-Pro Suite DCP-J140W (HKLM-x32\...\{2FF959E3-FFE4-46C4-96DA-03F26BCFEFCC}) (Version: 1.1.5.0 - Brother Industries, Ltd.)

Cannon Fodder 3 (HKLM-x32\...\Steam App 209750) (Version:  - Burut CT)

Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.0.0 - Canon Inc.)

Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)

Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)

Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)

Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)

Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)

Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version:  - Canon Inc.‎)

Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.1.2 - Canon Inc.)

Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.1 - Canon Inc.)

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dark Sector (HKLM-x32\...\Steam App 29900) (Version:  - Digital Extremes)

Dragon Assistant Application en-US version 1.5.4 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.4 - Nuance Communications, Inc.)

Dragon Assistant Core Recognition Service version 1.1.8 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.8 - Nuance Communications, Inc.)

Dragon Assistant Language Data en-US version 1.1.1 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.1 - Nuance Communications, Inc.)

Dragon Assistant version 1.5.4 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.4 - Nuance Communications, Inc.)

DTS Studio Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)

Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden

EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version:  - SEIKO EPSON Corporation)

Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)

Gephi 0.8.2 (HKLM-x32\...\{51722911-C391-4118-97BF-B50100D2AB15}_is1) (Version:  - Gephi)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)

Google Talk Plugin (HKLM-x32\...\{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}) (Version: 5.38.6.0 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

GTR Evolution (HKLM-x32\...\Steam App 8660) (Version:  - SimBin)

Guardians of Graxia (HKLM-x32\...\Steam App 90500) (Version:  - Petroglyph)

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

IDT Audio Driver (HKLM\...\{588A747E-CFF6-46B3-9207-CD754F9473AF}) (Version: 6.10.6491.0 - IDT)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)

Intel® WiDi (HKLM\...\{62E7C369-64FF-452C-8F46-6BE9B77FF097}) (Version: 4.0.18.0 - Intel Corporation)

Intel® PROSet/Wireless Software (HKLM-x32\...\{fad118b4-798f-4755-9e67-a622eec95b62}) (Version: 15.6.1 - Intel Corporation)

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)

Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)

Java SE Development Kit 7 Update 51 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)

jGRASP (HKLM-x32\...\jGRASP) (Version: 2.0.0_11 - )

King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden

League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)

League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden

Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)

LG United Mobile Drivers (HKLM-x32\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)

Mabinogi (HKLM-x32\...\Steam App 212200) (Version:  - NEXON Korea Corp.)

Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Project Professional 2013 (HKLM\...\Office15.PRJPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

MotioninJoy Gamepad tool 0.7.0000 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.0000 - www.motioninjoy.com)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

NetBeans IDE 7.3.1 (HKLM\...\nbi-nb-base-7.3.1.0.201306052037) (Version: 7.3.1 - NetBeans.org)

Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )

Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)

Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)

Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden

Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.5.38.0 - Symantec Corporation)

Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)

Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.)

Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)

NVIDIA PhysX v8.04.25 (HKLM-x32\...\{74224F8D-4A17-4816-9EDB-7BB854DE532C}) (Version: 8.04.25 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)

Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)

PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)

Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

RACE 07 - Formula RaceRoom Add-On (HKLM-x32\...\Steam App 44630) (Version:  - )

RACE 07 (HKLM-x32\...\Steam App 8600) (Version:  - SimBin)

Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)

Scansoft PDF Professional (x32 Version:  - ) Hidden

Septerra Core (HKLM-x32\...\Steam App 253940) (Version:  - )

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-003B-0000-1000-0000000FF1CE}_Office15.PRJPROR_{6E5C415F-1388-4BA6-B926-C19318BE6075}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0051-0000-1000-0000000FF1CE}_Office15.VISPROR_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version:  - Valve)

Space Pirates and Zombies (HKLM-x32\...\Steam App 107200) (Version:  - MinMax Games Ltd.)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)

Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)

TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)

TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)

Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)

TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.02.01.6407 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)

TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)

TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.0002.64002 - Toshiba Corporation)

TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.341 - Toshiba Corporation)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.8.0 - Toshiba Corporation)

TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)

Toshiba Start (HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)

TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)

TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102  - Toshiba Corporation)

TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)

Unity Web Player (HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)

Vindictus (HKLM-x32\...\Steam App 212160) (Version:  - Nexon)

Warframe (HKLM-x32\...\Steam App 230410) (Version:  - Digital Extremes)

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden

Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2150100393-3706727894-453651403-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Patrick\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2150100393-3706727894-453651403-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Patrick\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2150100393-3706727894-453651403-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Patrick\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-2150100393-3706727894-453651403-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Patrick\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2150100393-3706727894-453651403-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Patrick\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-2150100393-3706727894-453651403-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Patrick\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

 

==================== Restore Points  =========================

 

20-12-2014 19:21:47 Windows Update

31-12-2014 15:31:43 Scheduled Checkpoint

03-01-2015 15:49:44 Installed Safari

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {01C83AFB-78CB-4B36-ADB3-EBAACF452FC2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {03F9A59D-6A20-4C01-94C0-A5CBCC34C944} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)

Task: {0DCB3CCC-26D8-4495-B236-BAA0CACD66E7} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {24A856D2-1719-4A81-8FC6-049005EDB858} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)

Task: {4C2E99B1-EC8D-4867-BE5D-21C8EEF92BD9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {4E81A555-6A38-41C1-B375-F5CB4A3F5C6B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)

Task: {62069156-28EE-4E97-AFC8-4E5E668BC550} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {62930EDA-7117-47A1-9B52-CE43FF8CEFF2} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation)

Task: {64DE9998-3A08-4C00-AAB5-4DA13B79E955} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()

Task: {790C96B1-9C75-4FA7-9129-923B794ADE17} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04] (Google Inc.)

Task: {95E21B79-44BC-47B0-B6AB-CB9482E851C0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {9F55E94B-AD9B-4C95-A7EE-F6B814D4193D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2150100393-3706727894-453651403-1001Core => C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-22] (Google Inc.)

Task: {A0396AA6-4DAC-4B45-8735-F29956729B33} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)

Task: {BED0BAD0-CC7A-49F1-AF19-05B19677838A} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-11-17] (Symantec Corporation)

Task: {DE5F825F-878A-4525-B57C-9E1E13A86A76} - System32\Tasks\{05DAC944-619E-4B2C-864F-F540C1CCF7FF} => pcalua.exe -a D:\Setup.exe -d D:\

Task: {F0472027-38FA-4B69-81DE-351584377A80} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)

Task: {F04D7012-49C8-49F1-BC82-D32B722D36D9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-04] (Google Inc.)

Task: {F3E406CC-01AA-414D-ADBD-C7A7427FA415} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)

Task: {F5559758-CDAA-4D66-BD60-39C7283C41AA} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {F7360F15-B858-4F61-A7D5-9CAE0DBA6E8D} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)

Task: {FE95E2EC-E6F9-44A7-BE53-2B30366CBFD0} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)

Task: {FF65FBE1-BD60-461A-920F-B98A2BE8266D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2150100393-3706727894-453651403-1001UA => C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-22] (Google Inc.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2150100393-3706727894-453651403-1001Core.job => C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2150100393-3706727894-453651403-1001UA.job => C:\Users\Patrick\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-03-27 17:53 - 2013-03-27 17:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe

2013-09-10 12:54 - 2013-09-10 12:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

2013-11-18 16:13 - 2014-04-11 13:55 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe

2013-10-21 11:22 - 2005-04-21 23:36 - 00143360 ____N () C:\WINDOWS\system32\BrSNMP64.dll

2014-10-14 23:27 - 2014-10-14 23:27 - 08897696 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-09-21 03:22 - 2013-09-21 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-08-04 17:01 - 2012-08-04 17:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe

2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2013-08-01 13:24 - 2013-08-01 13:24 - 00438112 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe

2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-03 12:19 - 2014-07-03 12:19 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-05-27 02:30 - 2013-03-27 16:32 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll

2013-05-27 02:30 - 2013-03-27 16:32 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll

2013-05-27 02:30 - 2013-03-27 16:32 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll

2013-05-27 02:30 - 2013-03-27 16:32 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll

2013-05-27 02:30 - 2013-03-27 16:32 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll

2013-05-27 02:30 - 2013-03-27 16:32 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll

2013-05-27 02:30 - 2013-03-27 16:31 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll

2014-10-14 23:28 - 2014-10-14 23:28 - 08897696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

2013-05-27 02:00 - 2012-07-18 08:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2015-01-04 10:14 - 2009-07-03 00:52 - 00151552 _____ () C:\Users\Patrick\AppData\Local\Temp\HouseCall32\libexpatw.dll

2015-01-04 10:19 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll

2015-01-04 10:19 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll

2015-01-04 10:19 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll

2015-01-04 10:19 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

2015-01-04 10:19 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

AlternateDataStreams: C:\Users\Patrick\SkyDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\Run32: => "APSDaemon"

HKLM\...\StartupApproved\Run32: => "ToshibaAppPlace"

HKLM\...\StartupApproved\Run32: => "ControlCenter4"

HKLM\...\StartupApproved\Run32: => "BrStsMon00"

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\StartupApproved\Run: => "ApplePhotoStreams"

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_133FC10A42EC311A0885C7B36F719938"

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\StartupApproved\Run: => "iCloudServices"

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2150100393-3706727894-453651403-500 - Administrator - Enabled) => C:\Users\Administrator

Guest (S-1-5-21-2150100393-3706727894-453651403-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2150100393-3706727894-453651403-1003 - Limited - Enabled)

Patrick (S-1-5-21-2150100393-3706727894-453651403-1001 - Administrator - Enabled) => C:\Users\Patrick

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/04/2015 11:57:27 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1358

 

Start Time: 01d0283ec9b90c67

 

Termination Time: 4294967295

 

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

 

Report Id: bde43fb2-9432-11e4-bec2-606c66a7ef85

 

Faulting package full name: 41914OrangeFloatStudio.MangaFlowFree_1.0.0.375_x64__c69rw3w0wadsy

 

Faulting package-relative application ID: App

 

Error: (01/04/2015 11:57:24 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1bd0

 

Start Time: 01d0283ec9b90c67

 

Termination Time: 4294967295

 

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

 

Report Id: bde418a2-9432-11e4-bec2-606c66a7ef85

 

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

 

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

 

Error: (01/04/2015 10:32:11 AM) (Source: Python Service) (EventID: 255) (User: )

Description: Exception : (1053, 'QueryServiceStatus', 'The service did not respond to the start or control request in a timely fashion.')

 

Error: (01/04/2015 10:27:33 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1c44

 

Start Time: 01d02832379b9e58

 

Termination Time: 4294967295

 

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

 

Report Id: 2b41dcd8-9426-11e4-bec2-606c66a7ef85

 

Faulting package full name: 41914OrangeFloatStudio.MangaFlowFree_1.0.0.375_x64__c69rw3w0wadsy

 

Faulting package-relative application ID: App

 

Error: (01/04/2015 02:56:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12641

 

Error: (01/04/2015 02:56:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12641

 

Error: (01/04/2015 02:56:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/03/2015 07:50:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: MsiExec.exe, version: 5.0.9600.16384, time stamp: 0x52158c02

Faulting module name: MSI84FD.tmp, version: 7.3.16540.9015, time stamp: 0x53c40dd6

Exception code: 0xc0000409

Fault offset: 0x0004df73

Faulting process id: 0x1350

Faulting application start time: 0xMsiExec.exe0

Faulting application path: MsiExec.exe1

Faulting module path: MsiExec.exe2

Report Id: MsiExec.exe3

Faulting package full name: MsiExec.exe4

Faulting package-relative application ID: MsiExec.exe5

 

Error: (01/03/2015 06:53:19 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1a14

 

Start Time: 01d027afbaf114ff

 

Termination Time: 4294967295

 

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

 

Report Id: ae860e77-93a3-11e4-bec0-606c66a7ef85

 

Faulting package full name: 41914OrangeFloatStudio.MangaFlowFree_1.0.0.375_x64__c69rw3w0wadsy

 

Faulting package-relative application ID: App

 

Error: (01/03/2015 05:07:28 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1b08

 

Start Time: 01d027a0f128506f

 

Termination Time: 4294967295

 

Application Path: C:\WINDOWS\system32\backgroundTaskHost.exe

 

Report Id: e4ab349f-9394-11e4-bebe-606c66a7ef85

 

Faulting package full name: 41914OrangeFloatStudio.MangaFlowFree_1.0.0.375_x64__c69rw3w0wadsy

 

Faulting package-relative application ID: App

 

 

System errors:

=============

Error: (01/04/2015 05:16:58 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (01/04/2015 05:16:54 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (01/04/2015 05:16:50 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (01/04/2015 05:16:46 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (01/04/2015 05:16:43 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (01/04/2015 05:16:35 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (01/04/2015 05:16:30 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (01/04/2015 05:16:26 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (01/04/2015 05:16:21 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

Error: (01/04/2015 05:16:16 PM) (Source: disk) (EventID: 7) (User: )

Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

 

Microsoft Office Sessions:

=========================

Error: (01/04/2015 11:57:27 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: backgroundTaskHost.exe6.3.9600.16384135801d0283ec9b90c674294967295C:\WINDOWS\system32\backgroundTaskHost.exebde43fb2-9432-11e4-bec2-606c66a7ef8541914OrangeFloatStudio.MangaFlowFree_1.0.0.375_x64__c69rw3w0wadsyApp

 

Error: (01/04/2015 11:57:24 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: LiveComm.exe17.5.9600.206891bd001d0283ec9b90c674294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exebde418a2-9432-11e4-bec2-606c66a7ef85microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

 

Error: (01/04/2015 10:32:11 AM) (Source: Python Service) (EventID: 255) (User: )

Description: Exception : (1053, 'QueryServiceStatus', 'The service did not respond to the start or control request in a timely fashion.')

 

Error: (01/04/2015 10:27:33 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: backgroundTaskHost.exe6.3.9600.163841c4401d02832379b9e584294967295C:\WINDOWS\system32\backgroundTaskHost.exe2b41dcd8-9426-11e4-bec2-606c66a7ef8541914OrangeFloatStudio.MangaFlowFree_1.0.0.375_x64__c69rw3w0wadsyApp

 

Error: (01/04/2015 02:56:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 12641

 

Error: (01/04/2015 02:56:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 12641

 

Error: (01/04/2015 02:56:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (01/03/2015 07:50:20 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: MsiExec.exe5.0.9600.1638452158c02MSI84FD.tmp7.3.16540.901553c40dd6c00004090004df73135001d027b86584e95bC:\Windows\syswow64\MsiExec.exeC:\WINDOWS\Installer\MSI84FD.tmpa7f0daf6-93ab-11e4-bec1-606c66a7ef85

 

Error: (01/03/2015 06:53:19 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: backgroundTaskHost.exe6.3.9600.163841a1401d027afbaf114ff4294967295C:\WINDOWS\system32\backgroundTaskHost.exeae860e77-93a3-11e4-bec0-606c66a7ef8541914OrangeFloatStudio.MangaFlowFree_1.0.0.375_x64__c69rw3w0wadsyApp

 

Error: (01/03/2015 05:07:28 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: backgroundTaskHost.exe6.3.9600.163841b0801d027a0f128506f4294967295C:\WINDOWS\system32\backgroundTaskHost.exee4ab349f-9394-11e4-bebe-606c66a7ef8541914OrangeFloatStudio.MangaFlowFree_1.0.0.375_x64__c69rw3w0wadsyApp

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-3337U CPU @ 1.80GHz

Percentage of memory in use: 58%

Total physical RAM: 6019.27 MB

Available physical RAM: 2503.89 MB

Total Pagefile: 9347.27 MB

Available Pagefile: 5421.55 MB

Total Virtual: 131072 MB

Available Virtual: 131071.8 MB

 

==================== Drives ================================

 

Drive c: (TI10667700C) (Fixed) (Total:685.05 GB) (Free:587.6 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

 

 

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  •  

     

  • Double-click to run it. When the tool opens click Yes to disclaimer.

     

     

  • Press Scan button.

     

     

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

     

     

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

     

     

 

 

Thanks,

 

Kevin...

are you there

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns....

 

Thanks,

 

Kevin...

 

 

 

 

 

 

Fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-01-2015

Ran by Patrick at 2015-01-04 20:36:13 Run:1

Running from C:\Users\Patrick\Downloads

Loaded Profile: Patrick (Available profiles: Patrick & Administrator)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

start

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\MountPoints2: {15b0515f-3c9e-11e3-be86-606c66a7ef85} - "D:\LG_PC_Programs.exe" 

HKU\S-1-5-21-2150100393-3706727894-453651403-1001\...\MountPoints2: {37c0fa81-cda8-11e3-be9d-606c66a7ef85} - "D:\LGAutoRun.exe" 

S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

C:\Users\Patrick\fastboot.exe

C:\Users\Patrick\jagex_cl_runescape_LIVE.dat

C:\Users\Patrick\random.dat

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

AlternateDataStreams: C:\Users\Patrick\SkyDrive:ms-properties

EmptyTemp:

end

 

 

 

*****************

 

"HKU\S-1-5-21-2150100393-3706727894-453651403-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b0515f-3c9e-11e3-be86-606c66a7ef85}" => Key deleted successfully.

HKCR\CLSID\{15b0515f-3c9e-11e3-be86-606c66a7ef85} => Key not found. 

"HKU\S-1-5-21-2150100393-3706727894-453651403-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{37c0fa81-cda8-11e3-be9d-606c66a7ef85}" => Key deleted successfully.

HKCR\CLSID\{37c0fa81-cda8-11e3-be9d-606c66a7ef85} => Key not found. 

EagleX64 => Service deleted successfully.

C:\Users\Patrick\fastboot.exe => Moved successfully.

C:\Users\Patrick\jagex_cl_runescape_LIVE.dat => Moved successfully.

C:\Users\Patrick\random.dat => Moved successfully.

C:\ProgramData\TEMP => ":373E1720" ADS removed successfully.

C:\Users\Patrick\SkyDrive => ":ms-properties" ADS removed successfully.

EmptyTemp: => Removed 735.5 MB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 20:37:20 ====

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 1/4/2015

Scan Time: 8:47:44 PM

Logfile: 

Administrator: Yes

 

Version: 2.00.4.1028

Malware Database: v2015.01.05.01

Rootkit Database: v2014.12.30.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Patrick

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 396956

Time Elapsed: 41 min, 18 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 4

Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, 168.28.176.11 168.28.176.253 198.72.72.10, Good: (), Bad: (168.28.176.11),Replaced,[e61b85e4e9930c2af1aee8a256af31cf]

Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, 168.28.176.11 168.28.176.253 198.72.72.10, Good: (), Bad: (168.28.176.253),Replaced,[c9386801ceae9b9b5e411f6bb84df20e]

Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0FCC9FF9-FBA9-4F58-BA21-0341370EF0DD}|DhcpNameServer, 168.28.176.11 168.28.176.253 198.72.72.10, Good: (), Bad: (168.28.176.11),Replaced,[10f15613691374c2b0ef67238a7ba65a]

Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{0FCC9FF9-FBA9-4F58-BA21-0341370EF0DD}|DhcpNameServer, 168.28.176.11 168.28.176.253 198.72.72.10, Good: (), Bad: (168.28.176.253),Replaced,[27dae386cbb1f2447c23f8924abb50b0]

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

# AdwCleaner v4.106 - Report created 04/01/2015 at 21:43:15

# Updated 21/12/2014 by Xplode

# Database : 2015-01-03.1 [Live]

# Operating System : Windows 8.1  (64 bits)

# Username : Patrick - PATRICK-PC

# Running from : C:\Users\Patrick\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

Folder Deleted : C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v0.0.0.0

 

 

-\\ Mozilla Firefox v

 

 

-\\ Google Chrome v39.0.2171.95

 

 

-\\ Chromium v

 

 

*************************

 

AdwCleaner[R0].txt - [1275 octets] - [04/01/2015 21:39:52]

AdwCleaner[s0].txt - [1202 octets] - [04/01/2015 21:43:15]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1262 octets] ##########
Link to post
Share on other sites

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Thu Nov 14 23:03:54 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

 

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 14 23:05:26 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Fri Nov 15 00:36:42 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Fri Nov 15 12:43:00 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 15 13:03:06 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Fri Nov 15 15:25:17 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 15 15:25:30 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Fri Nov 15 17:10:38 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 15 17:10:47 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Sat Nov 16 12:00:46 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 16 12:05:08 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Sat Nov 16 12:37:58 2013

 

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Sat Nov 16 14:12:35 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 16 14:17:04 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Sat Nov 16 18:00:28 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 16 18:01:04 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Sat Nov 16 20:01:05 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 16 20:04:25 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Sat Nov 16 20:11:26 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 16 20:11:47 2013

 

 

Return code: 0 (0x0)

 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)

Started On Sat Nov 16 23:22:47 2013

 

Engine: 1.1.10003.0

Signatures: 1.161.1618.0

Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 16 23:22:56 2013
Link to post
Share on other sites

Let me know if there are any remaining issues or concerns please, also continue as follows:

 

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/

 


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes select "Report", log will open. Close the program > Don't Fix anything!
Post back the report which should also be located here:

 

C:\Programdata\RogueKiller\Logs <-------- Vista/W7/8

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

 

Next,

 

Download Security Check by screen317 from either of the following:

 

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

 

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

 

Thank you,

 

Kevin.....

Link to post
Share on other sites

RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software





 

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version

Started in : Normal mode

User : Patrick [Administrator]

Mode : Scan -- Date : 01/05/2015  08:13:01

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 14 ¤¤¤

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | WSE_Vosteran : wscript /E:vbscript /B "C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"  -> Found

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | WSE_Vosteran : wscript /E:vbscript /B "C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"  -> Found

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce | WSE_Vosteran : wscript /E:vbscript /B "C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"  -> Found

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce | WSE_Vosteran : wscript /E:vbscript /B "C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"  -> Found

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com -> Found

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Start Page : http://toshiba13.msn.com -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 168.28.176.11 168.28.176.253 198.72.72.10 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 168.28.176.11 168.28.176.253 198.72.72.10 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0FCC9FF9-FBA9-4F58-BA21-0341370EF0DD} | DhcpNameServer : 168.28.176.11 168.28.176.253 198.72.72.10 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)]  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0FCC9FF9-FBA9-4F58-BA21-0341370EF0DD} | DhcpNameServer : 168.28.176.11 168.28.176.253 198.72.72.10 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)]  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

 

¤¤¤ Tasks : 2 ¤¤¤

[suspicious.Path] WSE_Vosteran.job -- C:\Users\Patrick\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found

[suspicious.Path] \\WSE_Vosteran -- C:\Users\Patrick\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++

--- User ---

[MBR] a84dd93b5b19931ceaddbccc47850486

[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB

User = LL1 ... OK

User = LL2 ... OK

 

 

============================================

RKreport_DEL_01032015_191747.log - RKreport_SCN_01032015_175659.log - RKreport_SCN_01032015_190556.log - RKreport_SCN_01032015_192105.log

Link to post
Share on other sites

Double-click RogueKiller.exe to run again. (Vista/7/8 right-click and select Run as Administrator)

When "initializing/pre-scan" completes  press the Scan button, this may take a few minutes to complete.

When the scan completes open the Registry tab and locate the following detections:

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | WSE_Vosteran : wscript /E:vbscript /B "C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"  -> Found

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | WSE_Vosteran : wscript /E:vbscript /B "C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"  -> Found

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce | WSE_Vosteran : wscript /E:vbscript /B "C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"  -> Found

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce | WSE_Vosteran : wscript /E:vbscript /B "C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"  -> Found


Make sure any other entries are unchecked

Then open the Tasks tab and locate the following detections:

[suspicious.Path] WSE_Vosteran.job -- C:\Users\Patrick\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found

[suspicious.Path] \\WSE_Vosteran -- C:\Users\Patrick\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found

Make sure any other entries are unchecked


Hit the Delete button, when complete select "Report" post that log...

 

Next,

 

Can you accept the security check d/l or turn your security off to allow the d/l, really need to seee that log, the link is not malicious....

 

Thanks,

 

Kevin....

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.93  

   x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Windows Defender        

Norton Security Suite   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 71  

 Java SE Development Kit 7 Update 51 

  Adobe Flash Player 15.0.0.246 Flash Player out of Date!  

 Adobe Reader XI  

 Google Chrome (39.0.2171.95) 

````````Process Check: objlist.exe by Laurent````````  

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbam.exe  

 Malwarebytes Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

The school internet prevented me from downloading the link. I used my internet hotspot and it downloaded.

 

also, in the Registry tab of RogueKiller I only found these two in the suspicious path thing

 

Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | WSE_Vosteran : wscript /E:vbscript /B "C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"  -> Found

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | WSE_Vosteran : wscript /E:vbscript /B "C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"  -> Found

Link to post
Share on other sites

It will say ERROR because I pressed delete twice. 

 

RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Patrick [Administrator]
Mode : Delete -- Date : 01/05/2015  10:14:16
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 8 ¤¤¤
[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | WSE_Vosteran : wscript /E:vbscript /B "C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat" [x][x][x][-] -> ERROR [0]
[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2150100393-3706727894-453651403-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce | WSE_Vosteran : wscript /E:vbscript /B "C:\Users\Patrick\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat"  -> ERROR [2]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0FCC9FF9-FBA9-4F58-BA21-0341370EF0DD} | DhcpNameServer : 168.28.176.11 168.28.176.253 198.72.72.10 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)]  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0FCC9FF9-FBA9-4F58-BA21-0341370EF0DD} | DhcpNameServer : 168.28.176.11 168.28.176.253 198.72.72.10 [uNITED STATES (US)][uNITED STATES (US)][uNITED STATES (US)]  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
 
¤¤¤ Tasks : 2 ¤¤¤
[suspicious.Path] WSE_Vosteran.job -- C:\Users\Patrick\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE (/Check) -> ERROR [0]
[suspicious.Path] \\WSE_Vosteran -- C:\Users\Patrick\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE (/Check) -> ERROR [0]
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_DEL_01032015_191747.log - RKreport_SCN_01032015_175659.log - RKreport_SCN_01032015_190556.log - RKreport_SCN_01032015_192105.log
RKreport_SCN_01052015_081301.log - RKreport_SCN_01052015_100914.log - RKreport_DEL_01052015_101403.log
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.